Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/rubygem-rubyipmi@0.13.0-1?arch=el9sat
Typerpm
Namespaceredhat
Namerubygem-rubyipmi
Version0.13.0-1
Qualifiers
arch el9sat
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-28g3-ubx6-ebff
vulnerability_id VCID-28g3-ubx6-ebff
summary 
Django has Inefficient Algorithmic Complexity
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.

`django.utils.text.Truncator.chars()` and `Truncator.words()` methods (with `html=True`) and the `truncatechars_html` and `truncatewords_html` template filters allow a remote attacker to cause a potential denial-of-service via crafted inputs containing a large number of unmatched HTML end tags. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.

Django would like to thank Seokchan Yoon for reporting this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1285.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1285.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-1285
reference_id
reference_type
scores
0
value 0.00064
scoring_system epss
scoring_elements 0.20187
published_at 2026-04-02T12:55:00Z
1
value 0.00064
scoring_system epss
scoring_elements 0.20125
published_at 2026-04-11T12:55:00Z
2
value 0.00064
scoring_system epss
scoring_elements 0.20106
published_at 2026-04-09T12:55:00Z
3
value 0.00064
scoring_system epss
scoring_elements 0.20047
published_at 2026-04-08T12:55:00Z
4
value 0.00064
scoring_system epss
scoring_elements 0.19968
published_at 2026-04-07T12:55:00Z
5
value 0.00064
scoring_system epss
scoring_elements 0.20242
published_at 2026-04-04T12:55:00Z
6
value 0.00067
scoring_system epss
scoring_elements 0.20761
published_at 2026-04-16T12:55:00Z
7
value 0.00067
scoring_system epss
scoring_elements 0.20771
published_at 2026-04-13T12:55:00Z
8
value 0.00067
scoring_system epss
scoring_elements 0.20824
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-1285
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1285
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1285
3
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
6
reference_url https://github.com/django/django/commit/a33540b3e20b5d759aa8b2e4b9ca0e8edd285344
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/a33540b3e20b5d759aa8b2e4b9ca0e8edd285344
7
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:22:30Z/
url https://groups.google.com/g/django-announce
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1285
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-1285
9
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914
reference_id 1126914
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2436340
reference_id 2436340
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2436340
12
reference_url https://github.com/advisories/GHSA-4rrr-2h4v-f3j9
reference_id GHSA-4rrr-2h4v-f3j9
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4rrr-2h4v-f3j9
13
reference_url https://access.redhat.com/errata/RHSA-2026:2694
reference_id RHSA-2026:2694
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2694
14
reference_url https://access.redhat.com/errata/RHSA-2026:3958
reference_id RHSA-2026:3958
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3958
15
reference_url https://access.redhat.com/errata/RHSA-2026:3959
reference_id RHSA-2026:3959
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3959
16
reference_url https://access.redhat.com/errata/RHSA-2026:6291
reference_id RHSA-2026:6291
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6291
17
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
reference_id security-releases
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:22:30Z/
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
18
reference_url https://usn.ubuntu.com/8009-1/
reference_id USN-8009-1
reference_type
scores
url https://usn.ubuntu.com/8009-1/
fixed_packages
aliases CVE-2026-1285, GHSA-4rrr-2h4v-f3j9
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-28g3-ubx6-ebff
1
url VCID-4dyt-4yhc-p7cd
vulnerability_id VCID-4dyt-4yhc-p7cd
summary 
rubyipmi is vulnerable to OS Command Injection through malicious usernames
A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller (BMC) component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit this vulnerability by crafting a malicious username for the BMC interface. This could lead to remote code execution (RCE) on the system.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:5968
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-27T16:50:09Z/
url https://access.redhat.com/errata/RHSA-2026:5968
1
reference_url https://access.redhat.com/errata/RHSA-2026:5970
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-27T16:50:09Z/
url https://access.redhat.com/errata/RHSA-2026:5970
2
reference_url https://access.redhat.com/errata/RHSA-2026:5971
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-27T16:50:09Z/
url https://access.redhat.com/errata/RHSA-2026:5971
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0980.json
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0980.json
4
reference_url https://access.redhat.com/security/cve/CVE-2026-0980
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3
scoring_elements
1
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-27T16:50:09Z/
url https://access.redhat.com/security/cve/CVE-2026-0980
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-0980
reference_id
reference_type
scores
0
value 0.00088
scoring_system epss
scoring_elements 0.25099
published_at 2026-04-12T12:55:00Z
1
value 0.00088
scoring_system epss
scoring_elements 0.25056
published_at 2026-04-16T12:55:00Z
2
value 0.00088
scoring_system epss
scoring_elements 0.25046
published_at 2026-04-13T12:55:00Z
3
value 0.00088
scoring_system epss
scoring_elements 0.25201
published_at 2026-04-02T12:55:00Z
4
value 0.00088
scoring_system epss
scoring_elements 0.25241
published_at 2026-04-04T12:55:00Z
5
value 0.00088
scoring_system epss
scoring_elements 0.25012
published_at 2026-04-07T12:55:00Z
6
value 0.00088
scoring_system epss
scoring_elements 0.2508
published_at 2026-04-08T12:55:00Z
7
value 0.00088
scoring_system epss
scoring_elements 0.25125
published_at 2026-04-09T12:55:00Z
8
value 0.00088
scoring_system epss
scoring_elements 0.2514
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-0980
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2429874
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-27T16:50:09Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2429874
7
reference_url https://github.com/logicminds/rubyipmi
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/logicminds/rubyipmi
8
reference_url https://github.com/logicminds/rubyipmi/commit/252503a7b4dca68388165883b0322024e344a215
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/logicminds/rubyipmi/commit/252503a7b4dca68388165883b0322024e344a215
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubyipmi/CVE-2026-0980.yml
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubyipmi/CVE-2026-0980.yml
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-0980
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-0980
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6
reference_id cpe:/a:redhat:satellite:6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.16::el8
reference_id cpe:/a:redhat:satellite:6.16::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.16::el8
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.16::el9
reference_id cpe:/a:redhat:satellite:6.16::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.16::el9
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.17::el9
reference_id cpe:/a:redhat:satellite:6.17::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.17::el9
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.18::el9
reference_id cpe:/a:redhat:satellite:6.18::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.18::el9
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.16::el8
reference_id cpe:/a:redhat:satellite_capsule:6.16::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.16::el8
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.16::el9
reference_id cpe:/a:redhat:satellite_capsule:6.16::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.16::el9
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.17::el9
reference_id cpe:/a:redhat:satellite_capsule:6.17::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.17::el9
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.18::el9
reference_id cpe:/a:redhat:satellite_capsule:6.18::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.18::el9
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_maintenance:6.16::el9
reference_id cpe:/a:redhat:satellite_maintenance:6.16::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_maintenance:6.16::el9
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_maintenance:6.17::el9
reference_id cpe:/a:redhat:satellite_maintenance:6.17::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_maintenance:6.17::el9
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.16::el8
reference_id cpe:/a:redhat:satellite_utils:6.16::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.16::el8
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.16::el9
reference_id cpe:/a:redhat:satellite_utils:6.16::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.16::el9
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.17::el9
reference_id cpe:/a:redhat:satellite_utils:6.17::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.17::el9
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.18::el9
reference_id cpe:/a:redhat:satellite_utils:6.18::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.18::el9
26
reference_url https://github.com/advisories/GHSA-hfcp-477w-3wjw
reference_id GHSA-hfcp-477w-3wjw
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hfcp-477w-3wjw
fixed_packages
aliases CVE-2026-0980, GHSA-hfcp-477w-3wjw
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4dyt-4yhc-p7cd
2
url VCID-8qu1-45n9-gyb1
vulnerability_id VCID-8qu1-45n9-gyb1
summary 
Django has an SQL Injection issue
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.

