| 0 |
| url |
VCID-2bh9-k4at-r7hz |
| vulnerability_id |
VCID-2bh9-k4at-r7hz |
| summary |
sql injection |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/advisories/GHSA-hmr4-m2h5-33qx |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
CRITICAL |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-hmr4-m2h5-33qx |
|
| 7 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
| reference_url |
https://seclists.org/bugtraq/2020/Feb/30 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://seclists.org/bugtraq/2020/Feb/30 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
| reference_url |
https://usn.ubuntu.com/4264-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4264-1 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:pypi/django@2.2.10 |
| purl |
pkg:pypi/django@2.2.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f2p-wfbs-73hz |
|
| 1 |
| vulnerability |
VCID-3wbe-pfau-9uhb |
|
| 2 |
| vulnerability |
VCID-5a2y-2m62-1qfa |
|
| 3 |
| vulnerability |
VCID-7b47-vsfh-y3gh |
|
| 4 |
| vulnerability |
VCID-81q1-gytk-2uaq |
|
| 5 |
| vulnerability |
VCID-9hp4-hn21-zkg8 |
|
| 6 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 7 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 8 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 9 |
| vulnerability |
VCID-b81v-3drw-xudf |
|
| 10 |
| vulnerability |
VCID-bbxx-48nj-pqcd |
|
| 11 |
| vulnerability |
VCID-dcv2-gx5a-pfe2 |
|
| 12 |
| vulnerability |
VCID-dqkn-1888-y3er |
|
| 13 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 14 |
| vulnerability |
VCID-fc6y-y2b1-v3d5 |
|
| 15 |
| vulnerability |
VCID-gxju-xjh2-z7bn |
|
| 16 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 17 |
| vulnerability |
VCID-jzbk-uswz-8ucg |
|
| 18 |
| vulnerability |
VCID-nxbs-37dx-rbbh |
|
| 19 |
| vulnerability |
VCID-punr-dfy5-v3g1 |
|
| 20 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 21 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 22 |
| vulnerability |
VCID-u53d-8afk-c3gq |
|
| 23 |
| vulnerability |
VCID-vyzr-dkz3-vfg6 |
|
| 24 |
| vulnerability |
VCID-xb3c-6rew-z3ba |
|
| 25 |
| vulnerability |
VCID-xu9t-qtjz-bud8 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.10 |
|
| 2 |
| url |
pkg:pypi/django@3.0.3 |
| purl |
pkg:pypi/django@3.0.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3wbe-pfau-9uhb |
|
| 1 |
| vulnerability |
VCID-5a2y-2m62-1qfa |
|
| 2 |
| vulnerability |
VCID-7b47-vsfh-y3gh |
|
| 3 |
| vulnerability |
VCID-9hp4-hn21-zkg8 |
|
| 4 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 5 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 6 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 7 |
| vulnerability |
VCID-b81v-3drw-xudf |
|
| 8 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 9 |
| vulnerability |
VCID-fc6y-y2b1-v3d5 |
|
| 10 |
| vulnerability |
VCID-gxju-xjh2-z7bn |
|
| 11 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 12 |
| vulnerability |
VCID-nxbs-37dx-rbbh |
|
| 13 |
| vulnerability |
VCID-punr-dfy5-v3g1 |
|
| 14 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 15 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 16 |
| vulnerability |
VCID-xb3c-6rew-z3ba |
|
| 17 |
| vulnerability |
VCID-xu9t-qtjz-bud8 |
|
| 18 |
| vulnerability |
VCID-zvet-h29t-tub8 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.3 |
|
|
| aliases |
BIT-django-2020-7471, CVE-2020-7471, GHSA-hmr4-m2h5-33qx, PYSEC-2020-35
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2bh9-k4at-r7hz |
|
| 1 |
| url |
VCID-2jvg-udsm-nkax |
| vulnerability_id |
VCID-2jvg-udsm-nkax |
| summary |
open redirect |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://github.com/advisories/GHSA-5hg3-6c2f-f3wr |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-5hg3-6c2f-f3wr |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
| reference_url |
https://usn.ubuntu.com/3726-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/3726-1 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.11.15 |
| purl |
pkg:pypi/django@1.11.15 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-6s18-ssym-1bd6 |
|
| 2 |
| vulnerability |
VCID-7b47-vsfh-y3gh |
|
| 3 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 4 |
| vulnerability |
VCID-arff-yjfe-auhp |
|
| 5 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 6 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 7 |
| vulnerability |
VCID-bxu2-wqcg-1ueh |
|
| 8 |
| vulnerability |
VCID-evu1-efcj-gfc5 |
|
| 9 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 10 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 11 |
| vulnerability |
VCID-had1-mb3z-23dy |
|
| 12 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 13 |
| vulnerability |
VCID-k3fv-7e29-bfep |
|
| 14 |
| vulnerability |
VCID-myrv-evr9-8kd4 |
|
| 15 |
| vulnerability |
VCID-n9cz-g44c-4fht |
|
| 16 |
| vulnerability |
VCID-phrd-92uj-sygr |
|
| 17 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 18 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 19 |
| vulnerability |
VCID-v8hg-78p1-87bh |
|
| 20 |
| vulnerability |
VCID-wj2g-v6dz-2yeq |
|
| 21 |
| vulnerability |
VCID-wsx7-6bfa-pugr |
|
| 22 |
| vulnerability |
VCID-wv4b-pjet-r7d1 |
|
| 23 |
| vulnerability |
VCID-x2hp-rmcn-gbah |
|
| 24 |
| vulnerability |
VCID-yc5g-k96t-qub7 |
|
| 25 |
| vulnerability |
VCID-yh41-twy2-c7c5 |
|
| 26 |
| vulnerability |
VCID-ypwa-2rh9-gyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.15 |
|
| 1 |
| url |
pkg:pypi/django@2.0.8 |
| purl |
pkg:pypi/django@2.0.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-795n-caf2-fbcq |
|
| 2 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 3 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 4 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 5 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 6 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 7 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 8 |
| vulnerability |
VCID-myrv-evr9-8kd4 |
|
| 9 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 10 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 11 |
| vulnerability |
VCID-wj2g-v6dz-2yeq |
|
| 12 |
| vulnerability |
VCID-wsx7-6bfa-pugr |
|
| 13 |
| vulnerability |
VCID-yc5g-k96t-qub7 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.0.8 |
|
|
| aliases |
CVE-2018-14574, GHSA-5hg3-6c2f-f3wr, PYSEC-2018-2
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2jvg-udsm-nkax |
|
| 2 |
| url |
VCID-5sxw-p38k-q7cp |
| vulnerability_id |
VCID-5sxw-p38k-q7cp |
| summary |
denial of service |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
|
| 1 |
| value |
2.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
| reference_url |
https://usn.ubuntu.com/3591-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
|
| 1 |
| value |
2.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/3591-1 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.11.11 |
| purl |
pkg:pypi/django@1.11.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-2jvg-udsm-nkax |
|
| 2 |
| vulnerability |
VCID-6s18-ssym-1bd6 |
|
| 3 |
| vulnerability |
VCID-7b47-vsfh-y3gh |
|
| 4 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 5 |
| vulnerability |
VCID-arff-yjfe-auhp |
|
| 6 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 7 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 8 |
| vulnerability |
VCID-bxu2-wqcg-1ueh |
|
| 9 |
| vulnerability |
VCID-evu1-efcj-gfc5 |
|
| 10 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 11 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 12 |
| vulnerability |
VCID-had1-mb3z-23dy |
|
| 13 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 14 |
| vulnerability |
VCID-k3fv-7e29-bfep |
|
| 15 |
| vulnerability |
VCID-myrv-evr9-8kd4 |
|
| 16 |
| vulnerability |
VCID-n9cz-g44c-4fht |
|
| 17 |
| vulnerability |
VCID-phrd-92uj-sygr |
|
| 18 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 19 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 20 |
| vulnerability |
VCID-v8hg-78p1-87bh |
|
| 21 |
| vulnerability |
VCID-wj2g-v6dz-2yeq |
|
| 22 |
| vulnerability |
VCID-wsx7-6bfa-pugr |
|
| 23 |
| vulnerability |
VCID-wv4b-pjet-r7d1 |
|
| 24 |
| vulnerability |
VCID-x2hp-rmcn-gbah |
|
| 25 |
| vulnerability |
VCID-yc5g-k96t-qub7 |
|
| 26 |
| vulnerability |
VCID-yh41-twy2-c7c5 |
|
| 27 |
| vulnerability |
VCID-ypwa-2rh9-gyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.11 |
|
| 1 |
| url |
pkg:pypi/django@2.0.3 |
| purl |
pkg:pypi/django@2.0.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-2jvg-udsm-nkax |
|
| 2 |
| vulnerability |
VCID-795n-caf2-fbcq |
|
| 3 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 4 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 5 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 6 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 7 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 8 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 9 |
| vulnerability |
VCID-myrv-evr9-8kd4 |
|
| 10 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 11 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 12 |
| vulnerability |
VCID-wj2g-v6dz-2yeq |
|
| 13 |
| vulnerability |
VCID-wsx7-6bfa-pugr |
|
| 14 |
| vulnerability |
VCID-yc5g-k96t-qub7 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.0.3 |
|
|
| aliases |
CVE-2018-7537, GHSA-2f9x-5v75-3qv4, PYSEC-2018-6
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5sxw-p38k-q7cp |
|
| 3 |
| url |
VCID-6s18-ssym-1bd6 |
| vulnerability_id |
VCID-6s18-ssym-1bd6 |
| summary |
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.11.23 |
| purl |
pkg:pypi/django@1.11.23 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-7b47-vsfh-y3gh |
|
| 2 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 3 |
| vulnerability |
VCID-arff-yjfe-auhp |
|
| 4 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 5 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 6 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 7 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 8 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 9 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 10 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.23 |
|
| 1 |
| url |
pkg:pypi/django@2.1.11 |
| purl |
pkg:pypi/django@2.1.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-3gvv-5jbs-cfc1 |
|
| 2 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 3 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 4 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 5 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 6 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 7 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 8 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 9 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 10 |
| vulnerability |
VCID-vr6h-ymzh-1kb2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.11 |
|
| 2 |
| url |
pkg:pypi/django@2.2.4 |
| purl |
pkg:pypi/django@2.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-2f2p-wfbs-73hz |
|
| 2 |
| vulnerability |
VCID-3gvv-5jbs-cfc1 |
|
| 3 |
| vulnerability |
VCID-3wbe-pfau-9uhb |
|
| 4 |
| vulnerability |
VCID-5a2y-2m62-1qfa |
|
| 5 |
| vulnerability |
VCID-7b47-vsfh-y3gh |
|
| 6 |
| vulnerability |
VCID-81q1-gytk-2uaq |
|
| 7 |
| vulnerability |
VCID-9hp4-hn21-zkg8 |
|
| 8 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 9 |
| vulnerability |
VCID-arff-yjfe-auhp |
|
| 10 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 11 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 12 |
| vulnerability |
VCID-b81v-3drw-xudf |
|
| 13 |
| vulnerability |
VCID-bbxx-48nj-pqcd |
|
| 14 |
| vulnerability |
VCID-dcv2-gx5a-pfe2 |
|
| 15 |
| vulnerability |
VCID-dqkn-1888-y3er |
|
| 16 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 17 |
| vulnerability |
VCID-fc6y-y2b1-v3d5 |
|
| 18 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 19 |
| vulnerability |
VCID-gxju-xjh2-z7bn |
|
| 20 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 21 |
| vulnerability |
VCID-jzbk-uswz-8ucg |
|
| 22 |
| vulnerability |
VCID-nxbs-37dx-rbbh |
|
| 23 |
| vulnerability |
VCID-punr-dfy5-v3g1 |
|
| 24 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 25 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 26 |
| vulnerability |
VCID-u53d-8afk-c3gq |
|
| 27 |
| vulnerability |
VCID-vr6h-ymzh-1kb2 |
|
| 28 |
| vulnerability |
VCID-vyzr-dkz3-vfg6 |
|
| 29 |
| vulnerability |
VCID-xb3c-6rew-z3ba |
|
| 30 |
| vulnerability |
VCID-xu9t-qtjz-bud8 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.4 |
|
|
| aliases |
PYSEC-2019-84
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6s18-ssym-1bd6 |
|
| 4 |
| url |
VCID-7b47-vsfh-y3gh |
| vulnerability_id |
VCID-7b47-vsfh-y3gh |
