Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/python-django@0.96.2-1?distro=trixie

Type deb

Namespace debian

Name python-django

Version 0.96.2-1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 1.0-1

Latest_non_vulnerable_version 3:4.2.30-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-v466-zd6u-dqce

vulnerability_id VCID-v466-zd6u-dqce

summary Cross-site scripting (XSS) vulnerability in the login form in the administration application in Django 0.91 before 0.91.2, 0.95 before 0.95.3, and 0.96 before 0.96.2 allows remote attackers to inject arbitrary web script or HTML via the URI of a certain previous request.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2302.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2302.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2008-2302

reference_id

reference_type

scores

value	0.00441
scoring_system	epss
scoring_elements	0.63206
published_at	2026-04-04T12:55:00Z

value	0.00441
scoring_system	epss
scoring_elements	0.63171
published_at	2026-04-07T12:55:00Z

value	0.00441
scoring_system	epss
scoring_elements	0.63176
published_at	2026-04-02T12:55:00Z

value	0.00441
scoring_system	epss
scoring_elements	0.63229
published_at	2026-04-21T12:55:00Z

value	0.00441
scoring_system	epss
scoring_elements	0.6325
published_at	2026-04-18T12:55:00Z

value	0.00441
scoring_system	epss
scoring_elements	0.63207
published_at	2026-04-13T12:55:00Z

value	0.00441
scoring_system	epss
scoring_elements	0.63116
published_at	2026-04-01T12:55:00Z

value	0.00441
scoring_system	epss
scoring_elements	0.63243
published_at	2026-04-16T12:55:00Z

value	0.00441
scoring_system	epss
scoring_elements	0.63259
published_at	2026-04-11T12:55:00Z

value	0.00441
scoring_system	epss
scoring_elements	0.63241
published_at	2026-04-09T12:55:00Z

value	0.00441
scoring_system	epss
scoring_elements	0.63223
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2008-2302

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2302
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2302

reference_url	http://secunia.com/advisories/30250
reference_id
reference_type
scores
url	http://secunia.com/advisories/30250

reference_url	http://secunia.com/advisories/30291
reference_id
reference_type
scores
url	http://secunia.com/advisories/30291

reference_url	http://securitytracker.com/id?1020028
reference_id
reference_type
scores
url	http://securitytracker.com/id?1020028

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/42396

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/42396

reference_url

https://github.com/django/django

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django

reference_url

https://github.com/django/django/commit/50ce7fb57d79e8940ccf6e2781f2f01df029b5c5

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/50ce7fb57d79e8940ccf6e2781f2f01df029b5c5

reference_url

https://github.com/django/django/commit/6e657e2c404a96e744748209e896d8a69c15fdf2

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/6e657e2c404a96e744748209e896d8a69c15fdf2

reference_url

https://github.com/django/django/commit/7791e5c050cebf86d868c5dab7092185b125fdc9

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/7791e5c050cebf86d868c5dab7092185b125fdc9

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2008-1.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2008-1.yaml

reference_url

https://web.archive.org/web/20080725022008/http://secunia.com/advisories/30291

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20080725022008/http://secunia.com/advisories/30291

reference_url

https://web.archive.org/web/20081012011038/http://secunia.com/advisories/30250

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20081012011038/http://secunia.com/advisories/30250

reference_url

https://web.archive.org/web/20170222015451/http://securitytracker.com/id?1020028

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20170222015451/http://securitytracker.com/id?1020028

reference_url

https://web.archive.org/web/20200228153339/http://www.securityfocus.com/bid/29209

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228153339/http://www.securityfocus.com/bid/29209

reference_url

http://www.djangoproject.com/weblog/2008/may/14/security

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.djangoproject.com/weblog/2008/may/14/security

reference_url	http://www.djangoproject.com/weblog/2008/may/14/security/
reference_id
reference_type
scores
url	http://www.djangoproject.com/weblog/2008/may/14/security/

reference_url	http://www.securityfocus.com/bid/29209
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/29209

reference_url	http://www.vupen.com/english/advisories/2008/1618
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2008/1618

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=446402
reference_id	446402
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=446402

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481164
reference_id	481164
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481164

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2008-2302

reference_id

CVE-2008-2302

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2008-2302

reference_url

https://github.com/advisories/GHSA-54qj-48vx-cr9f

reference_id

GHSA-54qj-48vx-cr9f

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-54qj-48vx-cr9f

fixed_packages

url	pkg:deb/debian/python-django@0.96.2-1?distro=trixie
purl	pkg:deb/debian/python-django@0.96.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@0.96.2-1%3Fdistro=trixie

url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2?distro=trixie

purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1adz-zw3h-pqek

vulnerability	VCID-46pv-pzsu-jucd

vulnerability	VCID-ac4c-321h-tqfk

vulnerability	VCID-ff2a-at5f-2qa8

vulnerability	VCID-gfym-spzk-w7gk

vulnerability	VCID-jzae-1awh-k7cm

vulnerability	VCID-mga4-an1w-qqf9

vulnerability	VCID-ssut-reka-r3f8

vulnerability	VCID-xhpa-mffz-syfy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2%3Fdistro=trixie

url pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1adz-zw3h-pqek

vulnerability	VCID-46pv-pzsu-jucd

vulnerability	VCID-ac4c-321h-tqfk

vulnerability	VCID-ff2a-at5f-2qa8

vulnerability	VCID-gfym-spzk-w7gk

vulnerability	VCID-jzae-1awh-k7cm

vulnerability	VCID-mga4-an1w-qqf9

vulnerability	VCID-ssut-reka-r3f8

vulnerability	VCID-xhpa-mffz-syfy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/python-django@3:4.2.28-0%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/python-django@3:4.2.28-0%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1adz-zw3h-pqek

vulnerability	VCID-46pv-pzsu-jucd

vulnerability	VCID-ac4c-321h-tqfk

vulnerability	VCID-ff2a-at5f-2qa8

vulnerability	VCID-gfym-spzk-w7gk

vulnerability	VCID-ssut-reka-r3f8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.28-0%252Bdeb13u1%3Fdistro=trixie

url pkg:deb/debian/python-django@3:4.2.29-1?distro=trixie

purl pkg:deb/debian/python-django@3:4.2.29-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1adz-zw3h-pqek

vulnerability	VCID-46pv-pzsu-jucd

vulnerability	VCID-ff2a-at5f-2qa8

vulnerability	VCID-gfym-spzk-w7gk

vulnerability	VCID-ssut-reka-r3f8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.29-1%3Fdistro=trixie

url	pkg:deb/debian/python-django@3:4.2.30-1?distro=trixie
purl	pkg:deb/debian/python-django@3:4.2.30-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.30-1%3Fdistro=trixie

aliases CVE-2008-2302, GHSA-54qj-48vx-cr9f, PYSEC-2008-1

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v466-zd6u-dqce

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@0.96.2-1%3Fdistro=trixie

Package Instance