`FilteredRelation` is subject to SQL injection in column aliases via control characters, using a suitably crafted dictionary, with dictionary expansion, as the `**kwargs` passed to `QuerySet` methods `annotate()`, `aggregate()`, `extra()`, `values()`, `values_list()`, and `alias()`. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.

Django would like to thank Solomon Kebede for reporting this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1287.json
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1287.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-1287
reference_id
reference_type
scores
0
value 0.0001
scoring_system epss
scoring_elements 0.01069
published_at 2026-04-02T12:55:00Z
1
value 0.0001
scoring_system epss
scoring_elements 0.01083
published_at 2026-04-09T12:55:00Z
2
value 0.0001
scoring_system epss
scoring_elements 0.01084
published_at 2026-04-08T12:55:00Z
3
value 0.0001
scoring_system epss
scoring_elements 0.01079
published_at 2026-04-07T12:55:00Z
4
value 0.0001
scoring_system epss
scoring_elements 0.01072
published_at 2026-04-04T12:55:00Z
5
value 0.0001
scoring_system epss
scoring_elements 0.01067
published_at 2026-04-11T12:55:00Z
6
value 0.00011
scoring_system epss
scoring_elements 0.01444
published_at 2026-04-13T12:55:00Z
7
value 0.00011
scoring_system epss
scoring_elements 0.01443
published_at 2026-04-12T12:55:00Z
8
value 0.00011
scoring_system epss
scoring_elements 0.01433
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-1287
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1287
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1287
3
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
6
reference_url https://github.com/django/django/commit/e891a84c7ef9962bfcc3b4685690219542f86a22
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/e891a84c7ef9962bfcc3b4685690219542f86a22
7
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:26:40Z/
url https://groups.google.com/g/django-announce
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1287
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-1287
9
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914
reference_id 1126914
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2436339
reference_id 2436339
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2436339
12
reference_url https://github.com/advisories/GHSA-gvg8-93h5-g6qq
reference_id GHSA-gvg8-93h5-g6qq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gvg8-93h5-g6qq
13
reference_url https://access.redhat.com/errata/RHSA-2026:2694
reference_id RHSA-2026:2694
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2694
14
reference_url https://access.redhat.com/errata/RHSA-2026:3958
reference_id RHSA-2026:3958
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3958
15
reference_url https://access.redhat.com/errata/RHSA-2026:3959
reference_id RHSA-2026:3959
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3959
16
reference_url https://access.redhat.com/errata/RHSA-2026:3960
reference_id RHSA-2026:3960
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3960
17
reference_url https://access.redhat.com/errata/RHSA-2026:3962
reference_id RHSA-2026:3962
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3962
18
reference_url https://access.redhat.com/errata/RHSA-2026:6291
reference_id RHSA-2026:6291
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6291
19
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
reference_id security-releases
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:26:40Z/
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
20
reference_url https://usn.ubuntu.com/8009-1/
reference_id USN-8009-1
reference_type
scores
url https://usn.ubuntu.com/8009-1/
fixed_packages
aliases CVE-2026-1287, GHSA-gvg8-93h5-g6qq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8qu1-45n9-gyb1
3
url VCID-98pd-qdf5-17b1
vulnerability_id VCID-98pd-qdf5-17b1
summary 
foreman_kubevirt disables SSL verification if a Certificate Authority (CA) certificate is not explicitly set
A flaw was found in foreman_kubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority (CA) certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and OpenShift, to perform a Man-in-the-Middle (MITM) attack. Such an attack could lead to the disclosure or alteration of sensitive information.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:5968
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-02T16:26:15Z/
url https://access.redhat.com/errata/RHSA-2026:5968
1
reference_url https://access.redhat.com/errata/RHSA-2026:5970
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-02T16:26:15Z/
url https://access.redhat.com/errata/RHSA-2026:5970
2
reference_url https://access.redhat.com/errata/RHSA-2026:5971
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-02T16:26:15Z/
url https://access.redhat.com/errata/RHSA-2026:5971
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1531.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1531.json
4
reference_url https://access.redhat.com/security/cve/CVE-2026-1531
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-02T16:26:15Z/
url https://access.redhat.com/security/cve/CVE-2026-1531
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-1531
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01198
published_at 2026-04-04T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.01217
published_at 2026-04-09T12:55:00Z
2
value 0.00011
scoring_system epss
scoring_elements 0.01191
published_at 2026-04-02T12:55:00Z
3
value 0.00011
scoring_system epss
scoring_elements 0.01213
published_at 2026-04-08T12:55:00Z
4
value 0.00011
scoring_system epss
scoring_elements 0.01207
published_at 2026-04-07T12:55:00Z
5
value 0.00012
scoring_system epss
scoring_elements 0.01704
published_at 2026-04-16T12:55:00Z
6
value 0.00012
scoring_system epss
scoring_elements 0.01726
published_at 2026-04-11T12:55:00Z
7
value 0.00012
scoring_system epss
scoring_elements 0.01716
published_at 2026-04-12T12:55:00Z
8
value 0.00012
scoring_system epss
scoring_elements 0.01715
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-1531
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2433786
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-02T16:26:15Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2433786
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/foreman_kubevirt/CVE-2026-1531.yml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/foreman_kubevirt/CVE-2026-1531.yml
8
reference_url https://github.com/theforeman/foreman_kubevirt
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/theforeman/foreman_kubevirt
9
reference_url https://github.com/theforeman/foreman_kubevirt/commit/6c9973ee59c6fbec65f165eb9ea9dd4ebb6eeef1
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/theforeman/foreman_kubevirt/commit/6c9973ee59c6fbec65f165eb9ea9dd4ebb6eeef1
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1531
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-1531
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6
reference_id cpe:/a:redhat:satellite:6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.16::el8
reference_id cpe:/a:redhat:satellite:6.16::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.16::el8
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.16::el9
reference_id cpe:/a:redhat:satellite:6.16::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.16::el9
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.17::el9
reference_id cpe:/a:redhat:satellite:6.17::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.17::el9
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.18::el9
reference_id cpe:/a:redhat:satellite:6.18::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.18::el9
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.16::el8
reference_id cpe:/a:redhat:satellite_capsule:6.16::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.16::el8
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.16::el9
reference_id cpe:/a:redhat:satellite_capsule:6.16::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.16::el9
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.17::el9
reference_id cpe:/a:redhat:satellite_capsule:6.17::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.17::el9
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.18::el9
reference_id cpe:/a:redhat:satellite_capsule:6.18::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.18::el9
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_maintenance:6.16::el9
reference_id cpe:/a:redhat:satellite_maintenance:6.16::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_maintenance:6.16::el9
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_maintenance:6.17::el9
reference_id cpe:/a:redhat:satellite_maintenance:6.17::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_maintenance:6.17::el9
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.16::el8