| summary |
sql injection |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
| reference_url |
https://usn.ubuntu.com/4296-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4296-1 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:pypi/django@2.2.11 |
| purl |
pkg:pypi/django@2.2.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f2p-wfbs-73hz |
|
| 1 |
| vulnerability |
VCID-3wbe-pfau-9uhb |
|
| 2 |
| vulnerability |
VCID-5a2y-2m62-1qfa |
|
| 3 |
| vulnerability |
VCID-81q1-gytk-2uaq |
|
| 4 |
| vulnerability |
VCID-9hp4-hn21-zkg8 |
|
| 5 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 6 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 7 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 8 |
| vulnerability |
VCID-b81v-3drw-xudf |
|
| 9 |
| vulnerability |
VCID-bbxx-48nj-pqcd |
|
| 10 |
| vulnerability |
VCID-dcv2-gx5a-pfe2 |
|
| 11 |
| vulnerability |
VCID-dqkn-1888-y3er |
|
| 12 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 13 |
| vulnerability |
VCID-fc6y-y2b1-v3d5 |
|
| 14 |
| vulnerability |
VCID-gxju-xjh2-z7bn |
|
| 15 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 16 |
| vulnerability |
VCID-jzbk-uswz-8ucg |
|
| 17 |
| vulnerability |
VCID-nxbs-37dx-rbbh |
|
| 18 |
| vulnerability |
VCID-punr-dfy5-v3g1 |
|
| 19 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 20 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 21 |
| vulnerability |
VCID-u53d-8afk-c3gq |
|
| 22 |
| vulnerability |
VCID-vyzr-dkz3-vfg6 |
|
| 23 |
| vulnerability |
VCID-xb3c-6rew-z3ba |
|
| 24 |
| vulnerability |
VCID-xu9t-qtjz-bud8 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.11 |
|
| 2 |
| url |
pkg:pypi/django@3.0.4 |
| purl |
pkg:pypi/django@3.0.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3wbe-pfau-9uhb |
|
| 1 |
| vulnerability |
VCID-5a2y-2m62-1qfa |
|
| 2 |
| vulnerability |
VCID-9hp4-hn21-zkg8 |
|
| 3 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 4 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 5 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 6 |
| vulnerability |
VCID-b81v-3drw-xudf |
|
| 7 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 8 |
| vulnerability |
VCID-fc6y-y2b1-v3d5 |
|
| 9 |
| vulnerability |
VCID-gxju-xjh2-z7bn |
|
| 10 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 11 |
| vulnerability |
VCID-nxbs-37dx-rbbh |
|
| 12 |
| vulnerability |
VCID-punr-dfy5-v3g1 |
|
| 13 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 14 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 15 |
| vulnerability |
VCID-xb3c-6rew-z3ba |
|
| 16 |
| vulnerability |
VCID-xu9t-qtjz-bud8 |
|
| 17 |
| vulnerability |
VCID-zvet-h29t-tub8 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.4 |
|
|
| aliases |
BIT-django-2020-9402, CVE-2020-9402, GHSA-3gh2-xw74-jmcw, PYSEC-2020-345, PYSEC-2020-36
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7b47-vsfh-y3gh |
|
| 5 |
| url |
VCID-8gkb-43x6-d7a8 |
| vulnerability_id |
VCID-8gkb-43x6-d7a8 |
| summary |
In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with "DEBUG = True" (which makes this page accessible) in your production settings. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/advisories/GHSA-9r8w-6x8c-6jr9 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-9r8w-6x8c-6jr9 |
|
| 3 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://usn.ubuntu.com/3559-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/3559-1 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.11.5 |
| purl |
pkg:pypi/django@1.11.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-2jvg-udsm-nkax |
|
| 2 |
| vulnerability |
VCID-5sxw-p38k-q7cp |
|
| 3 |
| vulnerability |
VCID-6s18-ssym-1bd6 |
|
| 4 |
| vulnerability |
VCID-7b47-vsfh-y3gh |
|
| 5 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 6 |
| vulnerability |
VCID-arff-yjfe-auhp |
|
| 7 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 8 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 9 |
| vulnerability |
VCID-bxu2-wqcg-1ueh |
|
| 10 |
| vulnerability |
VCID-evu1-efcj-gfc5 |
|
| 11 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 12 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 13 |
| vulnerability |
VCID-had1-mb3z-23dy |
|
| 14 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 15 |
| vulnerability |
VCID-j1jc-m7e2-5yck |
|
| 16 |
| vulnerability |
VCID-k3fv-7e29-bfep |
|
| 17 |
| vulnerability |
VCID-myrv-evr9-8kd4 |
|
| 18 |
| vulnerability |
VCID-n9cz-g44c-4fht |
|
| 19 |
| vulnerability |
VCID-phrd-92uj-sygr |
|
| 20 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 21 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 22 |
| vulnerability |
VCID-v8hg-78p1-87bh |
|
| 23 |
| vulnerability |
VCID-wj2g-v6dz-2yeq |
|
| 24 |
| vulnerability |
VCID-wsx7-6bfa-pugr |
|
| 25 |
| vulnerability |
VCID-wv4b-pjet-r7d1 |
|
| 26 |
| vulnerability |
VCID-x2hp-rmcn-gbah |
|
| 27 |
| vulnerability |
VCID-yc5g-k96t-qub7 |
|
| 28 |
| vulnerability |
VCID-yh41-twy2-c7c5 |
|
| 29 |
| vulnerability |
VCID-ypwa-2rh9-gyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.5 |
|
|
| aliases |
CVE-2017-12794, GHSA-9r8w-6x8c-6jr9, PYSEC-2017-44
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8gkb-43x6-d7a8 |
|
| 6 |
| url |
VCID-9udu-eqvn-mqbj |
| vulnerability_id |
VCID-9udu-eqvn-mqbj |
| summary |
An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.
NFKC normalization in Python is slow on Windows. As a consequence, `django.http.HttpResponseRedirect`, `django.http.HttpResponsePermanentRedirect`, and the shortcut `django.shortcuts.redirect` were subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Seokchan Yoon for reporting this issue. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@4.2.26 |
| purl |
pkg:pypi/django@4.2.26 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-32d1-b8f2-hud5 |
|
| 1 |
| vulnerability |
VCID-3d6k-rdsh-k7hm |
|
| 2 |
| vulnerability |
VCID-3vk6-hdbc-2bhz |
|
| 3 |
| vulnerability |
VCID-5fbx-3yfb-fudx |
|
| 4 |
| vulnerability |
VCID-62jv-ab6d-sqdb |
|
| 5 |
| vulnerability |
VCID-63c7-mkxw-ufav |
|
| 6 |
| vulnerability |
VCID-7jbt-5zw2-vff2 |
|
| 7 |
| vulnerability |
VCID-92bp-6kte-tyfs |
|
| 8 |
| vulnerability |
VCID-cbsj-1qqg-1ba6 |
|
| 9 |
| vulnerability |
VCID-cg44-thdw-cygg |
|
| 10 |
| vulnerability |
VCID-dac4-fa2z-bkdq |
|
| 11 |
| vulnerability |
VCID-enen-3w2h-g3b8 |
|
| 12 |
| vulnerability |
VCID-heum-8mwz-sbcw |
|
| 13 |
| vulnerability |
VCID-j2uz-w2ur-7ud4 |
|
| 14 |
| vulnerability |
VCID-jma1-9ags-xbfm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.26 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@5.2.8 |
| purl |
pkg:pypi/django@5.2.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-32d1-b8f2-hud5 |
|
| 1 |
| vulnerability |
VCID-3ccr-92q5-aqfk |
|
| 2 |
| vulnerability |
VCID-3d6k-rdsh-k7hm |
|
| 3 |
| vulnerability |
VCID-3vk6-hdbc-2bhz |
|
| 4 |
| vulnerability |
VCID-5fbx-3yfb-fudx |
|
| 5 |
| vulnerability |
VCID-62jv-ab6d-sqdb |
|
| 6 |
| vulnerability |
VCID-63c7-mkxw-ufav |
|
| 7 |
| vulnerability |
VCID-7jbt-5zw2-vff2 |
|
| 8 |
| vulnerability |
VCID-92bp-6kte-tyfs |
|
| 9 |
| vulnerability |
VCID-92z2-3rbz-77h9 |
|
| 10 |
| vulnerability |
VCID-cbsj-1qqg-1ba6 |
|
| 11 |
| vulnerability |
VCID-cg44-thdw-cygg |
|
| 12 |
| vulnerability |
VCID-dac4-fa2z-bkdq |
|
| 13 |
| vulnerability |
VCID-enen-3w2h-g3b8 |
|
| 14 |
| vulnerability |
VCID-g22z-jue5-8udz |
|
| 15 |
| vulnerability |
VCID-heum-8mwz-sbcw |
|
| 16 |
| vulnerability |
VCID-j2uz-w2ur-7ud4 |
|
| 17 |
| vulnerability |
VCID-jma1-9ags-xbfm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.8 |
|
| 3 |
|
|
| aliases |
BIT-django-2025-64458, CVE-2025-64458, GHSA-qw25-v68c-qjf3, PYSEC-2025-107
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9udu-eqvn-mqbj |
|
| 7 |
| url |
VCID-arff-yjfe-auhp |
| vulnerability_id |
VCID-arff-yjfe-auhp |
| summary |
Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.) |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:pypi/django@2.2.9 |
| purl |
pkg:pypi/django@2.2.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-2f2p-wfbs-73hz |
|
| 2 |
| vulnerability |
VCID-3wbe-pfau-9uhb |
|
| 3 |
| vulnerability |
VCID-5a2y-2m62-1qfa |
|
| 4 |
| vulnerability |
VCID-7b47-vsfh-y3gh |
|
| 5 |
| vulnerability |
VCID-81q1-gytk-2uaq |
|
| 6 |
| vulnerability |
VCID-9hp4-hn21-zkg8 |
|
| 7 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 8 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 9 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 10 |
| vulnerability |
VCID-b81v-3drw-xudf |
|
| 11 |
| vulnerability |
VCID-bbxx-48nj-pqcd |
|
| 12 |
| vulnerability |
VCID-dcv2-gx5a-pfe2 |
|
| 13 |
| vulnerability |
VCID-dqkn-1888-y3er |
|
| 14 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 15 |
| vulnerability |
VCID-fc6y-y2b1-v3d5 |
|
| 16 |
| vulnerability |
VCID-gxju-xjh2-z7bn |
|
| 17 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 18 |
| vulnerability |
VCID-jzbk-uswz-8ucg |
|
| 19 |
| vulnerability |
VCID-nxbs-37dx-rbbh |
|
| 20 |
| vulnerability |
VCID-punr-dfy5-v3g1 |
|
| 21 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 22 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 23 |
| vulnerability |
VCID-u53d-8afk-c3gq |
|
| 24 |
| vulnerability |
VCID-vyzr-dkz3-vfg6 |
|
| 25 |
| vulnerability |
VCID-xb3c-6rew-z3ba |
|
| 26 |
| vulnerability |
VCID-xu9t-qtjz-bud8 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.9 |
|
|
| aliases |
PYSEC-2019-86
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-arff-yjfe-auhp |
|
| 8 |
| url |
VCID-ax42-esfz-vud2 |
| vulnerability_id |
VCID-ax42-esfz-vud2 |
| summary |
|
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
| reference_url |
https://groups.google.com/forum/#%21forum/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 2 |
| value |
6.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:35:34Z/ |
|
|
| url |
https://groups.google.com/forum/#%21forum/django-announce |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@4.2.16 |
| purl |
pkg:pypi/django@4.2.16 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1umb-2rxg-bbdk |
|
| 1 |
| vulnerability |
VCID-32d1-b8f2-hud5 |
|
| 2 |
| vulnerability |
VCID-3d6k-rdsh-k7hm |
|
| 3 |
| vulnerability |
VCID-3vk6-hdbc-2bhz |
|
| 4 |
| vulnerability |
VCID-4vry-9jdm-nyg9 |
|
| 5 |
| vulnerability |
VCID-5fbx-3yfb-fudx |
|
| 6 |
| vulnerability |
VCID-62jv-ab6d-sqdb |
|
| 7 |
| vulnerability |
VCID-63c7-mkxw-ufav |
|
| 8 |
| vulnerability |
VCID-7jbt-5zw2-vff2 |
|
| 9 |
| vulnerability |
VCID-92bp-6kte-tyfs |
|
| 10 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 11 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 12 |
| vulnerability |
VCID-cbsj-1qqg-1ba6 |
|
| 13 |
| vulnerability |
VCID-cg44-thdw-cygg |
|
| 14 |
| vulnerability |
VCID-chey-b3c1-pbe5 |
|
| 15 |
| vulnerability |
VCID-dac4-fa2z-bkdq |
|
| 16 |
| vulnerability |
VCID-em3c-ceug-cubp |
|
| 17 |
| vulnerability |
VCID-enen-3w2h-g3b8 |
|
| 18 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 19 |
| vulnerability |
VCID-heum-8mwz-sbcw |
|
| 20 |
| vulnerability |
VCID-j2uz-w2ur-7ud4 |
|
| 21 |
| vulnerability |
VCID-jma1-9ags-xbfm |
|
| 22 |
| vulnerability |
VCID-nyc2-p1rp-xkb4 |
|
| 23 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 24 |
| vulnerability |
VCID-vpgq-jhzc-j7h2 |
|
| 25 |
| vulnerability |
VCID-xmq2-18at-y3gj |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.16 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@5.1.1 |
| purl |
pkg:pypi/django@5.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1umb-2rxg-bbdk |
|
| 1 |
| vulnerability |
VCID-3d6k-rdsh-k7hm |
|
| 2 |
| vulnerability |
VCID-4vry-9jdm-nyg9 |
|
| 3 |
| vulnerability |
VCID-7jbt-5zw2-vff2 |
|
| 4 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 5 |
| vulnerability |
VCID-a3e2-se1v-2yb5 |
|
| 6 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 7 |
| vulnerability |
VCID-chey-b3c1-pbe5 |
|
| 8 |
| vulnerability |
VCID-em3c-ceug-cubp |
|
| 9 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 10 |
| vulnerability |
VCID-nyc2-p1rp-xkb4 |
|
| 11 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 12 |
| vulnerability |
VCID-vpgq-jhzc-j7h2 |
|
| 13 |
| vulnerability |
VCID-xmq2-18at-y3gj |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.1 |
|
|
| aliases |
CVE-2024-45231, GHSA-rrqc-c2jx-6jgv
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ax42-esfz-vud2 |
|
| 9 |
| url |
VCID-ax7m-uv4s-zkc1 |
| vulnerability_id |
VCID-ax7m-uv4s-zkc1 |
| summary |
An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed QuerySet.annotate() or QuerySet.alias(). |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
| reference_url |
https://groups.google.com/g/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N |
|
| 1 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track* |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-08T17:33:03Z/ |
|
|
| url |
https://groups.google.com/g/django-announce |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@4.2.24 |
| purl |
pkg:pypi/django@4.2.24 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-32d1-b8f2-hud5 |
|
| 1 |
| vulnerability |
VCID-3d6k-rdsh-k7hm |
|
| 2 |
| vulnerability |
VCID-3vk6-hdbc-2bhz |
|
| 3 |
| vulnerability |
VCID-5fbx-3yfb-fudx |
|
| 4 |
| vulnerability |
VCID-62jv-ab6d-sqdb |
|
| 5 |
| vulnerability |
VCID-63c7-mkxw-ufav |
|
| 6 |
| vulnerability |
VCID-7jbt-5zw2-vff2 |
|
| 7 |
| vulnerability |
VCID-92bp-6kte-tyfs |
|
| 8 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 9 |
| vulnerability |
VCID-cbsj-1qqg-1ba6 |
|
| 10 |
| vulnerability |
VCID-cg44-thdw-cygg |
|
| 11 |
| vulnerability |
VCID-dac4-fa2z-bkdq |
|
| 12 |
| vulnerability |
VCID-enen-3w2h-g3b8 |
|
| 13 |
| vulnerability |
VCID-heum-8mwz-sbcw |
|
| 14 |
| vulnerability |
VCID-j2uz-w2ur-7ud4 |
|
| 15 |
| vulnerability |
VCID-jma1-9ags-xbfm |
|
| 16 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 17 |
| vulnerability |
VCID-vpgq-jhzc-j7h2 |
|
| 18 |
| vulnerability |
VCID-xmq2-18at-y3gj |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.24 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@5.2.6 |
| purl |
pkg:pypi/django@5.2.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-32d1-b8f2-hud5 |
|
| 1 |
| vulnerability |
VCID-3ccr-92q5-aqfk |
|
| 2 |
| vulnerability |
VCID-3d6k-rdsh-k7hm |
|
| 3 |
| vulnerability |
VCID-3vk6-hdbc-2bhz |
|
| 4 |
| vulnerability |
VCID-5fbx-3yfb-fudx |
|
| 5 |
| vulnerability |
VCID-62jv-ab6d-sqdb |
|
| 6 |
| vulnerability |
VCID-63c7-mkxw-ufav |
|
| 7 |
| vulnerability |
VCID-7jbt-5zw2-vff2 |
|
| 8 |
| vulnerability |
VCID-92bp-6kte-tyfs |
|
| 9 |
| vulnerability |
VCID-92z2-3rbz-77h9 |
|
| 10 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 11 |
| vulnerability |
VCID-cbsj-1qqg-1ba6 |
|
| 12 |
| vulnerability |
VCID-cg44-thdw-cygg |
|
| 13 |
| vulnerability |
VCID-dac4-fa2z-bkdq |
|
| 14 |
| vulnerability |
VCID-enen-3w2h-g3b8 |
|
| 15 |
| vulnerability |
VCID-g22z-jue5-8udz |
|
| 16 |
| vulnerability |
VCID-heum-8mwz-sbcw |
|
| 17 |
| vulnerability |
VCID-j2uz-w2ur-7ud4 |
|
| 18 |
| vulnerability |
VCID-jma1-9ags-xbfm |
|
| 19 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 20 |
| vulnerability |
VCID-vpgq-jhzc-j7h2 |
|
| 21 |
| vulnerability |
VCID-xmq2-18at-y3gj |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.6 |
|
|
| aliases |
BIT-django-2025-57833, CVE-2025-57833, GHSA-6w2r-r2m5-xq5w, PYSEC-2025-105
|
| risk_score |
3.6 |
| exploitability |
0.5 |
| weighted_severity |
7.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ax7m-uv4s-zkc1 |
|
| 10 |
| url |
VCID-bxu2-wqcg-1ueh |
| vulnerability_id |
VCID-bxu2-wqcg-1ueh |
| summary |
cross-site scripting |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
| reference_url |
https://github.com/advisories/GHSA-7rp2-fm2h-wchj |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-7rp2-fm2h-wchj |
|
| 17 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
| reference_url |
https://seclists.org/bugtraq/2019/Jul/10 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://seclists.org/bugtraq/2019/Jul/10 |
|
| 28 |
|
| 29 |
| reference_url |
https://usn.ubuntu.com/4043-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4043-1 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.11.21 |
| purl |
pkg:pypi/django@1.11.21 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-6s18-ssym-1bd6 |
|
| 2 |
| vulnerability |
VCID-7b47-vsfh-y3gh |
|
| 3 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 4 |
| vulnerability |
VCID-arff-yjfe-auhp |
|
| 5 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 6 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 7 |
| vulnerability |
VCID-evu1-efcj-gfc5 |
|
| 8 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 9 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 10 |
| vulnerability |
VCID-had1-mb3z-23dy |
|
| 11 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 12 |
| vulnerability |
VCID-n9cz-g44c-4fht |
|
| 13 |
| vulnerability |
VCID-phrd-92uj-sygr |
|
| 14 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 15 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 16 |
| vulnerability |
VCID-v8hg-78p1-87bh |
|
| 17 |
| vulnerability |
VCID-wv4b-pjet-r7d1 |
|
| 18 |
| vulnerability |
VCID-x2hp-rmcn-gbah |
|
| 19 |
| vulnerability |
VCID-yh41-twy2-c7c5 |
|
| 20 |
| vulnerability |
VCID-ypwa-2rh9-gyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.21 |
|
| 1 |
| url |
pkg:pypi/django@2.1.9 |
| purl |
pkg:pypi/django@2.1.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-3gvv-5jbs-cfc1 |
|
| 2 |
| vulnerability |
VCID-6s18-ssym-1bd6 |
|
| 3 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 4 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 5 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 6 |
| vulnerability |
VCID-evu1-efcj-gfc5 |
|
| 7 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 8 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 9 |
| vulnerability |
VCID-had1-mb3z-23dy |
|
| 10 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 11 |
| vulnerability |
VCID-n9cz-g44c-4fht |
|
| 12 |
| vulnerability |
VCID-phrd-92uj-sygr |
|
| 13 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 14 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 15 |
| vulnerability |
VCID-v8hg-78p1-87bh |
|
| 16 |
| vulnerability |
VCID-vr6h-ymzh-1kb2 |
|
| 17 |
| vulnerability |
VCID-wv4b-pjet-r7d1 |
|
| 18 |
| vulnerability |
VCID-x2hp-rmcn-gbah |
|
| 19 |
| vulnerability |
VCID-yh41-twy2-c7c5 |
|
| 20 |
| vulnerability |
VCID-ypwa-2rh9-gyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.9 |
|
| 2 |
| url |
pkg:pypi/django@2.2.2 |
| purl |
pkg:pypi/django@2.2.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-2f2p-wfbs-73hz |
|
| 2 |
| vulnerability |
VCID-3gvv-5jbs-cfc1 |
|
| 3 |
| vulnerability |
VCID-3wbe-pfau-9uhb |
|
| 4 |
| vulnerability |
VCID-5a2y-2m62-1qfa |
|
| 5 |
| vulnerability |
VCID-6s18-ssym-1bd6 |
|
| 6 |
| vulnerability |
VCID-7b47-vsfh-y3gh |
|
| 7 |
| vulnerability |
VCID-81q1-gytk-2uaq |
|
| 8 |
| vulnerability |
VCID-9hp4-hn21-zkg8 |
|
| 9 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 10 |
| vulnerability |
VCID-arff-yjfe-auhp |
|
| 11 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 12 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 13 |
| vulnerability |
VCID-b81v-3drw-xudf |
|
| 14 |
| vulnerability |
VCID-bbxx-48nj-pqcd |
|
| 15 |
| vulnerability |
VCID-dcv2-gx5a-pfe2 |
|
| 16 |
| vulnerability |
VCID-dqkn-1888-y3er |
|
| 17 |
| vulnerability |
VCID-evu1-efcj-gfc5 |
|
| 18 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 19 |
| vulnerability |
VCID-fc6y-y2b1-v3d5 |
|
| 20 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 21 |
| vulnerability |
VCID-gxju-xjh2-z7bn |
|
| 22 |
| vulnerability |
VCID-had1-mb3z-23dy |
|
| 23 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 24 |
| vulnerability |
VCID-jzbk-uswz-8ucg |
|
| 25 |
| vulnerability |
VCID-n9cz-g44c-4fht |
|
| 26 |
| vulnerability |
VCID-nxbs-37dx-rbbh |
|
| 27 |
| vulnerability |
VCID-phrd-92uj-sygr |
|
| 28 |
| vulnerability |
VCID-punr-dfy5-v3g1 |
|
| 29 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 30 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 31 |
| vulnerability |
VCID-u53d-8afk-c3gq |
|
| 32 |
| vulnerability |
VCID-v8hg-78p1-87bh |
|
| 33 |
| vulnerability |
VCID-vr6h-ymzh-1kb2 |
|
| 34 |
| vulnerability |
VCID-vyzr-dkz3-vfg6 |
|
| 35 |
| vulnerability |
VCID-wv4b-pjet-r7d1 |
|
| 36 |
| vulnerability |
VCID-x2hp-rmcn-gbah |
|
| 37 |
| vulnerability |
VCID-xb3c-6rew-z3ba |
|
| 38 |
| vulnerability |
VCID-xu9t-qtjz-bud8 |
|
| 39 |
| vulnerability |
VCID-yh41-twy2-c7c5 |
|
| 40 |
| vulnerability |
VCID-ypwa-2rh9-gyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.2 |
|
|
| aliases |
CVE-2019-12308, GHSA-7rp2-fm2h-wchj, PYSEC-2019-79
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bxu2-wqcg-1ueh |
|
| 11 |
| url |
VCID-evu1-efcj-gfc5 |
| vulnerability_id |
VCID-evu1-efcj-gfc5 |
| summary |
multiple issues |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
| reference_url |
https://seclists.org/bugtraq/2019/Aug/15 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://seclists.org/bugtraq/2019/Aug/15 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.11.23 |
| purl |
pkg:pypi/django@1.11.23 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-7b47-vsfh-y3gh |
|
| 2 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 3 |
| vulnerability |
VCID-arff-yjfe-auhp |
|
| 4 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 5 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 6 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 7 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 8 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 9 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 10 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.23 |
|
| 1 |
| url |
pkg:pypi/django@2.1.11 |
| purl |
pkg:pypi/django@2.1.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-3gvv-5jbs-cfc1 |
|
| 2 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 3 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 4 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 5 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 6 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 7 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 8 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 9 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 10 |
| vulnerability |
VCID-vr6h-ymzh-1kb2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.11 |
|
| 2 |
| url |
pkg:pypi/django@2.2.4 |
| purl |
pkg:pypi/django@2.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-2f2p-wfbs-73hz |
|
| 2 |
| vulnerability |
VCID-3gvv-5jbs-cfc1 |
|
| 3 |
| vulnerability |
VCID-3wbe-pfau-9uhb |
|
| 4 |
| vulnerability |
VCID-5a2y-2m62-1qfa |
|
| 5 |
| vulnerability |
VCID-7b47-vsfh-y3gh |
|
| 6 |
| vulnerability |
VCID-81q1-gytk-2uaq |
|
| 7 |
| vulnerability |
VCID-9hp4-hn21-zkg8 |
|
| 8 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 9 |
| vulnerability |
VCID-arff-yjfe-auhp |
|
| 10 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 11 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 12 |
| vulnerability |
VCID-b81v-3drw-xudf |
|
| 13 |
| vulnerability |
VCID-bbxx-48nj-pqcd |
|
| 14 |
| vulnerability |
VCID-dcv2-gx5a-pfe2 |
|
| 15 |
| vulnerability |
VCID-dqkn-1888-y3er |
|
| 16 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 17 |
| vulnerability |
VCID-fc6y-y2b1-v3d5 |
|
| 18 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 19 |
| vulnerability |
VCID-gxju-xjh2-z7bn |
|
| 20 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 21 |
| vulnerability |
VCID-jzbk-uswz-8ucg |
|
| 22 |
| vulnerability |
VCID-nxbs-37dx-rbbh |
|
| 23 |
| vulnerability |
VCID-punr-dfy5-v3g1 |
|
| 24 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 25 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 26 |
| vulnerability |
VCID-u53d-8afk-c3gq |
|
| 27 |
| vulnerability |
VCID-vr6h-ymzh-1kb2 |
|
| 28 |
| vulnerability |
VCID-vyzr-dkz3-vfg6 |
|
| 29 |
| vulnerability |
VCID-xb3c-6rew-z3ba |
|
| 30 |
| vulnerability |
VCID-xu9t-qtjz-bud8 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.4 |
|
|
| aliases |
CVE-2019-14235, GHSA-v9qg-3j8p-r63v, PYSEC-2019-14
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-evu1-efcj-gfc5 |
|
| 12 |
| url |
VCID-fbee-vj2y-cfeb |
| vulnerability_id |
VCID-fbee-vj2y-cfeb |
| summary |
content spoofing |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
| reference_url |
https://groups.google.com/g/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N |
|
| 1 |
| value |
4.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/ |
|
|
| url |
https://groups.google.com/g/django-announce |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@4.2.22 |
| purl |
pkg:pypi/django@4.2.22 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-32d1-b8f2-hud5 |
|
| 1 |
| vulnerability |
VCID-3d6k-rdsh-k7hm |
|
| 2 |
| vulnerability |
VCID-3vk6-hdbc-2bhz |
|
| 3 |
| vulnerability |
VCID-5fbx-3yfb-fudx |
|
| 4 |
| vulnerability |
VCID-62jv-ab6d-sqdb |
|
| 5 |
| vulnerability |
VCID-63c7-mkxw-ufav |
|
| 6 |
| vulnerability |
VCID-7jbt-5zw2-vff2 |
|
| 7 |
| vulnerability |
VCID-92bp-6kte-tyfs |
|
| 8 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 9 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 10 |
| vulnerability |
VCID-cbsj-1qqg-1ba6 |
|