reference_id cpe:/a:redhat:satellite_utils:6.16::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.16::el8
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.16::el9
reference_id cpe:/a:redhat:satellite_utils:6.16::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.16::el9
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.17::el9
reference_id cpe:/a:redhat:satellite_utils:6.17::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.17::el9
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.18::el9
reference_id cpe:/a:redhat:satellite_utils:6.18::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.18::el9
26
reference_url https://github.com/advisories/GHSA-2qxw-7fmx-gqfm
reference_id GHSA-2qxw-7fmx-gqfm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2qxw-7fmx-gqfm
fixed_packages
aliases CVE-2026-1531, GHSA-2qxw-7fmx-gqfm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-98pd-qdf5-17b1
4
url VCID-dc1m-rt7j-w3af
vulnerability_id VCID-dc1m-rt7j-w3af
summary 
Scrapy is vulnerable to a denial of service (DoS) attack due to flaws in brotli decompression implementation
Scrapy versions up to 2.13.3 are vulnerable to a denial of service (DoS) attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occurs because brotli can achieve extremely high compression ratios for zero-filled data, leading to excessive memory consumption during decompression. Mitigation for this vulnerability needs security enhancement added in brotli v1.2.0.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6176.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6176.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-6176
reference_id
reference_type
scores
0
value 0.00028
scoring_system epss
scoring_elements 0.08068
published_at 2026-04-08T12:55:00Z
1
value 0.00028
scoring_system epss
scoring_elements 0.08092
published_at 2026-04-09T12:55:00Z
2
value 0.00028
scoring_system epss
scoring_elements 0.08
published_at 2026-04-02T12:55:00Z
3
value 0.00028
scoring_system epss
scoring_elements 0.08047
published_at 2026-04-04T12:55:00Z
4
value 0.00028
scoring_system epss
scoring_elements 0.08008
published_at 2026-04-07T12:55:00Z
5
value 0.00033
scoring_system epss
scoring_elements 0.09763
published_at 2026-04-12T12:55:00Z
6
value 0.00033
scoring_system epss
scoring_elements 0.09633
published_at 2026-04-16T12:55:00Z
7
value 0.00033
scoring_system epss
scoring_elements 0.09747
published_at 2026-04-13T12:55:00Z
8
value 0.00033
scoring_system epss
scoring_elements 0.09795
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-6176
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6176
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6176
3
reference_url https://github.com/google/brotli
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/google/brotli
4
reference_url https://github.com/google/brotli/commit/67d78bc41db1a0d03f2e763497748f2f69946627
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/google/brotli/commit/67d78bc41db1a0d03f2e763497748f2f69946627
5
reference_url https://github.com/google/brotli/issues/1327
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/google/brotli/issues/1327
6
reference_url https://github.com/google/brotli/issues/1375
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/google/brotli/issues/1375
7
reference_url https://github.com/google/brotli/pull/1234
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/google/brotli/pull/1234
8
reference_url https://github.com/google/brotli/releases/tag/v1.2.0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/google/brotli/releases/tag/v1.2.0
9
reference_url https://github.com/scrapy/scrapy/commit/14737e91edc513967f516fc839cc9c8a4f8d91da
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/scrapy/scrapy/commit/14737e91edc513967f516fc839cc9c8a4f8d91da
10
reference_url https://github.com/scrapy/scrapy/pull/7134
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/scrapy/scrapy/pull/7134
11
reference_url https://huntr.com/bounties/2c26a886-5984-47ee-a421-0d5fe1344eb0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-31T16:15:58Z/
url https://huntr.com/bounties/2c26a886-5984-47ee-a421-0d5fe1344eb0
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2408762
reference_id 2408762
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2408762
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-6176
reference_id CVE-2025-6176
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-6176
14
reference_url https://github.com/advisories/GHSA-2qfp-q593-8484
reference_id GHSA-2qfp-q593-8484
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2qfp-q593-8484
15
reference_url https://access.redhat.com/errata/RHSA-2026:0008
reference_id RHSA-2026:0008
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0008
16
reference_url https://access.redhat.com/errata/RHSA-2026:0845
reference_id RHSA-2026:0845
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0845
17
reference_url https://access.redhat.com/errata/RHSA-2026:2042
reference_id RHSA-2026:2042
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2042
18
reference_url https://access.redhat.com/errata/RHSA-2026:2226
reference_id RHSA-2026:2226
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2226
19
reference_url https://access.redhat.com/errata/RHSA-2026:2227
reference_id RHSA-2026:2227
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2227
20
reference_url https://access.redhat.com/errata/RHSA-2026:2228
reference_id RHSA-2026:2228
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2228
21
reference_url https://access.redhat.com/errata/RHSA-2026:2229
reference_id RHSA-2026:2229
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2229
22
reference_url https://access.redhat.com/errata/RHSA-2026:2389
reference_id RHSA-2026:2389
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2389
23
reference_url https://access.redhat.com/errata/RHSA-2026:2399
reference_id RHSA-2026:2399
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2399
24
reference_url https://access.redhat.com/errata/RHSA-2026:2400
reference_id RHSA-2026:2400
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2400
25
reference_url https://access.redhat.com/errata/RHSA-2026:2401
reference_id RHSA-2026:2401
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2401
26
reference_url https://access.redhat.com/errata/RHSA-2026:2455
reference_id RHSA-2026:2455
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2455
27
reference_url https://access.redhat.com/errata/RHSA-2026:2737
reference_id RHSA-2026:2737
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2737
28
reference_url https://access.redhat.com/errata/RHSA-2026:2800
reference_id RHSA-2026:2800
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2800
29
reference_url https://access.redhat.com/errata/RHSA-2026:2844
reference_id RHSA-2026:2844
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2844
30
reference_url https://access.redhat.com/errata/RHSA-2026:2974
reference_id RHSA-2026:2974
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2974
31
reference_url https://access.redhat.com/errata/RHSA-2026:2976
reference_id RHSA-2026:2976
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2976
32
reference_url https://access.redhat.com/errata/RHSA-2026:3392
reference_id RHSA-2026:3392
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3392
33
reference_url https://access.redhat.com/errata/RHSA-2026:3406
reference_id RHSA-2026:3406
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3406
34
reference_url https://access.redhat.com/errata/RHSA-2026:3415
reference_id RHSA-2026:3415
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3415
35
reference_url https://access.redhat.com/errata/RHSA-2026:3417
reference_id RHSA-2026:3417
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3417
36
reference_url https://access.redhat.com/errata/RHSA-2026:3861
reference_id RHSA-2026:3861
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3861
37
reference_url https://access.redhat.com/errata/RHSA-2026:4419
reference_id RHSA-2026:4419
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4419
38
reference_url https://access.redhat.com/errata/RHSA-2026:4465
reference_id RHSA-2026:4465
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4465
fixed_packages
aliases CVE-2025-6176, GHSA-2qfp-q593-8484
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dc1m-rt7j-w3af
5
url VCID-dhq1-5etu-kqb5
vulnerability_id VCID-dhq1-5etu-kqb5
summary forman: Foreman: Remote Code Execution via command injection in WebSocket proxy
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1961.json
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1961.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-1961
reference_id
reference_type
scores
0
value 0.00111
scoring_system epss
scoring_elements 0.29456
published_at 2026-04-16T12:55:00Z
1
value 0.00111
scoring_system epss
scoring_elements 0.29489
published_at 2026-04-08T12:55:00Z
2
value 0.00111
scoring_system epss
scoring_elements 0.29529
published_at 2026-04-09T12:55:00Z
3
value 0.00111
scoring_system epss
scoring_elements 0.29532
published_at 2026-04-11T12:55:00Z
4
value 0.00111
scoring_system epss
scoring_elements 0.29488
published_at 2026-04-12T12:55:00Z
5
value 0.00111
scoring_system epss
scoring_elements 0.29436
published_at 2026-04-13T12:55:00Z
6
value 0.00142
scoring_system epss
scoring_elements 0.34494
published_at 2026-04-04T12:55:00Z
7
value 0.00142
scoring_system epss
scoring_elements 0.34362
published_at 2026-04-07T12:55:00Z
8
value 0.00142
scoring_system epss
scoring_elements 0.34466
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-1961
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2437036
reference_id 2437036
reference_type
scores
0
value 8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-26T13:11:15Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2437036
3
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6
reference_id cpe:/a:redhat:satellite:6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6
4
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.16::el8
reference_id cpe:/a:redhat:satellite:6.16::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.16::el8
5
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.16::el9
reference_id cpe:/a:redhat:satellite:6.16::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.16::el9
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.17::el9
reference_id cpe:/a:redhat:satellite:6.17::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.17::el9
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.18::el9
reference_id cpe:/a:redhat:satellite:6.18::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.18::el9
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.16::el8
reference_id cpe:/a:redhat:satellite_capsule:6.16::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.16::el8
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.16::el9
reference_id cpe:/a:redhat:satellite_capsule:6.16::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.16::el9
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.17::el9
reference_id cpe:/a:redhat:satellite_capsule:6.17::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.17::el9
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.18::el9
reference_id cpe:/a:redhat:satellite_capsule:6.18::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.18::el9
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_maintenance:6.16::el9
reference_id cpe:/a:redhat:satellite_maintenance:6.16::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_maintenance:6.16::el9
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_maintenance:6.17::el9
reference_id cpe:/a:redhat:satellite_maintenance:6.17::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_maintenance:6.17::el9
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.16::el8
reference_id cpe:/a:redhat:satellite_utils:6.16::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.16::el8
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.16::el9
reference_id cpe:/a:redhat:satellite_utils:6.16::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.16::el9
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.17::el9
reference_id cpe:/a:redhat:satellite_utils:6.17::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.17::el9
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.18::el9
reference_id cpe:/a:redhat:satellite_utils:6.18::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.18::el9
18
reference_url https://access.redhat.com/security/cve/CVE-2026-1961
reference_id CVE-2026-1961
reference_type
scores
0
value 8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-26T13:11:15Z/
url https://access.redhat.com/security/cve/CVE-2026-1961
fixed_packages
aliases CVE-2026-1961
risk_score 3.6
exploitability 0.5
weighted_severity 7.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dhq1-5etu-kqb5
6
url VCID-dp1t-v58b-43du
vulnerability_id VCID-dp1t-v58b-43du
summary crypto/tls: Unexpected session resumption in crypto/tls
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68121.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68121.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-68121
reference_id
reference_type
scores
0
value 0.00017
scoring_system epss
scoring_elements 0.04012
published_at 2026-04-02T12:55:00Z
1
value 0.00017
scoring_system epss
scoring_elements 0.03999
published_at 2026-04-13T12:55:00Z
2
value 0.00017
scoring_system epss
scoring_elements 0.04026
published_at 2026-04-12T12:55:00Z
3
value 0.00017
scoring_system epss
scoring_elements 0.04041
published_at 2026-04-11T12:55:00Z
4
value 0.00017
scoring_system epss
scoring_elements 0.04068
published_at 2026-04-09T12:55:00Z
5
value 0.00017
scoring_system epss
scoring_elements 0.04049
published_at 2026-04-08T12:55:00Z
6
value 0.00017
scoring_system epss
scoring_elements 0.04029
published_at 2026-04-04T12:55:00Z
7
value 0.00017
scoring_system epss
scoring_elements 0.04044
published_at 2026-04-07T12:55:00Z
8
value 0.00018
scoring_system epss
scoring_elements 0.04353
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-68121
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125916
reference_id 1125916
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125916
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125917
reference_id 1125917
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125917
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2437111
reference_id 2437111
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2437111
7
reference_url https://go.dev/cl/737700
reference_id 737700
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-20T16:05:03Z/
url https://go.dev/cl/737700
8
reference_url https://go.dev/issue/77217
reference_id 77217
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-20T16:05:03Z/
url https://go.dev/issue/77217
9
reference_url https://pkg.go.dev/vuln/GO-2026-4337
reference_id GO-2026-4337
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-20T16:05:03Z/
url https://pkg.go.dev/vuln/GO-2026-4337
10
reference_url https://groups.google.com/g/golang-announce/c/K09ubi9FQFk
reference_id K09ubi9FQFk
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-20T16:05:03Z/
url https://groups.google.com/g/golang-announce/c/K09ubi9FQFk
11
reference_url https://access.redhat.com/errata/RHSA-2026:2706
reference_id RHSA-2026:2706
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2706
12
reference_url https://access.redhat.com/errata/RHSA-2026:2708
reference_id RHSA-2026:2708
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2708
13
reference_url https://access.redhat.com/errata/RHSA-2026:2709
reference_id RHSA-2026:2709
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2709
14
reference_url https://access.redhat.com/errata/RHSA-2026:2914
reference_id RHSA-2026:2914
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2914
15
reference_url https://access.redhat.com/errata/RHSA-2026:2920
reference_id RHSA-2026:2920
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2920
16
reference_url https://access.redhat.com/errata/RHSA-2026:3035
reference_id RHSA-2026:3035
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3035
17
reference_url https://access.redhat.com/errata/RHSA-2026:3040
reference_id RHSA-2026:3040
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3040
18
reference_url https://access.redhat.com/errata/RHSA-2026:3089
reference_id RHSA-2026:3089
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3089
19
reference_url https://access.redhat.com/errata/RHSA-2026:3092
reference_id RHSA-2026:3092
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3092
20
reference_url https://access.redhat.com/errata/RHSA-2026:3186
reference_id RHSA-2026:3186
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3186
21
reference_url https://access.redhat.com/errata/RHSA-2026:3187
reference_id RHSA-2026:3187
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3187
22
reference_url https://access.redhat.com/errata/RHSA-2026:3188
reference_id RHSA-2026:3188
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3188
23
reference_url https://access.redhat.com/errata/RHSA-2026:3192
reference_id RHSA-2026:3192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3192
24
reference_url https://access.redhat.com/errata/RHSA-2026:3193
reference_id RHSA-2026:3193
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3193
25
reference_url https://access.redhat.com/errata/RHSA-2026:3291
reference_id RHSA-2026:3291
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3291
26
reference_url https://access.redhat.com/errata/RHSA-2026:3297
reference_id RHSA-2026:3297
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3297
27
reference_url https://access.redhat.com/errata/RHSA-2026:3298
reference_id RHSA-2026:3298
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3298
28