| 11 |
| vulnerability |
VCID-cg44-thdw-cygg |
|
| 12 |
| vulnerability |
VCID-dac4-fa2z-bkdq |
|
| 13 |
| vulnerability |
VCID-enen-3w2h-g3b8 |
|
| 14 |
| vulnerability |
VCID-heum-8mwz-sbcw |
|
| 15 |
| vulnerability |
VCID-j2uz-w2ur-7ud4 |
|
| 16 |
| vulnerability |
VCID-jma1-9ags-xbfm |
|
| 17 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 18 |
| vulnerability |
VCID-vpgq-jhzc-j7h2 |
|
| 19 |
| vulnerability |
VCID-xmq2-18at-y3gj |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.22 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@5.2.2 |
| purl |
pkg:pypi/django@5.2.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-32d1-b8f2-hud5 |
|
| 1 |
| vulnerability |
VCID-3ccr-92q5-aqfk |
|
| 2 |
| vulnerability |
VCID-3d6k-rdsh-k7hm |
|
| 3 |
| vulnerability |
VCID-3vk6-hdbc-2bhz |
|
| 4 |
| vulnerability |
VCID-5fbx-3yfb-fudx |
|
| 5 |
| vulnerability |
VCID-62jv-ab6d-sqdb |
|
| 6 |
| vulnerability |
VCID-63c7-mkxw-ufav |
|
| 7 |
| vulnerability |
VCID-7jbt-5zw2-vff2 |
|
| 8 |
| vulnerability |
VCID-92bp-6kte-tyfs |
|
| 9 |
| vulnerability |
VCID-92z2-3rbz-77h9 |
|
| 10 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 11 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 12 |
| vulnerability |
VCID-cbsj-1qqg-1ba6 |
|
| 13 |
| vulnerability |
VCID-cg44-thdw-cygg |
|
| 14 |
| vulnerability |
VCID-dac4-fa2z-bkdq |
|
| 15 |
| vulnerability |
VCID-enen-3w2h-g3b8 |
|
| 16 |
| vulnerability |
VCID-g22z-jue5-8udz |
|
| 17 |
| vulnerability |
VCID-heum-8mwz-sbcw |
|
| 18 |
| vulnerability |
VCID-j2uz-w2ur-7ud4 |
|
| 19 |
| vulnerability |
VCID-jma1-9ags-xbfm |
|
| 20 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 21 |
| vulnerability |
VCID-vpgq-jhzc-j7h2 |
|
| 22 |
| vulnerability |
VCID-xmq2-18at-y3gj |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.2 |
|
|
| aliases |
BIT-django-2025-48432, CVE-2025-48432, GHSA-7xr5-9hcq-chf9, PYSEC-2025-47
|
| risk_score |
2.5 |
| exploitability |
0.5 |
| weighted_severity |
4.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fbee-vj2y-cfeb |
|
| 13 |
| url |
VCID-fynq-usj6-rfd3 |
| vulnerability_id |
VCID-fynq-usj6-rfd3 |
| summary |
insufficient validation |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/advisories/GHSA-vfq6-hq5r-27r6 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
CRITICAL |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-vfq6-hq5r-27r6 |
|
| 8 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
| reference_url |
https://seclists.org/bugtraq/2020/Jan/9 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://seclists.org/bugtraq/2020/Jan/9 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
| reference_url |
https://usn.ubuntu.com/4224-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4224-1 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:pypi/django@2.2.9 |
| purl |
pkg:pypi/django@2.2.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-2f2p-wfbs-73hz |
|
| 2 |
| vulnerability |
VCID-3wbe-pfau-9uhb |
|
| 3 |
| vulnerability |
VCID-5a2y-2m62-1qfa |
|
| 4 |
| vulnerability |
VCID-7b47-vsfh-y3gh |
|
| 5 |
| vulnerability |
VCID-81q1-gytk-2uaq |
|
| 6 |
| vulnerability |
VCID-9hp4-hn21-zkg8 |
|
| 7 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 8 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 9 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 10 |
| vulnerability |
VCID-b81v-3drw-xudf |
|
| 11 |
| vulnerability |
VCID-bbxx-48nj-pqcd |
|
| 12 |
| vulnerability |
VCID-dcv2-gx5a-pfe2 |
|
| 13 |
| vulnerability |
VCID-dqkn-1888-y3er |
|
| 14 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 15 |
| vulnerability |
VCID-fc6y-y2b1-v3d5 |
|
| 16 |
| vulnerability |
VCID-gxju-xjh2-z7bn |
|
| 17 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 18 |
| vulnerability |
VCID-jzbk-uswz-8ucg |
|
| 19 |
| vulnerability |
VCID-nxbs-37dx-rbbh |
|
| 20 |
| vulnerability |
VCID-punr-dfy5-v3g1 |
|
| 21 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 22 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 23 |
| vulnerability |
VCID-u53d-8afk-c3gq |
|
| 24 |
| vulnerability |
VCID-vyzr-dkz3-vfg6 |
|
| 25 |
| vulnerability |
VCID-xb3c-6rew-z3ba |
|
| 26 |
| vulnerability |
VCID-xu9t-qtjz-bud8 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.9 |
|
| 2 |
| url |
pkg:pypi/django@3.0.1 |
| purl |
pkg:pypi/django@3.0.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-3wbe-pfau-9uhb |
|
| 2 |
| vulnerability |
VCID-5a2y-2m62-1qfa |
|
| 3 |
| vulnerability |
VCID-7b47-vsfh-y3gh |
|
| 4 |
| vulnerability |
VCID-9hp4-hn21-zkg8 |
|
| 5 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 6 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 7 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 8 |
| vulnerability |
VCID-b81v-3drw-xudf |
|
| 9 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 10 |
| vulnerability |
VCID-fc6y-y2b1-v3d5 |
|
| 11 |
| vulnerability |
VCID-gxju-xjh2-z7bn |
|
| 12 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 13 |
| vulnerability |
VCID-nxbs-37dx-rbbh |
|
| 14 |
| vulnerability |
VCID-punr-dfy5-v3g1 |
|
| 15 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 16 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 17 |
| vulnerability |
VCID-xb3c-6rew-z3ba |
|
| 18 |
| vulnerability |
VCID-xu9t-qtjz-bud8 |
|
| 19 |
| vulnerability |
VCID-zvet-h29t-tub8 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.1 |
|
|
| aliases |
CVE-2019-19844, GHSA-vfq6-hq5r-27r6, PYSEC-2019-16
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fynq-usj6-rfd3 |
|
| 14 |
| url |
VCID-had1-mb3z-23dy |
| vulnerability_id |
VCID-had1-mb3z-23dy |
| summary |
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.strip_tags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.11.23 |
| purl |
pkg:pypi/django@1.11.23 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-7b47-vsfh-y3gh |
|
| 2 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 3 |
| vulnerability |
VCID-arff-yjfe-auhp |
|
| 4 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 5 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 6 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 7 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 8 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 9 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 10 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.23 |
|
| 1 |
| url |
pkg:pypi/django@2.1.11 |
| purl |
pkg:pypi/django@2.1.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-3gvv-5jbs-cfc1 |
|
| 2 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 3 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 4 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 5 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 6 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 7 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 8 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 9 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 10 |
| vulnerability |
VCID-vr6h-ymzh-1kb2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.11 |
|
| 2 |
| url |
pkg:pypi/django@2.2.4 |
| purl |
pkg:pypi/django@2.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-2f2p-wfbs-73hz |
|
| 2 |
| vulnerability |
VCID-3gvv-5jbs-cfc1 |
|
| 3 |
| vulnerability |
VCID-3wbe-pfau-9uhb |
|
| 4 |
| vulnerability |
VCID-5a2y-2m62-1qfa |
|
| 5 |
| vulnerability |
VCID-7b47-vsfh-y3gh |
|
| 6 |
| vulnerability |
VCID-81q1-gytk-2uaq |
|
| 7 |
| vulnerability |
VCID-9hp4-hn21-zkg8 |
|
| 8 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 9 |
| vulnerability |
VCID-arff-yjfe-auhp |
|
| 10 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 11 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 12 |
| vulnerability |
VCID-b81v-3drw-xudf |
|
| 13 |
| vulnerability |
VCID-bbxx-48nj-pqcd |
|
| 14 |
| vulnerability |
VCID-dcv2-gx5a-pfe2 |
|
| 15 |
| vulnerability |
VCID-dqkn-1888-y3er |
|
| 16 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 17 |
| vulnerability |
VCID-fc6y-y2b1-v3d5 |
|
| 18 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 19 |
| vulnerability |
VCID-gxju-xjh2-z7bn |
|
| 20 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 21 |
| vulnerability |
VCID-jzbk-uswz-8ucg |
|
| 22 |
| vulnerability |
VCID-nxbs-37dx-rbbh |
|
| 23 |
| vulnerability |
VCID-punr-dfy5-v3g1 |
|
| 24 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 25 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 26 |
| vulnerability |
VCID-u53d-8afk-c3gq |
|
| 27 |
| vulnerability |
VCID-vr6h-ymzh-1kb2 |
|
| 28 |
| vulnerability |
VCID-vyzr-dkz3-vfg6 |
|
| 29 |
| vulnerability |
VCID-xb3c-6rew-z3ba |
|
| 30 |
| vulnerability |
VCID-xu9t-qtjz-bud8 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.4 |
|
|
| aliases |
PYSEC-2019-82
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-had1-mb3z-23dy |
|
| 15 |
| url |
VCID-hzcv-euwq-eqeg |
| vulnerability_id |
VCID-hzcv-euwq-eqeg |
| summary |
multiple issues |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://github.com/advisories/GHSA-68w8-qjq3-2gfm |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-68w8-qjq3-2gfm |
|
| 6 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@2.2.24 |
| purl |
pkg:pypi/django@2.2.24 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f2p-wfbs-73hz |
|
| 1 |
| vulnerability |
VCID-81q1-gytk-2uaq |
|
| 2 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 3 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 4 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 5 |
| vulnerability |
VCID-bbxx-48nj-pqcd |
|
| 6 |
| vulnerability |
VCID-dcv2-gx5a-pfe2 |
|
| 7 |
| vulnerability |
VCID-dqkn-1888-y3er |
|
| 8 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 9 |
| vulnerability |
VCID-fc6y-y2b1-v3d5 |
|
| 10 |
| vulnerability |
VCID-jzbk-uswz-8ucg |
|
| 11 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 12 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 13 |
| vulnerability |
VCID-vyzr-dkz3-vfg6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.24 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@3.2.4 |
| purl |
pkg:pypi/django@3.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f2p-wfbs-73hz |
|
| 1 |
| vulnerability |
VCID-5k3f-9smv-8bev |
|
| 2 |
| vulnerability |
VCID-6bct-bfhb-xugt |
|
| 3 |
| vulnerability |
VCID-7u6e-a3ng-fude |
|
| 4 |
| vulnerability |
VCID-81q1-gytk-2uaq |
|
| 5 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 6 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 7 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 8 |
| vulnerability |
VCID-bbxx-48nj-pqcd |
|
| 9 |
| vulnerability |
VCID-bjn5-qpmt-qffx |
|
| 10 |
| vulnerability |
VCID-ctk2-ykg7-h7ag |
|
| 11 |
| vulnerability |
VCID-dcv2-gx5a-pfe2 |
|
| 12 |
| vulnerability |
VCID-dqkn-1888-y3er |
|
| 13 |
| vulnerability |
VCID-e2p6-m8gu-jbfu |
|
| 14 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 15 |
| vulnerability |
VCID-fc6y-y2b1-v3d5 |
|
| 16 |
| vulnerability |
VCID-fwkd-bq8u-9kg8 |
|
| 17 |
| vulnerability |
VCID-jzbk-uswz-8ucg |
|
| 18 |
| vulnerability |
VCID-kmv2-339j-8ugc |
|
| 19 |
| vulnerability |
VCID-nyy8-t17r-syex |
|
| 20 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 21 |
| vulnerability |
VCID-rn9d-fd73-3kb9 |
|
| 22 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 23 |
| vulnerability |
VCID-vyzr-dkz3-vfg6 |
|
| 24 |
| vulnerability |
VCID-x4s4-qav9-xbet |
|
| 25 |
| vulnerability |
VCID-zvet-h29t-tub8 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.4 |
|
|
| aliases |
BIT-django-2021-33203, CVE-2021-33203, GHSA-68w8-qjq3-2gfm, PYSEC-2021-98
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hzcv-euwq-eqeg |
|
| 16 |
| url |
VCID-j1jc-m7e2-5yck |
| vulnerability_id |
VCID-j1jc-m7e2-5yck |
| summary |
denial of service |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
| reference_url |
https://github.com/advisories/GHSA-r28v-mw67-m5p9 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-r28v-mw67-m5p9 |
|
| 9 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
| reference_url |
https://usn.ubuntu.com/3591-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/3591-1 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.11.11 |
| purl |
pkg:pypi/django@1.11.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-2jvg-udsm-nkax |
|
| 2 |
| vulnerability |
VCID-6s18-ssym-1bd6 |
|
| 3 |
| vulnerability |
VCID-7b47-vsfh-y3gh |
|
| 4 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 5 |
| vulnerability |
VCID-arff-yjfe-auhp |
|
| 6 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 7 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 8 |
| vulnerability |
VCID-bxu2-wqcg-1ueh |
|
| 9 |
| vulnerability |
VCID-evu1-efcj-gfc5 |
|
| 10 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 11 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 12 |
| vulnerability |
VCID-had1-mb3z-23dy |
|
| 13 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 14 |
| vulnerability |
VCID-k3fv-7e29-bfep |
|
| 15 |
| vulnerability |
VCID-myrv-evr9-8kd4 |
|
| 16 |
| vulnerability |
VCID-n9cz-g44c-4fht |
|
| 17 |
| vulnerability |
VCID-phrd-92uj-sygr |
|
| 18 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 19 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 20 |
| vulnerability |
VCID-v8hg-78p1-87bh |
|
| 21 |
| vulnerability |
VCID-wj2g-v6dz-2yeq |
|
| 22 |
| vulnerability |
VCID-wsx7-6bfa-pugr |
|
| 23 |
| vulnerability |
VCID-wv4b-pjet-r7d1 |
|
| 24 |
| vulnerability |
VCID-x2hp-rmcn-gbah |
|
| 25 |
| vulnerability |
VCID-yc5g-k96t-qub7 |
|
| 26 |
| vulnerability |
VCID-yh41-twy2-c7c5 |
|
| 27 |
| vulnerability |
VCID-ypwa-2rh9-gyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.11 |
|
| 1 |
| url |
pkg:pypi/django@2.0.3 |
| purl |
pkg:pypi/django@2.0.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-2jvg-udsm-nkax |
|
| 2 |
| vulnerability |
VCID-795n-caf2-fbcq |
|
| 3 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 4 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 5 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 6 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 7 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 8 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 9 |
| vulnerability |
VCID-myrv-evr9-8kd4 |
|
| 10 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 11 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 12 |
| vulnerability |
VCID-wj2g-v6dz-2yeq |
|
| 13 |
| vulnerability |
VCID-wsx7-6bfa-pugr |
|
| 14 |
| vulnerability |
VCID-yc5g-k96t-qub7 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.0.3 |
|
|
| aliases |
CVE-2018-7536, GHSA-r28v-mw67-m5p9, PYSEC-2018-5
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-j1jc-m7e2-5yck |
|
| 17 |
| url |
VCID-k3fv-7e29-bfep |
| vulnerability_id |
VCID-k3fv-7e29-bfep |
| summary |
An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provided as a URL query parameter payload, could result in an clickable JavaScript link. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.11.21 |
| purl |
pkg:pypi/django@1.11.21 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-6s18-ssym-1bd6 |
|
| 2 |
| vulnerability |
VCID-7b47-vsfh-y3gh |
|
| 3 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 4 |
| vulnerability |
VCID-arff-yjfe-auhp |
|
| 5 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 6 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 7 |
| vulnerability |
VCID-evu1-efcj-gfc5 |
|
| 8 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 9 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 10 |
| vulnerability |
VCID-had1-mb3z-23dy |
|
| 11 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 12 |
| vulnerability |
VCID-n9cz-g44c-4fht |
|
| 13 |
| vulnerability |
VCID-phrd-92uj-sygr |
|
| 14 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 15 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 16 |
| vulnerability |
VCID-v8hg-78p1-87bh |
|
| 17 |
| vulnerability |
VCID-wv4b-pjet-r7d1 |
|
| 18 |
| vulnerability |
VCID-x2hp-rmcn-gbah |
|
| 19 |
| vulnerability |
VCID-yh41-twy2-c7c5 |
|
| 20 |
| vulnerability |
VCID-ypwa-2rh9-gyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.21 |
|
| 1 |
| url |
pkg:pypi/django@2.1.9 |
| purl |
pkg:pypi/django@2.1.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-3gvv-5jbs-cfc1 |
|
| 2 |
| vulnerability |
VCID-6s18-ssym-1bd6 |
|
| 3 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 4 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 5 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 6 |
| vulnerability |
VCID-evu1-efcj-gfc5 |
|
| 7 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 8 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 9 |
| vulnerability |
VCID-had1-mb3z-23dy |
|
| 10 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 11 |
| vulnerability |
VCID-n9cz-g44c-4fht |
|
| 12 |
| vulnerability |
VCID-phrd-92uj-sygr |
|
| 13 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 14 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 15 |
| vulnerability |
VCID-v8hg-78p1-87bh |
|
| 16 |
| vulnerability |
VCID-vr6h-ymzh-1kb2 |
|
| 17 |
| vulnerability |
VCID-wv4b-pjet-r7d1 |
|
| 18 |
| vulnerability |
VCID-x2hp-rmcn-gbah |
|
| 19 |
| vulnerability |
VCID-yh41-twy2-c7c5 |
|
| 20 |
| vulnerability |
VCID-ypwa-2rh9-gyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.9 |
|
| 2 |
| url |
pkg:pypi/django@2.2.2 |
| purl |
pkg:pypi/django@2.2.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-2f2p-wfbs-73hz |
|
| 2 |
| vulnerability |
VCID-3gvv-5jbs-cfc1 |
|
| 3 |
| vulnerability |
VCID-3wbe-pfau-9uhb |
|
| 4 |
| vulnerability |
VCID-5a2y-2m62-1qfa |
|
| 5 |
| vulnerability |
VCID-6s18-ssym-1bd6 |
|
| 6 |
| vulnerability |
VCID-7b47-vsfh-y3gh |
|
| 7 |
| vulnerability |
VCID-81q1-gytk-2uaq |
|
| 8 |
| vulnerability |
VCID-9hp4-hn21-zkg8 |
|
| 9 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 10 |
| vulnerability |
VCID-arff-yjfe-auhp |
|
| 11 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 12 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 13 |
| vulnerability |
VCID-b81v-3drw-xudf |
|
| 14 |
| vulnerability |
VCID-bbxx-48nj-pqcd |
|
| 15 |
| vulnerability |
VCID-dcv2-gx5a-pfe2 |
|
| 16 |
| vulnerability |
VCID-dqkn-1888-y3er |
|
| 17 |
| vulnerability |
VCID-evu1-efcj-gfc5 |
|
| 18 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 19 |
| vulnerability |
VCID-fc6y-y2b1-v3d5 |
|
| 20 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 21 |
| vulnerability |
VCID-gxju-xjh2-z7bn |
|
| 22 |
| vulnerability |
VCID-had1-mb3z-23dy |
|
| 23 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 24 |
| vulnerability |
VCID-jzbk-uswz-8ucg |
|
| 25 |
| vulnerability |
VCID-n9cz-g44c-4fht |
|
| 26 |
| vulnerability |
VCID-nxbs-37dx-rbbh |
|
| 27 |
| vulnerability |
VCID-phrd-92uj-sygr |
|
| 28 |
| vulnerability |
VCID-punr-dfy5-v3g1 |
|
| 29 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 30 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 31 |
| vulnerability |
VCID-u53d-8afk-c3gq |
|
| 32 |
| vulnerability |
VCID-v8hg-78p1-87bh |
|
| 33 |
| vulnerability |
VCID-vr6h-ymzh-1kb2 |
|
| 34 |
| vulnerability |
VCID-vyzr-dkz3-vfg6 |
|
| 35 |
| vulnerability |
VCID-wv4b-pjet-r7d1 |
|
| 36 |
| vulnerability |
VCID-x2hp-rmcn-gbah |
|
| 37 |
| vulnerability |
VCID-xb3c-6rew-z3ba |
|
| 38 |
| vulnerability |
VCID-xu9t-qtjz-bud8 |
|
| 39 |
| vulnerability |
VCID-yh41-twy2-c7c5 |
|
| 40 |
| vulnerability |
VCID-ypwa-2rh9-gyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.2 |
|
|
| aliases |
PYSEC-2019-9
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-k3fv-7e29-bfep |
|
| 18 |
| url |
VCID-myrv-evr9-8kd4 |
| vulnerability_id |
VCID-myrv-evr9-8kd4 |
| summary |
In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.11.18 |
| purl |
pkg:pypi/django@1.11.18 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-6s18-ssym-1bd6 |
|
| 2 |
| vulnerability |
VCID-7b47-vsfh-y3gh |
|
| 3 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 4 |
| vulnerability |
VCID-arff-yjfe-auhp |
|
| 5 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 6 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 7 |
| vulnerability |
VCID-bxu2-wqcg-1ueh |
|
| 8 |
| vulnerability |
VCID-evu1-efcj-gfc5 |
|
| 9 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 10 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 11 |
| vulnerability |
VCID-had1-mb3z-23dy |
|
| 12 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 13 |
| vulnerability |
VCID-k3fv-7e29-bfep |
|
| 14 |
| vulnerability |
VCID-n9cz-g44c-4fht |
|
| 15 |
| vulnerability |
VCID-phrd-92uj-sygr |
|
| 16 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 17 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 18 |
| vulnerability |
VCID-v8hg-78p1-87bh |
|
| 19 |
| vulnerability |
VCID-wj2g-v6dz-2yeq |
|
| 20 |
| vulnerability |
VCID-wv4b-pjet-r7d1 |
|
| 21 |
| vulnerability |
VCID-x2hp-rmcn-gbah |
|
| 22 |
| vulnerability |
VCID-yc5g-k96t-qub7 |
|
| 23 |
| vulnerability |
VCID-yh41-twy2-c7c5 |
|
| 24 |
| vulnerability |
VCID-ypwa-2rh9-gyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.18 |
|
| 1 |
| url |
pkg:pypi/django@2.0.10 |
| purl |
pkg:pypi/django@2.0.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-795n-caf2-fbcq |
|
| 2 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 3 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 4 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 5 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 6 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 7 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 8 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 9 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 10 |
| vulnerability |
VCID-wj2g-v6dz-2yeq |
|
| 11 |
| vulnerability |
VCID-yc5g-k96t-qub7 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.0.10 |
|
| 2 |
| url |
pkg:pypi/django@2.1.5 |
| purl |
pkg:pypi/django@2.1.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-3gvv-5jbs-cfc1 |
|
| 2 |
| vulnerability |
VCID-6s18-ssym-1bd6 |
|
| 3 |
| vulnerability |
VCID-795n-caf2-fbcq |
|
| 4 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 5 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 6 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 7 |
| vulnerability |
VCID-bxu2-wqcg-1ueh |
|
| 8 |
| vulnerability |
VCID-evu1-efcj-gfc5 |
|
| 9 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 10 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 11 |
| vulnerability |
VCID-had1-mb3z-23dy |
|
| 12 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 13 |
| vulnerability |
VCID-k3fv-7e29-bfep |
|
| 14 |
| vulnerability |
VCID-n9cz-g44c-4fht |
|
| 15 |
| vulnerability |
VCID-phrd-92uj-sygr |
|
| 16 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 17 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 18 |
| vulnerability |
VCID-v8hg-78p1-87bh |
|
| 19 |
| vulnerability |
VCID-vr6h-ymzh-1kb2 |
|
| 20 |
| vulnerability |
VCID-wj2g-v6dz-2yeq |
|
| 21 |
| vulnerability |
VCID-wv4b-pjet-r7d1 |
|
| 22 |
| vulnerability |
VCID-x2hp-rmcn-gbah |
|
| 23 |
| vulnerability |
VCID-yc5g-k96t-qub7 |
|
| 24 |
| vulnerability |
VCID-yh41-twy2-c7c5 |
|
| 25 |
| vulnerability |
VCID-ypwa-2rh9-gyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.5 |
|
|
| aliases |
PYSEC-2019-87
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-myrv-evr9-8kd4 |
|
| 19 |
| url |
VCID-n9cz-g44c-4fht |
| vulnerability_id |
VCID-n9cz-g44c-4fht |
| summary |
multiple issues |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
| reference_url |
https://seclists.org/bugtraq/2019/Aug/15 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://seclists.org/bugtraq/2019/Aug/15 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.11.23 |
| purl |
pkg:pypi/django@1.11.23 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-7b47-vsfh-y3gh |
|
| 2 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 3 |
| vulnerability |
VCID-arff-yjfe-auhp |
|
| 4 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 5 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 6 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 7 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 8 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 9 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 10 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.23 |
|
| 1 |
| url |
pkg:pypi/django@2.1.11 |
| purl |
pkg:pypi/django@2.1.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-3gvv-5jbs-cfc1 |
|
| 2 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 3 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 4 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 5 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 6 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 7 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 8 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 9 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 10 |
| vulnerability |
VCID-vr6h-ymzh-1kb2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.11 |
|
| 2 |
| url |
pkg:pypi/django@2.2.4 |
| purl |
pkg:pypi/django@2.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-2f2p-wfbs-73hz |
|
| 2 |
| vulnerability |
VCID-3gvv-5jbs-cfc1 |
|
| 3 |
| vulnerability |
VCID-3wbe-pfau-9uhb |
|
| 4 |
| vulnerability |
VCID-5a2y-2m62-1qfa |
|
| 5 |
| vulnerability |
VCID-7b47-vsfh-y3gh |
|
| 6 |
| vulnerability |
VCID-81q1-gytk-2uaq |
|
| 7 |
| vulnerability |