reference_url https://access.redhat.com/errata/RHSA-2026:3336
reference_id RHSA-2026:3336
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3336
29
reference_url https://access.redhat.com/errata/RHSA-2026:3337
reference_id RHSA-2026:3337
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3337
30
reference_url https://access.redhat.com/errata/RHSA-2026:3340
reference_id RHSA-2026:3340
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3340
31
reference_url https://access.redhat.com/errata/RHSA-2026:3341
reference_id RHSA-2026:3341
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3341
32
reference_url https://access.redhat.com/errata/RHSA-2026:3343
reference_id RHSA-2026:3343
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3343
33
reference_url https://access.redhat.com/errata/RHSA-2026:3459
reference_id RHSA-2026:3459
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3459
34
reference_url https://access.redhat.com/errata/RHSA-2026:3506
reference_id RHSA-2026:3506
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3506
35
reference_url https://access.redhat.com/errata/RHSA-2026:3556
reference_id RHSA-2026:3556
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3556
36
reference_url https://access.redhat.com/errata/RHSA-2026:3559
reference_id RHSA-2026:3559
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3559
37
reference_url https://access.redhat.com/errata/RHSA-2026:3752
reference_id RHSA-2026:3752
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3752
38
reference_url https://access.redhat.com/errata/RHSA-2026:3753
reference_id RHSA-2026:3753
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3753
39
reference_url https://access.redhat.com/errata/RHSA-2026:3782
reference_id RHSA-2026:3782
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3782
40
reference_url https://access.redhat.com/errata/RHSA-2026:3816
reference_id RHSA-2026:3816
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3816
41
reference_url https://access.redhat.com/errata/RHSA-2026:3817
reference_id RHSA-2026:3817
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3817
42
reference_url https://access.redhat.com/errata/RHSA-2026:3831
reference_id RHSA-2026:3831
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3831
43
reference_url https://access.redhat.com/errata/RHSA-2026:3833
reference_id RHSA-2026:3833
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3833
44
reference_url https://access.redhat.com/errata/RHSA-2026:3839
reference_id RHSA-2026:3839
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3839
45
reference_url https://access.redhat.com/errata/RHSA-2026:3840
reference_id RHSA-2026:3840
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3840
46
reference_url https://access.redhat.com/errata/RHSA-2026:3842
reference_id RHSA-2026:3842
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3842
47
reference_url https://access.redhat.com/errata/RHSA-2026:3843
reference_id RHSA-2026:3843
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3843
48
reference_url https://access.redhat.com/errata/RHSA-2026:3855
reference_id RHSA-2026:3855
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3855
49
reference_url https://access.redhat.com/errata/RHSA-2026:3864
reference_id RHSA-2026:3864
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3864
50
reference_url https://access.redhat.com/errata/RHSA-2026:3874
reference_id RHSA-2026:3874
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3874
51
reference_url https://access.redhat.com/errata/RHSA-2026:3884
reference_id RHSA-2026:3884
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3884
52
reference_url https://access.redhat.com/errata/RHSA-2026:3898
reference_id RHSA-2026:3898
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3898
53
reference_url https://access.redhat.com/errata/RHSA-2026:3928
reference_id RHSA-2026:3928
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3928
54
reference_url https://access.redhat.com/errata/RHSA-2026:3929
reference_id RHSA-2026:3929
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3929
55
reference_url https://access.redhat.com/errata/RHSA-2026:3970
reference_id RHSA-2026:3970
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3970
56
reference_url https://access.redhat.com/errata/RHSA-2026:3971
reference_id RHSA-2026:3971
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3971
57
reference_url https://access.redhat.com/errata/RHSA-2026:3977
reference_id RHSA-2026:3977
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3977
58
reference_url https://access.redhat.com/errata/RHSA-2026:3985
reference_id RHSA-2026:3985
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3985
59
reference_url https://access.redhat.com/errata/RHSA-2026:4164
reference_id RHSA-2026:4164
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4164
60
reference_url https://access.redhat.com/errata/RHSA-2026:4166
reference_id RHSA-2026:4166
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4166
61
reference_url https://access.redhat.com/errata/RHSA-2026:4170
reference_id RHSA-2026:4170
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4170
62
reference_url https://access.redhat.com/errata/RHSA-2026:4174
reference_id RHSA-2026:4174
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4174
63
reference_url https://access.redhat.com/errata/RHSA-2026:4177
reference_id RHSA-2026:4177
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4177
64
reference_url https://access.redhat.com/errata/RHSA-2026:4220
reference_id RHSA-2026:4220
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4220
65
reference_url https://access.redhat.com/errata/RHSA-2026:4256
reference_id RHSA-2026:4256
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4256
66
reference_url https://access.redhat.com/errata/RHSA-2026:4264
reference_id RHSA-2026:4264
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4264
67
reference_url https://access.redhat.com/errata/RHSA-2026:4267
reference_id RHSA-2026:4267
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4267
68
reference_url https://access.redhat.com/errata/RHSA-2026:4270
reference_id RHSA-2026:4270
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4270
69
reference_url https://access.redhat.com/errata/RHSA-2026:4466
reference_id RHSA-2026:4466
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4466
70
reference_url https://access.redhat.com/errata/RHSA-2026:4467
reference_id RHSA-2026:4467
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4467
71
reference_url https://access.redhat.com/errata/RHSA-2026:4498
reference_id RHSA-2026:4498
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4498
72
reference_url https://access.redhat.com/errata/RHSA-2026:4500
reference_id RHSA-2026:4500
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4500
73
reference_url https://access.redhat.com/errata/RHSA-2026:4672
reference_id RHSA-2026:4672
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4672
74
reference_url https://access.redhat.com/errata/RHSA-2026:4892
reference_id RHSA-2026:4892
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4892
75
reference_url https://access.redhat.com/errata/RHSA-2026:4901
reference_id RHSA-2026:4901
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4901
76
reference_url https://access.redhat.com/errata/RHSA-2026:4907
reference_id RHSA-2026:4907
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4907
77
reference_url https://access.redhat.com/errata/RHSA-2026:4942
reference_id RHSA-2026:4942
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4942
78
reference_url https://access.redhat.com/errata/RHSA-2026:4952
reference_id RHSA-2026:4952
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4952
79
reference_url https://access.redhat.com/errata/RHSA-2026:5077
reference_id RHSA-2026:5077
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5077
80
reference_url https://access.redhat.com/errata/RHSA-2026:5110
reference_id RHSA-2026:5110
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5110
81
reference_url https://access.redhat.com/errata/RHSA-2026:5129
reference_id RHSA-2026:5129
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5129
82
reference_url https://access.redhat.com/errata/RHSA-2026:5130
reference_id RHSA-2026:5130
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5130
83
reference_url https://access.redhat.com/errata/RHSA-2026:5131
reference_id RHSA-2026:5131
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5131
84
reference_url https://access.redhat.com/errata/RHSA-2026:5132
reference_id RHSA-2026:5132
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5132
85
reference_url https://access.redhat.com/errata/RHSA-2026:5133
reference_id RHSA-2026:5133
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5133
86
reference_url https://access.redhat.com/errata/RHSA-2026:5146
reference_id RHSA-2026:5146
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5146
87