VCID-9hp4-hn21-zkg8 |
|
| 8 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 9 |
| vulnerability |
VCID-arff-yjfe-auhp |
|
| 10 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 11 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 12 |
| vulnerability |
VCID-b81v-3drw-xudf |
|
| 13 |
| vulnerability |
VCID-bbxx-48nj-pqcd |
|
| 14 |
| vulnerability |
VCID-dcv2-gx5a-pfe2 |
|
| 15 |
| vulnerability |
VCID-dqkn-1888-y3er |
|
| 16 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 17 |
| vulnerability |
VCID-fc6y-y2b1-v3d5 |
|
| 18 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 19 |
| vulnerability |
VCID-gxju-xjh2-z7bn |
|
| 20 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 21 |
| vulnerability |
VCID-jzbk-uswz-8ucg |
|
| 22 |
| vulnerability |
VCID-nxbs-37dx-rbbh |
|
| 23 |
| vulnerability |
VCID-punr-dfy5-v3g1 |
|
| 24 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 25 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 26 |
| vulnerability |
VCID-u53d-8afk-c3gq |
|
| 27 |
| vulnerability |
VCID-vr6h-ymzh-1kb2 |
|
| 28 |
| vulnerability |
VCID-vyzr-dkz3-vfg6 |
|
| 29 |
| vulnerability |
VCID-xb3c-6rew-z3ba |
|
| 30 |
| vulnerability |
VCID-xu9t-qtjz-bud8 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.4 |
|
|
| aliases |
CVE-2019-14233, GHSA-h5jv-4p7w-64jg, PYSEC-2019-12
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-n9cz-g44c-4fht |
|
| 20 |
| url |
VCID-phrd-92uj-sygr |
| vulnerability_id |
VCID-phrd-92uj-sygr |
| summary |
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.11.23 |
| purl |
pkg:pypi/django@1.11.23 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-7b47-vsfh-y3gh |
|
| 2 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 3 |
| vulnerability |
VCID-arff-yjfe-auhp |
|
| 4 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 5 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 6 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 7 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 8 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 9 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 10 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.23 |
|
| 1 |
| url |
pkg:pypi/django@2.1.11 |
| purl |
pkg:pypi/django@2.1.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-3gvv-5jbs-cfc1 |
|
| 2 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 3 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 4 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 5 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 6 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 7 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 8 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 9 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 10 |
| vulnerability |
VCID-vr6h-ymzh-1kb2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.11 |
|
| 2 |
| url |
pkg:pypi/django@2.2.4 |
| purl |
pkg:pypi/django@2.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-2f2p-wfbs-73hz |
|
| 2 |
| vulnerability |
VCID-3gvv-5jbs-cfc1 |
|
| 3 |
| vulnerability |
VCID-3wbe-pfau-9uhb |
|
| 4 |
| vulnerability |
VCID-5a2y-2m62-1qfa |
|
| 5 |
| vulnerability |
VCID-7b47-vsfh-y3gh |
|
| 6 |
| vulnerability |
VCID-81q1-gytk-2uaq |
|
| 7 |
| vulnerability |
VCID-9hp4-hn21-zkg8 |
|
| 8 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 9 |
| vulnerability |
VCID-arff-yjfe-auhp |
|
| 10 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 11 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 12 |
| vulnerability |
VCID-b81v-3drw-xudf |
|
| 13 |
| vulnerability |
VCID-bbxx-48nj-pqcd |
|
| 14 |
| vulnerability |
VCID-dcv2-gx5a-pfe2 |
|
| 15 |
| vulnerability |
VCID-dqkn-1888-y3er |
|
| 16 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 17 |
| vulnerability |
VCID-fc6y-y2b1-v3d5 |
|
| 18 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 19 |
| vulnerability |
VCID-gxju-xjh2-z7bn |
|
| 20 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 21 |
| vulnerability |
VCID-jzbk-uswz-8ucg |
|
| 22 |
| vulnerability |
VCID-nxbs-37dx-rbbh |
|
| 23 |
| vulnerability |
VCID-punr-dfy5-v3g1 |
|
| 24 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 25 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 26 |
| vulnerability |
VCID-u53d-8afk-c3gq |
|
| 27 |
| vulnerability |
VCID-vr6h-ymzh-1kb2 |
|
| 28 |
| vulnerability |
VCID-vyzr-dkz3-vfg6 |
|
| 29 |
| vulnerability |
VCID-xb3c-6rew-z3ba |
|
| 30 |
| vulnerability |
VCID-xu9t-qtjz-bud8 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.4 |
|
|
| aliases |
PYSEC-2019-81
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-phrd-92uj-sygr |
|
| 21 |
| url |
VCID-qg2s-fuw3-nbda |
| vulnerability_id |
VCID-qg2s-fuw3-nbda |
| summary |
|
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@3.2.15 |
| purl |
pkg:pypi/django@3.2.15 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-5k3f-9smv-8bev |
|
| 1 |
| vulnerability |
VCID-7u6e-a3ng-fude |
|
| 2 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 3 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 4 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 5 |
| vulnerability |
VCID-bjn5-qpmt-qffx |
|
| 6 |
| vulnerability |
VCID-ctk2-ykg7-h7ag |
|
| 7 |
| vulnerability |
VCID-e2p6-m8gu-jbfu |
|
| 8 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 9 |
| vulnerability |
VCID-fwkd-bq8u-9kg8 |
|
| 10 |
| vulnerability |
VCID-kmv2-339j-8ugc |
|
| 11 |
| vulnerability |
VCID-nyy8-t17r-syex |
|
| 12 |
| vulnerability |
VCID-rn9d-fd73-3kb9 |
|
| 13 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 14 |
| vulnerability |
VCID-x4s4-qav9-xbet |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.15 |
|
| 1 |
| url |
pkg:pypi/django@4.0.7 |
| purl |
pkg:pypi/django@4.0.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-5k3f-9smv-8bev |
|
| 1 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 2 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 3 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 4 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 5 |
| vulnerability |
VCID-fwkd-bq8u-9kg8 |
|
| 6 |
| vulnerability |
VCID-kmv2-339j-8ugc |
|
| 7 |
| vulnerability |
VCID-nyy8-t17r-syex |
|
| 8 |
| vulnerability |
VCID-rn9d-fd73-3kb9 |
|
| 9 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.7 |
|
|
| aliases |
BIT-django-2022-36359, CVE-2022-36359, GHSA-8x94-hmjh-97hq, PYSEC-2022-245
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qg2s-fuw3-nbda |
|
| 22 |
| url |
VCID-u15a-4ste-43cy |
| vulnerability_id |
VCID-u15a-4ste-43cy |
| summary |
An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.
The methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank cyberstan for reporting this issue. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@4.2.26 |
| purl |
pkg:pypi/django@4.2.26 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-32d1-b8f2-hud5 |
|
| 1 |
| vulnerability |
VCID-3d6k-rdsh-k7hm |
|
| 2 |
| vulnerability |
VCID-3vk6-hdbc-2bhz |
|
| 3 |
| vulnerability |
VCID-5fbx-3yfb-fudx |
|
| 4 |
| vulnerability |
VCID-62jv-ab6d-sqdb |
|
| 5 |
| vulnerability |
VCID-63c7-mkxw-ufav |
|
| 6 |
| vulnerability |
VCID-7jbt-5zw2-vff2 |
|
| 7 |
| vulnerability |
VCID-92bp-6kte-tyfs |
|
| 8 |
| vulnerability |
VCID-cbsj-1qqg-1ba6 |
|
| 9 |
| vulnerability |
VCID-cg44-thdw-cygg |
|
| 10 |
| vulnerability |
VCID-dac4-fa2z-bkdq |
|
| 11 |
| vulnerability |
VCID-enen-3w2h-g3b8 |
|
| 12 |
| vulnerability |
VCID-heum-8mwz-sbcw |
|
| 13 |
| vulnerability |
VCID-j2uz-w2ur-7ud4 |
|
| 14 |
| vulnerability |
VCID-jma1-9ags-xbfm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.26 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@5.2.8 |
| purl |
pkg:pypi/django@5.2.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-32d1-b8f2-hud5 |
|
| 1 |
| vulnerability |
VCID-3ccr-92q5-aqfk |
|
| 2 |
| vulnerability |
VCID-3d6k-rdsh-k7hm |
|
| 3 |
| vulnerability |
VCID-3vk6-hdbc-2bhz |
|
| 4 |
| vulnerability |
VCID-5fbx-3yfb-fudx |
|
| 5 |
| vulnerability |
VCID-62jv-ab6d-sqdb |
|
| 6 |
| vulnerability |
VCID-63c7-mkxw-ufav |
|
| 7 |
| vulnerability |
VCID-7jbt-5zw2-vff2 |
|
| 8 |
| vulnerability |
VCID-92bp-6kte-tyfs |
|
| 9 |
| vulnerability |
VCID-92z2-3rbz-77h9 |
|
| 10 |
| vulnerability |
VCID-cbsj-1qqg-1ba6 |
|
| 11 |
| vulnerability |
VCID-cg44-thdw-cygg |
|
| 12 |
| vulnerability |
VCID-dac4-fa2z-bkdq |
|
| 13 |
| vulnerability |
VCID-enen-3w2h-g3b8 |
|
| 14 |
| vulnerability |
VCID-g22z-jue5-8udz |
|
| 15 |
| vulnerability |
VCID-heum-8mwz-sbcw |
|
| 16 |
| vulnerability |
VCID-j2uz-w2ur-7ud4 |
|
| 17 |
| vulnerability |
VCID-jma1-9ags-xbfm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.8 |
|
| 3 |
|
|
| aliases |
BIT-django-2025-64459, CVE-2025-64459, GHSA-frmv-pr5f-9mcr, PYSEC-2025-108
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-u15a-4ste-43cy |
|
| 23 |
| url |
VCID-v8hg-78p1-87bh |
| vulnerability_id |
VCID-v8hg-78p1-87bh |
| summary |
multiple issues |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
| reference_url |
https://github.com/advisories/GHSA-6r97-cj55-9hrq |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
CRITICAL |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-6r97-cj55-9hrq |
|
| 11 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
| reference_url |
https://seclists.org/bugtraq/2019/Aug/15 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://seclists.org/bugtraq/2019/Aug/15 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.11.23 |
| purl |
pkg:pypi/django@1.11.23 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-7b47-vsfh-y3gh |
|
| 2 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 3 |
| vulnerability |
VCID-arff-yjfe-auhp |
|
| 4 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 5 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 6 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 7 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 8 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 9 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 10 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.23 |
|
| 1 |
| url |
pkg:pypi/django@2.1.11 |
| purl |
pkg:pypi/django@2.1.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-3gvv-5jbs-cfc1 |
|
| 2 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 3 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 4 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 5 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 6 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 7 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 8 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 9 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 10 |
| vulnerability |
VCID-vr6h-ymzh-1kb2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.11 |
|
| 2 |
| url |
pkg:pypi/django@2.2.4 |
| purl |
pkg:pypi/django@2.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-2f2p-wfbs-73hz |
|
| 2 |
| vulnerability |
VCID-3gvv-5jbs-cfc1 |
|
| 3 |
| vulnerability |
VCID-3wbe-pfau-9uhb |
|
| 4 |
| vulnerability |
VCID-5a2y-2m62-1qfa |
|
| 5 |
| vulnerability |
VCID-7b47-vsfh-y3gh |
|
| 6 |
| vulnerability |
VCID-81q1-gytk-2uaq |
|
| 7 |
| vulnerability |
VCID-9hp4-hn21-zkg8 |
|
| 8 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 9 |
| vulnerability |
VCID-arff-yjfe-auhp |
|
| 10 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 11 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 12 |
| vulnerability |
VCID-b81v-3drw-xudf |
|
| 13 |
| vulnerability |
VCID-bbxx-48nj-pqcd |
|
| 14 |
| vulnerability |
VCID-dcv2-gx5a-pfe2 |
|
| 15 |
| vulnerability |
VCID-dqkn-1888-y3er |
|
| 16 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 17 |
| vulnerability |
VCID-fc6y-y2b1-v3d5 |
|
| 18 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 19 |
| vulnerability |
VCID-gxju-xjh2-z7bn |
|
| 20 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 21 |
| vulnerability |
VCID-jzbk-uswz-8ucg |
|
| 22 |
| vulnerability |
VCID-nxbs-37dx-rbbh |
|
| 23 |
| vulnerability |
VCID-punr-dfy5-v3g1 |
|
| 24 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 25 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 26 |
| vulnerability |
VCID-u53d-8afk-c3gq |
|
| 27 |
| vulnerability |
VCID-vr6h-ymzh-1kb2 |
|
| 28 |
| vulnerability |
VCID-vyzr-dkz3-vfg6 |
|
| 29 |
| vulnerability |
VCID-xb3c-6rew-z3ba |
|
| 30 |
| vulnerability |
VCID-xu9t-qtjz-bud8 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.4 |
|
|
| aliases |
CVE-2019-14234, GHSA-6r97-cj55-9hrq, PYSEC-2019-13
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-v8hg-78p1-87bh |
|
| 24 |
| url |
VCID-wj2g-v6dz-2yeq |
| vulnerability_id |
VCID-wj2g-v6dz-2yeq |
| summary |
denial of service |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
| reference_url |
https://seclists.org/bugtraq/2019/Jul/10 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://seclists.org/bugtraq/2019/Jul/10 |
|
| 20 |
| reference_url |
https://usn.ubuntu.com/3890-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/3890-1 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:pypi/django@1.11.20 |
| purl |
pkg:pypi/django@1.11.20 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-6s18-ssym-1bd6 |
|
| 2 |
| vulnerability |
VCID-7b47-vsfh-y3gh |
|
| 3 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 4 |
| vulnerability |
VCID-arff-yjfe-auhp |
|
| 5 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 6 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 7 |
| vulnerability |
VCID-bxu2-wqcg-1ueh |
|
| 8 |
| vulnerability |
VCID-evu1-efcj-gfc5 |
|
| 9 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 10 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 11 |
| vulnerability |
VCID-had1-mb3z-23dy |
|
| 12 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 13 |
| vulnerability |
VCID-k3fv-7e29-bfep |
|
| 14 |
| vulnerability |
VCID-n9cz-g44c-4fht |
|
| 15 |
| vulnerability |
VCID-phrd-92uj-sygr |
|
| 16 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 17 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 18 |
| vulnerability |
VCID-v8hg-78p1-87bh |
|
| 19 |
| vulnerability |
VCID-wv4b-pjet-r7d1 |
|
| 20 |
| vulnerability |
VCID-x2hp-rmcn-gbah |
|
| 21 |
| vulnerability |
VCID-yh41-twy2-c7c5 |
|
| 22 |
| vulnerability |
VCID-ypwa-2rh9-gyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.20 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| url |
pkg:pypi/django@2.1.7 |
| purl |
pkg:pypi/django@2.1.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-3gvv-5jbs-cfc1 |
|
| 2 |
| vulnerability |
VCID-6s18-ssym-1bd6 |
|
| 3 |
| vulnerability |
VCID-795n-caf2-fbcq |
|
| 4 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 5 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 6 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 7 |
| vulnerability |
VCID-bxu2-wqcg-1ueh |
|
| 8 |
| vulnerability |
VCID-evu1-efcj-gfc5 |
|
| 9 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 10 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 11 |
| vulnerability |
VCID-had1-mb3z-23dy |
|
| 12 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 13 |
| vulnerability |
VCID-k3fv-7e29-bfep |
|
| 14 |
| vulnerability |
VCID-n9cz-g44c-4fht |
|
| 15 |
| vulnerability |
VCID-phrd-92uj-sygr |
|
| 16 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 17 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 18 |
| vulnerability |
VCID-v8hg-78p1-87bh |
|
| 19 |
| vulnerability |
VCID-vr6h-ymzh-1kb2 |
|
| 20 |
| vulnerability |
VCID-wv4b-pjet-r7d1 |
|
| 21 |
| vulnerability |
VCID-x2hp-rmcn-gbah |
|
| 22 |
| vulnerability |
VCID-yh41-twy2-c7c5 |
|
| 23 |
| vulnerability |
VCID-ypwa-2rh9-gyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.7 |
|
|
| aliases |
CVE-2019-6975, GHSA-wh4h-v3f2-r2pp, PYSEC-2019-18
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wj2g-v6dz-2yeq |
|
| 25 |
| url |
VCID-wsx7-6bfa-pugr |
| vulnerability_id |
VCID-wsx7-6bfa-pugr |
| summary |
content spoofing |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
| reference_url |
https://usn.ubuntu.com/3851-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/3851-1 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.11.18 |
| purl |
pkg:pypi/django@1.11.18 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-6s18-ssym-1bd6 |
|
| 2 |
| vulnerability |
VCID-7b47-vsfh-y3gh |
|
| 3 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 4 |
| vulnerability |
VCID-arff-yjfe-auhp |
|
| 5 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 6 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 7 |
| vulnerability |
VCID-bxu2-wqcg-1ueh |
|
| 8 |
| vulnerability |
VCID-evu1-efcj-gfc5 |
|
| 9 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 10 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 11 |
| vulnerability |
VCID-had1-mb3z-23dy |
|
| 12 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 13 |
| vulnerability |
VCID-k3fv-7e29-bfep |
|
| 14 |
| vulnerability |
VCID-n9cz-g44c-4fht |
|
| 15 |
| vulnerability |
VCID-phrd-92uj-sygr |
|
| 16 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 17 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 18 |
| vulnerability |
VCID-v8hg-78p1-87bh |
|
| 19 |
| vulnerability |
VCID-wj2g-v6dz-2yeq |
|
| 20 |
| vulnerability |
VCID-wv4b-pjet-r7d1 |
|
| 21 |
| vulnerability |
VCID-x2hp-rmcn-gbah |
|
| 22 |
| vulnerability |
VCID-yc5g-k96t-qub7 |
|
| 23 |
| vulnerability |
VCID-yh41-twy2-c7c5 |
|
| 24 |
| vulnerability |
VCID-ypwa-2rh9-gyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.18 |
|
| 1 |
| url |
pkg:pypi/django@2.0.10 |
| purl |
pkg:pypi/django@2.0.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-795n-caf2-fbcq |
|
| 2 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 3 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 4 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 5 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 6 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 7 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 8 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 9 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 10 |
| vulnerability |
VCID-wj2g-v6dz-2yeq |
|
| 11 |
| vulnerability |
VCID-yc5g-k96t-qub7 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.0.10 |
|
| 2 |
| url |
pkg:pypi/django@2.1.5 |
| purl |
pkg:pypi/django@2.1.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-3gvv-5jbs-cfc1 |
|
| 2 |
| vulnerability |
VCID-6s18-ssym-1bd6 |
|
| 3 |
| vulnerability |
VCID-795n-caf2-fbcq |
|
| 4 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 5 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 6 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 7 |
| vulnerability |
VCID-bxu2-wqcg-1ueh |
|
| 8 |
| vulnerability |
VCID-evu1-efcj-gfc5 |
|
| 9 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 10 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 11 |
| vulnerability |
VCID-had1-mb3z-23dy |
|
| 12 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 13 |
| vulnerability |
VCID-k3fv-7e29-bfep |
|
| 14 |
| vulnerability |
VCID-n9cz-g44c-4fht |
|
| 15 |
| vulnerability |
VCID-phrd-92uj-sygr |
|
| 16 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 17 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 18 |
| vulnerability |
VCID-v8hg-78p1-87bh |
|
| 19 |
| vulnerability |
VCID-vr6h-ymzh-1kb2 |
|
| 20 |
| vulnerability |
VCID-wj2g-v6dz-2yeq |
|
| 21 |
| vulnerability |
VCID-wv4b-pjet-r7d1 |
|
| 22 |
| vulnerability |
VCID-x2hp-rmcn-gbah |
|
| 23 |
| vulnerability |
VCID-yc5g-k96t-qub7 |
|
| 24 |
| vulnerability |
VCID-yh41-twy2-c7c5 |
|
| 25 |
| vulnerability |
VCID-ypwa-2rh9-gyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.5 |
|
|
| aliases |
CVE-2019-3498, GHSA-337x-4q8g-prc5, PYSEC-2019-17
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wsx7-6bfa-pugr |
|
| 26 |
| url |
VCID-wv4b-pjet-r7d1 |
| vulnerability_id |
VCID-wv4b-pjet-r7d1 |
| summary |
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of "OR 1=1" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.11.23 |
| purl |
pkg:pypi/django@1.11.23 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-7b47-vsfh-y3gh |
|
| 2 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 3 |
| vulnerability |
VCID-arff-yjfe-auhp |
|
| 4 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 5 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 6 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 7 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 8 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 9 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 10 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.23 |
|
| 1 |
| url |
pkg:pypi/django@2.1.11 |
| purl |
pkg:pypi/django@2.1.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-3gvv-5jbs-cfc1 |
|
| 2 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 3 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 4 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 5 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 6 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 7 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 8 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 9 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 10 |
| vulnerability |
VCID-vr6h-ymzh-1kb2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.11 |
|
| 2 |
| url |
pkg:pypi/django@2.2.4 |
| purl |
pkg:pypi/django@2.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-2f2p-wfbs-73hz |
|
| 2 |
| vulnerability |
VCID-3gvv-5jbs-cfc1 |
|
| 3 |
| vulnerability |
VCID-3wbe-pfau-9uhb |
|
| 4 |
| vulnerability |
VCID-5a2y-2m62-1qfa |
|
| 5 |
| vulnerability |
VCID-7b47-vsfh-y3gh |
|
| 6 |
| vulnerability |
VCID-81q1-gytk-2uaq |
|
| 7 |
| vulnerability |
VCID-9hp4-hn21-zkg8 |
|
| 8 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 9 |
| vulnerability |
VCID-arff-yjfe-auhp |
|
| 10 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 11 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 12 |
| vulnerability |
VCID-b81v-3drw-xudf |
|
| 13 |
| vulnerability |
VCID-bbxx-48nj-pqcd |
|
| 14 |
| vulnerability |
VCID-dcv2-gx5a-pfe2 |
|
| 15 |
| vulnerability |
VCID-dqkn-1888-y3er |
|
| 16 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 17 |
| vulnerability |
VCID-fc6y-y2b1-v3d5 |
|
| 18 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 19 |
| vulnerability |
VCID-gxju-xjh2-z7bn |
|
| 20 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 21 |
| vulnerability |
VCID-jzbk-uswz-8ucg |
|
| 22 |
| vulnerability |
VCID-nxbs-37dx-rbbh |
|
| 23 |
| vulnerability |
VCID-punr-dfy5-v3g1 |
|
| 24 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 25 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 26 |
| vulnerability |
VCID-u53d-8afk-c3gq |
|
| 27 |
| vulnerability |
VCID-vr6h-ymzh-1kb2 |
|
| 28 |
| vulnerability |
VCID-vyzr-dkz3-vfg6 |
|
| 29 |
| vulnerability |
VCID-xb3c-6rew-z3ba |
|
| 30 |
| vulnerability |
VCID-xu9t-qtjz-bud8 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.4 |
|
|
| aliases |
PYSEC-2019-83
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wv4b-pjet-r7d1 |
|
| 27 |
| url |
VCID-x2hp-rmcn-gbah |
| vulnerability_id |
VCID-x2hp-rmcn-gbah |
| summary |
multiple issues |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
| reference_url |
https://seclists.org/bugtraq/2019/Aug/15 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/ |
|
|
| url |
https://seclists.org/bugtraq/2019/Aug/15 |
|
| 45 |
| reference_url |
https://security.gentoo.org/glsa/202004-17 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/ |
|
|
| url |
https://security.gentoo.org/glsa/202004-17 |
|
| 46 |
|
| 47 |
|
| 48 |
| reference_url |
https://www.debian.org/security/2019/dsa-4498 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/ |
|
|
| url |
https://www.debian.org/security/2019/dsa-4498 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.11.23 |
| purl |
pkg:pypi/django@1.11.23 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-7b47-vsfh-y3gh |
|
| 2 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 3 |
| vulnerability |
VCID-arff-yjfe-auhp |
|
| 4 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 5 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 6 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 7 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 8 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 9 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 10 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.23 |
|
| 1 |
| url |
pkg:pypi/django@2.1.11 |
| purl |
pkg:pypi/django@2.1.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-3gvv-5jbs-cfc1 |
|
| 2 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 3 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 4 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 5 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 6 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 7 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 8 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 9 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 10 |
| vulnerability |
VCID-vr6h-ymzh-1kb2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.11 |
|
| 2 |
| url |
pkg:pypi/django@2.2.4 |
| purl |
pkg:pypi/django@2.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-2f2p-wfbs-73hz |
|
| 2 |
| vulnerability |
VCID-3gvv-5jbs-cfc1 |
|
| 3 |
| vulnerability |