reference_url https://access.redhat.com/errata/RHSA-2026:5168
reference_id RHSA-2026:5168
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5168
88
reference_url https://access.redhat.com/errata/RHSA-2026:5394
reference_id RHSA-2026:5394
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5394
89
reference_url https://access.redhat.com/errata/RHSA-2026:5452
reference_id RHSA-2026:5452
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5452
90
reference_url https://access.redhat.com/errata/RHSA-2026:5549
reference_id RHSA-2026:5549
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5549
91
reference_url https://access.redhat.com/errata/RHSA-2026:5636
reference_id RHSA-2026:5636
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5636
92
reference_url https://access.redhat.com/errata/RHSA-2026:5645
reference_id RHSA-2026:5645
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5645
93
reference_url https://access.redhat.com/errata/RHSA-2026:5665
reference_id RHSA-2026:5665
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5665
94
reference_url https://access.redhat.com/errata/RHSA-2026:5851
reference_id RHSA-2026:5851
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5851
95
reference_url https://access.redhat.com/errata/RHSA-2026:5866
reference_id RHSA-2026:5866
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5866
96
reference_url https://access.redhat.com/errata/RHSA-2026:5876
reference_id RHSA-2026:5876
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5876
97
reference_url https://access.redhat.com/errata/RHSA-2026:5878
reference_id RHSA-2026:5878
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5878
98
reference_url https://access.redhat.com/errata/RHSA-2026:5907
reference_id RHSA-2026:5907
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5907
99
reference_url https://access.redhat.com/errata/RHSA-2026:5948
reference_id RHSA-2026:5948
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5948
100
reference_url https://access.redhat.com/errata/RHSA-2026:5950
reference_id RHSA-2026:5950
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5950
101
reference_url https://access.redhat.com/errata/RHSA-2026:5952
reference_id RHSA-2026:5952
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5952
102
reference_url https://access.redhat.com/errata/RHSA-2026:6192
reference_id RHSA-2026:6192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6192
103
reference_url https://access.redhat.com/errata/RHSA-2026:6226
reference_id RHSA-2026:6226
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6226
104
reference_url https://access.redhat.com/errata/RHSA-2026:6277
reference_id RHSA-2026:6277
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6277
105
reference_url https://access.redhat.com/errata/RHSA-2026:6278
reference_id RHSA-2026:6278
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6278
106
reference_url https://access.redhat.com/errata/RHSA-2026:6428
reference_id RHSA-2026:6428
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6428
107
reference_url https://access.redhat.com/errata/RHSA-2026:6429
reference_id RHSA-2026:6429
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6429
108
reference_url https://access.redhat.com/errata/RHSA-2026:6497
reference_id RHSA-2026:6497
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6497
109
reference_url https://access.redhat.com/errata/RHSA-2026:6552
reference_id RHSA-2026:6552
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6552
110
reference_url https://access.redhat.com/errata/RHSA-2026:6567
reference_id RHSA-2026:6567
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6567
111
reference_url https://access.redhat.com/errata/RHSA-2026:6568
reference_id RHSA-2026:6568
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6568
112
reference_url https://access.redhat.com/errata/RHSA-2026:7052
reference_id RHSA-2026:7052
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7052
113
reference_url https://access.redhat.com/errata/RHSA-2026:7854
reference_id RHSA-2026:7854
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7854
114
reference_url https://access.redhat.com/errata/RHSA-2026:8151
reference_id RHSA-2026:8151
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8151
115
reference_url https://access.redhat.com/errata/RHSA-2026:8167
reference_id RHSA-2026:8167
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8167
116
reference_url https://access.redhat.com/errata/RHSA-2026:8218
reference_id RHSA-2026:8218
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8218
117
reference_url https://access.redhat.com/errata/RHSA-2026:8337
reference_id RHSA-2026:8337
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8337
118
reference_url https://access.redhat.com/errata/RHSA-2026:8338
reference_id RHSA-2026:8338
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8338
119
reference_url https://access.redhat.com/errata/RHSA-2026:8433
reference_id RHSA-2026:8433
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8433
fixed_packages
aliases CVE-2025-68121
risk_score 3.4
exploitability 0.5
weighted_severity 6.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dp1t-v58b-43du
7
url VCID-e9k9-1s9f-dbgv
vulnerability_id VCID-e9k9-1s9f-dbgv
summary 
Django has Inefficient Algorithmic Complexity
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.

`ASGIRequest` allows a remote attacker to cause a potential denial-of-service via a crafted request with multiple duplicate headers.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.

Django would like to thank Jiyong Yang for reporting this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14550.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14550.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-14550
reference_id
reference_type
scores
0
value 0.00059
scoring_system epss
scoring_elements 0.18717
published_at 2026-04-02T12:55:00Z
1
value 0.00059
scoring_system epss
scoring_elements 0.18625
published_at 2026-04-11T12:55:00Z
2
value 0.00059
scoring_system epss
scoring_elements 0.18621
published_at 2026-04-09T12:55:00Z
3
value 0.00059
scoring_system epss
scoring_elements 0.18568
published_at 2026-04-08T12:55:00Z
4
value 0.00059
scoring_system epss
scoring_elements 0.18487
published_at 2026-04-07T12:55:00Z
5
value 0.00059
scoring_system epss
scoring_elements 0.18771
published_at 2026-04-04T12:55:00Z
6
value 0.00062
scoring_system epss
scoring_elements 0.19221
published_at 2026-04-16T12:55:00Z
7
value 0.00062
scoring_system epss
scoring_elements 0.19259
published_at 2026-04-13T12:55:00Z
8
value 0.00062
scoring_system epss
scoring_elements 0.19314
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-14550
2
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
5
reference_url https://github.com/django/django/commit/eb22e1d6d643360e952609ef562c139a100ea4eb
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/eb22e1d6d643360e952609ef562c139a100ea4eb
6
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:27:25Z/
url https://groups.google.com/g/django-announce
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-14550
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-14550
8
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914
reference_id 1126914
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2436341
reference_id 2436341
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2436341
11
reference_url https://github.com/advisories/GHSA-33mw-q7rj-mjwj
reference_id GHSA-33mw-q7rj-mjwj
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-33mw-q7rj-mjwj
12
reference_url https://access.redhat.com/errata/RHSA-2026:2694
reference_id RHSA-2026:2694
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2694
13
reference_url https://access.redhat.com/errata/RHSA-2026:3958
reference_id RHSA-2026:3958
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3958
14
reference_url https://access.redhat.com/errata/RHSA-2026:3959
reference_id RHSA-2026:3959
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3959
15
reference_url https://access.redhat.com/errata/RHSA-2026:6291
reference_id RHSA-2026:6291
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6291
16
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
reference_id security-releases
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:27:25Z/
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
17
reference_url https://usn.ubuntu.com/8009-1/
reference_id USN-8009-1
reference_type
scores
url https://usn.ubuntu.com/8009-1/
fixed_packages
aliases CVE-2025-14550, GHSA-33mw-q7rj-mjwj
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e9k9-1s9f-dbgv
8
url VCID-msge-1mfu-7qfa
vulnerability_id VCID-msge-1mfu-7qfa
summary 
Django has an SQL Injection issue
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.

`.QuerySet.order_by()` is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in `FilteredRelation`. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.