VCID-3wbe-pfau-9uhb |
|
| 4 |
| vulnerability |
VCID-5a2y-2m62-1qfa |
|
| 5 |
| vulnerability |
VCID-7b47-vsfh-y3gh |
|
| 6 |
| vulnerability |
VCID-81q1-gytk-2uaq |
|
| 7 |
| vulnerability |
VCID-9hp4-hn21-zkg8 |
|
| 8 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 9 |
| vulnerability |
VCID-arff-yjfe-auhp |
|
| 10 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 11 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 12 |
| vulnerability |
VCID-b81v-3drw-xudf |
|
| 13 |
| vulnerability |
VCID-bbxx-48nj-pqcd |
|
| 14 |
| vulnerability |
VCID-dcv2-gx5a-pfe2 |
|
| 15 |
| vulnerability |
VCID-dqkn-1888-y3er |
|
| 16 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 17 |
| vulnerability |
VCID-fc6y-y2b1-v3d5 |
|
| 18 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 19 |
| vulnerability |
VCID-gxju-xjh2-z7bn |
|
| 20 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 21 |
| vulnerability |
VCID-jzbk-uswz-8ucg |
|
| 22 |
| vulnerability |
VCID-nxbs-37dx-rbbh |
|
| 23 |
| vulnerability |
VCID-punr-dfy5-v3g1 |
|
| 24 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 25 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 26 |
| vulnerability |
VCID-u53d-8afk-c3gq |
|
| 27 |
| vulnerability |
VCID-vr6h-ymzh-1kb2 |
|
| 28 |
| vulnerability |
VCID-vyzr-dkz3-vfg6 |
|
| 29 |
| vulnerability |
VCID-xb3c-6rew-z3ba |
|
| 30 |
| vulnerability |
VCID-xu9t-qtjz-bud8 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.4 |
|
|
| aliases |
CVE-2019-14232, GHSA-c4qh-4vgv-qc6g, PYSEC-2019-11
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-x2hp-rmcn-gbah |
|
| 28 |
| url |
VCID-yc5g-k96t-qub7 |
| vulnerability_id |
VCID-yc5g-k96t-qub7 |
| summary |
Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function. |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@2.1.7 |
| purl |
pkg:pypi/django@2.1.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-3gvv-5jbs-cfc1 |
|
| 2 |
| vulnerability |
VCID-6s18-ssym-1bd6 |
|
| 3 |
| vulnerability |
VCID-795n-caf2-fbcq |
|
| 4 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 5 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 6 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 7 |
| vulnerability |
VCID-bxu2-wqcg-1ueh |
|
| 8 |
| vulnerability |
VCID-evu1-efcj-gfc5 |
|
| 9 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 10 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 11 |
| vulnerability |
VCID-had1-mb3z-23dy |
|
| 12 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 13 |
| vulnerability |
VCID-k3fv-7e29-bfep |
|
| 14 |
| vulnerability |
VCID-n9cz-g44c-4fht |
|
| 15 |
| vulnerability |
VCID-phrd-92uj-sygr |
|
| 16 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 17 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 18 |
| vulnerability |
VCID-v8hg-78p1-87bh |
|
| 19 |
| vulnerability |
VCID-vr6h-ymzh-1kb2 |
|
| 20 |
| vulnerability |
VCID-wv4b-pjet-r7d1 |
|
| 21 |
| vulnerability |
VCID-x2hp-rmcn-gbah |
|
| 22 |
| vulnerability |
VCID-yh41-twy2-c7c5 |
|
| 23 |
| vulnerability |
VCID-ypwa-2rh9-gyex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.7 |
|
|
| aliases |
PYSEC-2019-88
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yc5g-k96t-qub7 |
|
| 29 |
| url |
VCID-yh41-twy2-c7c5 |
| vulnerability_id |
VCID-yh41-twy2-c7c5 |
| summary |
An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.11.22 |
| purl |
pkg:pypi/django@1.11.22 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-6s18-ssym-1bd6 |
|
| 2 |
| vulnerability |
VCID-7b47-vsfh-y3gh |
|
| 3 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 4 |
| vulnerability |
VCID-arff-yjfe-auhp |
|
| 5 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 6 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 7 |
| vulnerability |
VCID-evu1-efcj-gfc5 |
|
| 8 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 9 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 10 |
| vulnerability |
VCID-had1-mb3z-23dy |
|
| 11 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 12 |
| vulnerability |
VCID-n9cz-g44c-4fht |
|
| 13 |
| vulnerability |
VCID-phrd-92uj-sygr |
|
| 14 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 15 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 16 |
| vulnerability |
VCID-v8hg-78p1-87bh |
|
| 17 |
| vulnerability |
VCID-wv4b-pjet-r7d1 |
|
| 18 |
| vulnerability |
VCID-x2hp-rmcn-gbah |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.22 |
|
| 1 |
| url |
pkg:pypi/django@2.1.10 |
| purl |
pkg:pypi/django@2.1.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-3gvv-5jbs-cfc1 |
|
| 2 |
| vulnerability |
VCID-6s18-ssym-1bd6 |
|
| 3 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 4 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 5 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 6 |
| vulnerability |
VCID-evu1-efcj-gfc5 |
|
| 7 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 8 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 9 |
| vulnerability |
VCID-had1-mb3z-23dy |
|
| 10 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 11 |
| vulnerability |
VCID-n9cz-g44c-4fht |
|
| 12 |
| vulnerability |
VCID-phrd-92uj-sygr |
|
| 13 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 14 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 15 |
| vulnerability |
VCID-v8hg-78p1-87bh |
|
| 16 |
| vulnerability |
VCID-vr6h-ymzh-1kb2 |
|
| 17 |
| vulnerability |
VCID-wv4b-pjet-r7d1 |
|
| 18 |
| vulnerability |
VCID-x2hp-rmcn-gbah |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.10 |
|
| 2 |
| url |
pkg:pypi/django@2.2.3 |
| purl |
pkg:pypi/django@2.2.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-2f2p-wfbs-73hz |
|
| 2 |
| vulnerability |
VCID-3gvv-5jbs-cfc1 |
|
| 3 |
| vulnerability |
VCID-3wbe-pfau-9uhb |
|
| 4 |
| vulnerability |
VCID-5a2y-2m62-1qfa |
|
| 5 |
| vulnerability |
VCID-6s18-ssym-1bd6 |
|
| 6 |
| vulnerability |
VCID-7b47-vsfh-y3gh |
|
| 7 |
| vulnerability |
VCID-81q1-gytk-2uaq |
|
| 8 |
| vulnerability |
VCID-9hp4-hn21-zkg8 |
|
| 9 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 10 |
| vulnerability |
VCID-arff-yjfe-auhp |
|
| 11 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 12 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 13 |
| vulnerability |
VCID-b81v-3drw-xudf |
|
| 14 |
| vulnerability |
VCID-bbxx-48nj-pqcd |
|
| 15 |
| vulnerability |
VCID-dcv2-gx5a-pfe2 |
|
| 16 |
| vulnerability |
VCID-dqkn-1888-y3er |
|
| 17 |
| vulnerability |
VCID-evu1-efcj-gfc5 |
|
| 18 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 19 |
| vulnerability |
VCID-fc6y-y2b1-v3d5 |
|
| 20 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 21 |
| vulnerability |
VCID-gxju-xjh2-z7bn |
|
| 22 |
| vulnerability |
VCID-had1-mb3z-23dy |
|
| 23 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 24 |
| vulnerability |
VCID-jzbk-uswz-8ucg |
|
| 25 |
| vulnerability |
VCID-n9cz-g44c-4fht |
|
| 26 |
| vulnerability |
VCID-nxbs-37dx-rbbh |
|
| 27 |
| vulnerability |
VCID-phrd-92uj-sygr |
|
| 28 |
| vulnerability |
VCID-punr-dfy5-v3g1 |
|
| 29 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 30 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 31 |
| vulnerability |
VCID-u53d-8afk-c3gq |
|
| 32 |
| vulnerability |
VCID-v8hg-78p1-87bh |
|
| 33 |
| vulnerability |
VCID-vr6h-ymzh-1kb2 |
|
| 34 |
| vulnerability |
VCID-vyzr-dkz3-vfg6 |
|
| 35 |
| vulnerability |
VCID-wv4b-pjet-r7d1 |
|
| 36 |
| vulnerability |
VCID-x2hp-rmcn-gbah |
|
| 37 |
| vulnerability |
VCID-xb3c-6rew-z3ba |
|
| 38 |
| vulnerability |
VCID-xu9t-qtjz-bud8 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.3 |
|
|
| aliases |
PYSEC-2019-80
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yh41-twy2-c7c5 |
|
| 30 |
| url |
VCID-ypwa-2rh9-gyex |
| vulnerability_id |
VCID-ypwa-2rh9-gyex |
| summary |
silent downgrade |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
| reference_url |
https://github.com/advisories/GHSA-6c7v-2f49-8h26 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-6c7v-2f49-8h26 |
|
| 11 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
| reference_url |
https://seclists.org/bugtraq/2019/Jul/10 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://seclists.org/bugtraq/2019/Jul/10 |
|
| 17 |
|
| 18 |
|
| 19 |
| reference_url |
https://usn.ubuntu.com/4043-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4043-1 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.11.22 |
| purl |
pkg:pypi/django@1.11.22 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-6s18-ssym-1bd6 |
|
| 2 |
| vulnerability |
VCID-7b47-vsfh-y3gh |
|
| 3 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 4 |
| vulnerability |
VCID-arff-yjfe-auhp |
|
| 5 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 6 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 7 |
| vulnerability |
VCID-evu1-efcj-gfc5 |
|
| 8 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 9 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 10 |
| vulnerability |
VCID-had1-mb3z-23dy |
|
| 11 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 12 |
| vulnerability |
VCID-n9cz-g44c-4fht |
|
| 13 |
| vulnerability |
VCID-phrd-92uj-sygr |
|
| 14 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 15 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 16 |
| vulnerability |
VCID-v8hg-78p1-87bh |
|
| 17 |
| vulnerability |
VCID-wv4b-pjet-r7d1 |
|
| 18 |
| vulnerability |
VCID-x2hp-rmcn-gbah |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.22 |
|
| 1 |
| url |
pkg:pypi/django@2.1.10 |
| purl |
pkg:pypi/django@2.1.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-3gvv-5jbs-cfc1 |
|
| 2 |
| vulnerability |
VCID-6s18-ssym-1bd6 |
|
| 3 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 4 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 5 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 6 |
| vulnerability |
VCID-evu1-efcj-gfc5 |
|
| 7 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 8 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 9 |
| vulnerability |
VCID-had1-mb3z-23dy |
|
| 10 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 11 |
| vulnerability |
VCID-n9cz-g44c-4fht |
|
| 12 |
| vulnerability |
VCID-phrd-92uj-sygr |
|
| 13 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 14 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 15 |
| vulnerability |
VCID-v8hg-78p1-87bh |
|
| 16 |
| vulnerability |
VCID-vr6h-ymzh-1kb2 |
|
| 17 |
| vulnerability |
VCID-wv4b-pjet-r7d1 |
|
| 18 |
| vulnerability |
VCID-x2hp-rmcn-gbah |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.10 |
|
| 2 |
| url |
pkg:pypi/django@2.2.3 |
| purl |
pkg:pypi/django@2.2.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2bh9-k4at-r7hz |
|
| 1 |
| vulnerability |
VCID-2f2p-wfbs-73hz |
|
| 2 |
| vulnerability |
VCID-3gvv-5jbs-cfc1 |
|
| 3 |
| vulnerability |
VCID-3wbe-pfau-9uhb |
|
| 4 |
| vulnerability |
VCID-5a2y-2m62-1qfa |
|
| 5 |
| vulnerability |
VCID-6s18-ssym-1bd6 |
|
| 6 |
| vulnerability |
VCID-7b47-vsfh-y3gh |
|
| 7 |
| vulnerability |
VCID-81q1-gytk-2uaq |
|
| 8 |
| vulnerability |
VCID-9hp4-hn21-zkg8 |
|
| 9 |
| vulnerability |
VCID-9udu-eqvn-mqbj |
|
| 10 |
| vulnerability |
VCID-arff-yjfe-auhp |
|
| 11 |
| vulnerability |
VCID-ax42-esfz-vud2 |
|
| 12 |
| vulnerability |
VCID-ax7m-uv4s-zkc1 |
|
| 13 |
| vulnerability |
VCID-b81v-3drw-xudf |
|
| 14 |
| vulnerability |
VCID-bbxx-48nj-pqcd |
|
| 15 |
| vulnerability |
VCID-dcv2-gx5a-pfe2 |
|
| 16 |
| vulnerability |
VCID-dqkn-1888-y3er |
|
| 17 |
| vulnerability |
VCID-evu1-efcj-gfc5 |
|
| 18 |
| vulnerability |
VCID-fbee-vj2y-cfeb |
|
| 19 |
| vulnerability |
VCID-fc6y-y2b1-v3d5 |
|
| 20 |
| vulnerability |
VCID-fynq-usj6-rfd3 |
|
| 21 |
| vulnerability |
VCID-gxju-xjh2-z7bn |
|
| 22 |
| vulnerability |
VCID-had1-mb3z-23dy |
|
| 23 |
| vulnerability |
VCID-hzcv-euwq-eqeg |
|
| 24 |
| vulnerability |
VCID-jzbk-uswz-8ucg |
|
| 25 |
| vulnerability |
VCID-n9cz-g44c-4fht |
|
| 26 |
| vulnerability |
VCID-nxbs-37dx-rbbh |
|
| 27 |
| vulnerability |
VCID-phrd-92uj-sygr |
|
| 28 |
| vulnerability |
VCID-punr-dfy5-v3g1 |
|
| 29 |
| vulnerability |
VCID-qg2s-fuw3-nbda |
|
| 30 |
| vulnerability |
VCID-u15a-4ste-43cy |
|
| 31 |
| vulnerability |
VCID-u53d-8afk-c3gq |
|
| 32 |
| vulnerability |
VCID-v8hg-78p1-87bh |
|
| 33 |
| vulnerability |
VCID-vr6h-ymzh-1kb2 |
|
| 34 |
| vulnerability |
VCID-vyzr-dkz3-vfg6 |
|
| 35 |
| vulnerability |
VCID-wv4b-pjet-r7d1 |
|
| 36 |
| vulnerability |
VCID-x2hp-rmcn-gbah |
|
| 37 |
| vulnerability |
VCID-xb3c-6rew-z3ba |
|
| 38 |
| vulnerability |
VCID-xu9t-qtjz-bud8 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.3 |
|
|
| aliases |
CVE-2019-12781, GHSA-6c7v-2f49-8h26, PYSEC-2019-10
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ypwa-2rh9-gyex |
|