Django would like to thank Solomon Kebede for reporting this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1312.json
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1312.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-1312
reference_id
reference_type
scores
0
value 0.0001
scoring_system epss
scoring_elements 0.01069
published_at 2026-04-02T12:55:00Z
1
value 0.0001
scoring_system epss
scoring_elements 0.01083
published_at 2026-04-09T12:55:00Z
2
value 0.0001
scoring_system epss
scoring_elements 0.01084
published_at 2026-04-08T12:55:00Z
3
value 0.0001
scoring_system epss
scoring_elements 0.01079
published_at 2026-04-07T12:55:00Z
4
value 0.0001
scoring_system epss
scoring_elements 0.01072
published_at 2026-04-04T12:55:00Z
5
value 0.0001
scoring_system epss
scoring_elements 0.01067
published_at 2026-04-11T12:55:00Z
6
value 0.00011
scoring_system epss
scoring_elements 0.01444
published_at 2026-04-13T12:55:00Z
7
value 0.00011
scoring_system epss
scoring_elements 0.01443
published_at 2026-04-12T12:55:00Z
8
value 0.00011
scoring_system epss
scoring_elements 0.01433
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-1312
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1312
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1312
3
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
6
reference_url https://github.com/django/django/commit/005d60d97c4dfb117503bdb6f2facfcaf9315d84
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/005d60d97c4dfb117503bdb6f2facfcaf9315d84
7
reference_url https://github.com/django/django/commit/69065ca869b0970dff8fdd8fafb390bf8b3bf222
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/69065ca869b0970dff8fdd8fafb390bf8b3bf222
8
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:56:09Z/
url https://groups.google.com/g/django-announce
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1312
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-1312
10
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914
reference_id 1126914
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2436342
reference_id 2436342
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2436342
13
reference_url https://github.com/advisories/GHSA-6426-9fv3-65x8
reference_id GHSA-6426-9fv3-65x8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6426-9fv3-65x8
14
reference_url https://access.redhat.com/errata/RHSA-2026:2694
reference_id RHSA-2026:2694
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2694
15
reference_url https://access.redhat.com/errata/RHSA-2026:3958
reference_id RHSA-2026:3958
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3958
16
reference_url https://access.redhat.com/errata/RHSA-2026:3959
reference_id RHSA-2026:3959
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3959
17
reference_url https://access.redhat.com/errata/RHSA-2026:3960
reference_id RHSA-2026:3960
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3960
18
reference_url https://access.redhat.com/errata/RHSA-2026:3962
reference_id RHSA-2026:3962
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3962
19
reference_url https://access.redhat.com/errata/RHSA-2026:6291
reference_id RHSA-2026:6291
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6291
20
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
reference_id security-releases
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:56:09Z/
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
21
reference_url https://usn.ubuntu.com/8009-1/
reference_id USN-8009-1
reference_type
scores
url https://usn.ubuntu.com/8009-1/
fixed_packages
aliases CVE-2026-1312, GHSA-6426-9fv3-65x8
risk_score 3.9
exploitability 0.5
weighted_severity 7.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-msge-1mfu-7qfa
9
url VCID-x3n2-krwh-7be9
vulnerability_id VCID-x3n2-krwh-7be9
summary 
fog-kubevirt allows remote attacker to perform MITM attack due to disabled certificate validation
A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-the-Middle (MITM) attack due to disabled certificate validation. This enables the attacker to intercept and potentially alter sensitive communications between Satellite and OpenShift, resulting in information disclosure and data integrity compromise.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:5970
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-02T16:26:13Z/
url https://access.redhat.com/errata/RHSA-2026:5970
1
reference_url https://access.redhat.com/errata/RHSA-2026:5971
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-02T16:26:13Z/
url https://access.redhat.com/errata/RHSA-2026:5971
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1530.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1530.json
3
reference_url https://access.redhat.com/security/cve/CVE-2026-1530
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-02T16:26:13Z/
url https://access.redhat.com/security/cve/CVE-2026-1530
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-1530
reference_id
reference_type
scores
0
value 0.0001
scoring_system epss
scoring_elements 0.01107
published_at 2026-04-09T12:55:00Z
1
value 0.0001
scoring_system epss
scoring_elements 0.01101
published_at 2026-04-07T12:55:00Z
2
value 0.0001
scoring_system epss
scoring_elements 0.01093
published_at 2026-04-02T12:55:00Z
3
value 0.0001
scoring_system epss
scoring_elements 0.01096
published_at 2026-04-04T12:55:00Z
4
value 0.00012
scoring_system epss
scoring_elements 0.01482
published_at 2026-04-16T12:55:00Z
5
value 0.00012
scoring_system epss
scoring_elements 0.01501
published_at 2026-04-11T12:55:00Z
6
value 0.00012
scoring_system epss
scoring_elements 0.01493
published_at 2026-04-12T12:55:00Z
7
value 0.00012
scoring_system epss
scoring_elements 0.01494
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-1530
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2433784
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-02T16:26:13Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2433784
6
reference_url https://github.com/fog/fog-kubevirt
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/fog/fog-kubevirt
7
reference_url https://github.com/fog/fog-kubevirt/blob/8adb03e07972d6e19a7713ecf2a827aa2cfe4b9e/CHANGELOG.md?plain=1#L11
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/fog/fog-kubevirt/blob/8adb03e07972d6e19a7713ecf2a827aa2cfe4b9e/CHANGELOG.md?plain=1#L11
8
reference_url https://github.com/fog/fog-kubevirt/commit/8371e9ded99f9ec3e74caf2f283836109763e450
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/fog/fog-kubevirt/commit/8371e9ded99f9ec3e74caf2f283836109763e450
9
reference_url https://github.com/fog/fog-kubevirt/commit/9603d79a239a0f68bedfc679cd1b65fbf6ec4753
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/fog/fog-kubevirt/commit/9603d79a239a0f68bedfc679cd1b65fbf6ec4753
10
reference_url https://github.com/fog/fog-kubevirt/pull/168
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/fog/fog-kubevirt/pull/168
11
reference_url https://github.com/fog/fog-kubevirt/releases/tag/v1.5.1
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/fog/fog-kubevirt/releases/tag/v1.5.1
12
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/fog-kubevirt/CVE-2026-1530.yml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/fog-kubevirt/CVE-2026-1530.yml
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1530
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-1530
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6
reference_id cpe:/a:redhat:satellite:6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.16::el8
reference_id cpe:/a:redhat:satellite:6.16::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.16::el8
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.16::el9
reference_id cpe:/a:redhat:satellite:6.16::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.16::el9
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.17::el9
reference_id cpe:/a:redhat:satellite:6.17::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.17::el9
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.16::el8
reference_id cpe:/a:redhat:satellite_capsule:6.16::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.16::el8
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.16::el9
reference_id cpe:/a:redhat:satellite_capsule:6.16::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.16::el9
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.17::el9
reference_id cpe:/a:redhat:satellite_capsule:6.17::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.17::el9
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_maintenance:6.16::el9
reference_id cpe:/a:redhat:satellite_maintenance:6.16::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_maintenance:6.16::el9
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_maintenance:6.17::el9
reference_id cpe:/a:redhat:satellite_maintenance:6.17::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_maintenance:6.17::el9
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.16::el8
reference_id cpe:/a:redhat:satellite_utils:6.16::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.16::el8
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.16::el9
reference_id cpe:/a:redhat:satellite_utils:6.16::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.16::el9
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.17::el9
reference_id cpe:/a:redhat:satellite_utils:6.17::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.17::el9
26
reference_url https://github.com/advisories/GHSA-m3hq-3qj8-c5fm
reference_id GHSA-m3hq-3qj8-c5fm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m3hq-3qj8-c5fm
fixed_packages
aliases CVE-2026-1530, GHSA-m3hq-3qj8-c5fm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x3n2-krwh-7be9
10
url VCID-ysyp-h7ja-yff3
vulnerability_id VCID-ysyp-h7ja-yff3
summary 
Django has an SQL Injection issue
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.

Raster lookups on ``RasterField`` (only implemented on PostGIS) allows remote attackers to inject SQL via the band index parameter. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.

Django would like to thank Tarek Nakkouch for reporting this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1207.json
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1207.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-1207
reference_id
reference_type
scores
0
value 0.03841
scoring_system epss
scoring_elements 0.88188
published_at 2026-04-11T12:55:00Z
1
value 0.03841
scoring_system epss
scoring_elements 0.88178
published_at 2026-04-09T12:55:00Z
2
value 0.03841
scoring_system epss
scoring_elements 0.88172
published_at 2026-04-08T12:55:00Z
3
value 0.03841
scoring_system epss
scoring_elements 0.88153
published_at 2026-04-07T12:55:00Z
4
value 0.03841
scoring_system epss
scoring_elements 0.88146
published_at 2026-04-04T12:55:00Z
5
value 0.04424
scoring_system epss
scoring_elements 0.89035
published_at 2026-04-13T12:55:00Z
6
value 0.04424
scoring_system epss
scoring_elements 0.89037
published_at 2026-04-12T12:55:00Z
7
value 0.04424
scoring_system epss
scoring_elements 0.89048
published_at 2026-04-16T12:55:00Z
8
value 0.05126
scoring_system epss
scoring_elements 0.8982
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-1207
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1207
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1207
3
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
6
reference_url https://github.com/django/django/commit/81aa5292967cd09319c45fe2c1a525ce7b6684d8
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/81aa5292967cd09319c45fe2c1a525ce7b6684d8
7
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:21:06Z/
url https://groups.google.com/g/django-announce
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1207
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-1207
9
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914
reference_id 1126914
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2436338
reference_id 2436338
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2436338
12
reference_url https://github.com/advisories/GHSA-mwm9-4648-f68q
reference_id GHSA-mwm9-4648-f68q
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mwm9-4648-f68q
13
reference_url https://access.redhat.com/errata/RHSA-2026:2694
reference_id RHSA-2026:2694
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2694
14
reference_url https://access.redhat.com/errata/RHSA-2026:3958
reference_id RHSA-2026:3958
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3958
15
reference_url https://access.redhat.com/errata/RHSA-2026:3959
reference_id RHSA-2026:3959
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3959
16
reference_url https://access.redhat.com/errata/RHSA-2026:3960
reference_id RHSA-2026:3960
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3960
17
reference_url https://access.redhat.com/errata/RHSA-2026:3962
reference_id RHSA-2026:3962
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3962
18
reference_url https://access.redhat.com/errata/RHSA-2026:6291
reference_id RHSA-2026:6291
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6291
19
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
reference_id security-releases
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:21:06Z/
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
20
reference_url https://usn.ubuntu.com/8009-1/
reference_id USN-8009-1
reference_type
scores
url https://usn.ubuntu.com/8009-1/
fixed_packages
aliases CVE-2026-1207, GHSA-mwm9-4648-f68q
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ysyp-h7ja-yff3
11
url VCID-zqkc-zwfa-1qfx
vulnerability_id VCID-zqkc-zwfa-1qfx
summary 
Katello: Denial of Service and potential information disclosure via SQL injection
A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input, allows a remote attacker to inject arbitrary SQL commands into the sort_by parameter of the /api/hosts/bootc_images API endpoint. This can lead to a Denial of Service (DoS) by triggering database errors, and potentially enable Boolean-based Blind SQL injection, which could allow an attacker to extract sensitive information from the database.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:5968
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-17T14:26:51Z/
url https://access.redhat.com/errata/RHSA-2026:5968
1
reference_url https://access.redhat.com/errata/RHSA-2026:5970
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-17T14:26:51Z/
url https://access.redhat.com/errata/RHSA-2026:5970
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4324.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4324.json
3
reference_url https://access.redhat.com/security/cve/CVE-2026-4324
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-17T14:26:51Z/
url https://access.redhat.com/security/cve/CVE-2026-4324
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-4324
reference_id
reference_type
scores
0
value 0.0008
scoring_system epss
scoring_elements 0.23704
published_at 2026-04-16T12:55:00Z
1
value 0.0008
scoring_system epss
scoring_elements 0.23833
published_at 2026-04-02T12:55:00Z
2
value 0.0008
scoring_system epss
scoring_elements 0.23874
published_at 2026-04-04T12:55:00Z
3
value 0.0008
scoring_system epss
scoring_elements 0.23661
published_at 2026-04-07T12:55:00Z
4
value 0.0008
scoring_system epss
scoring_elements 0.23731
published_at 2026-04-08T12:55:00Z
5
value 0.0008
scoring_system epss
scoring_elements 0.23777
published_at 2026-04-09T12:55:00Z
6
value 0.0008
scoring_system epss
scoring_elements 0.23793
published_at 2026-04-11T12:55:00Z
7
value 0.0008
scoring_system epss
scoring_elements 0.23749
published_at 2026-04-12T12:55:00Z
8
value 0.0008
scoring_system epss
scoring_elements 0.23692
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-4324
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2448349
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-17T14:26:51Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2448349
6
reference_url https://github.com/Katello/katello
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Katello/katello
7
reference_url https://github.com/Katello/katello/commit/a0a793b08d4f0a897ee985d79a687ad043f99e57
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Katello/katello/commit/a0a793b08d4f0a897ee985d79a687ad043f99e57
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-4324
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-4324
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6
reference_id cpe:/a:redhat:satellite:6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.17::el9
reference_id cpe:/a:redhat:satellite:6.17::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.17::el9
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.18::el9
reference_id cpe:/a:redhat:satellite:6.18::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.18::el9
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.17::el9
reference_id cpe:/a:redhat:satellite_capsule:6.17::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.17::el9
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.18::el9
reference_id cpe:/a:redhat:satellite_capsule:6.18::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.18::el9
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_maintenance:6.17::el9
reference_id cpe:/a:redhat:satellite_maintenance:6.17::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_maintenance:6.17::el9
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.17::el9
reference_id cpe:/a:redhat:satellite_utils:6.17::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.17::el9
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.18::el9
reference_id cpe:/a:redhat:satellite_utils:6.18::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.18::el9
17
reference_url https://github.com/advisories/GHSA-fwj4-6wgp-mpxm
reference_id GHSA-fwj4-6wgp-mpxm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fwj4-6wgp-mpxm
fixed_packages
aliases CVE-2026-4324, GHSA-fwj4-6wgp-mpxm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zqkc-zwfa-1qfx
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rubygem-rubyipmi@0.13.0-1%3Farch=el9sat