Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/python-django@0?distro=trixie
Typedeb
Namespacedebian
Namepython-django
Version0
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version0.95.1-1
Latest_non_vulnerable_version3:4.2.30-1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-3sac-ah8j-pucd
vulnerability_id VCID-3sac-ah8j-pucd
summary 
Django SQL injection in HasKey(lhs, rhs) on Oracle
An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. (Applications that use the jsonfield.has_key lookup via __ are unaffected.)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53908.json
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53908.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-53908
reference_id
reference_type
scores
0
value 0.00687
scoring_system epss
scoring_elements 0.71753
published_at 2026-04-16T12:55:00Z
1
value 0.00687
scoring_system epss
scoring_elements 0.7171
published_at 2026-04-13T12:55:00Z
2
value 0.00687
scoring_system epss
scoring_elements 0.71745
published_at 2026-04-11T12:55:00Z
3
value 0.00687
scoring_system epss
scoring_elements 0.71697
published_at 2026-04-04T12:55:00Z
4
value 0.00687
scoring_system epss
scoring_elements 0.7167
published_at 2026-04-07T12:55:00Z
5
value 0.00687
scoring_system epss
scoring_elements 0.71709
published_at 2026-04-08T12:55:00Z
6
value 0.00687
scoring_system epss
scoring_elements 0.7172
published_at 2026-04-09T12:55:00Z
7
value 0.00687
scoring_system epss
scoring_elements 0.71728
published_at 2026-04-12T12:55:00Z
8
value 0.00687
scoring_system epss
scoring_elements 0.71679
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-53908
2
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
3
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-06T16:19:13Z/
url https://docs.djangoproject.com/en/dev/releases/security/
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-157.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-157.yaml
7
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-06T16:19:13Z/
url https://groups.google.com/g/django-announce
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-53908
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-53908
9
reference_url https://www.djangoproject.com/weblog/2024/dec/04/security-releases
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2024/dec/04/security-releases
10
reference_url https://www.openwall.com/lists/oss-security/2024/12/04/3
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-06T16:19:13Z/
url https://www.openwall.com/lists/oss-security/2024/12/04/3
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2329287
reference_id 2329287
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2329287
12
reference_url https://github.com/advisories/GHSA-m9g8-fxxm-xg86
reference_id GHSA-m9g8-fxxm-xg86
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m9g8-fxxm-xg86
13
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
14
reference_url https://access.redhat.com/errata/RHSA-2024:11144
reference_id RHSA-2024:11144
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:11144
15
reference_url https://access.redhat.com/errata/RHSA-2024:11146
reference_id RHSA-2024:11146
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:11146
16
reference_url https://access.redhat.com/errata/RHSA-2025:0340
reference_id RHSA-2025:0340
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0340
17
reference_url https://access.redhat.com/errata/RHSA-2025:0721
reference_id RHSA-2025:0721
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0721
18
reference_url https://usn.ubuntu.com/7136-1/
reference_id USN-7136-1
reference_type
scores
url https://usn.ubuntu.com/7136-1/
fixed_packages
0
url pkg:deb/debian/python-django@0?distro=trixie
purl pkg:deb/debian/python-django@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@0%3Fdistro=trixie
1
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2?distro=trixie
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-jzae-1awh-k7cm
6
vulnerability VCID-mga4-an1w-qqf9
7
vulnerability VCID-ssut-reka-r3f8
8
vulnerability VCID-xhpa-mffz-syfy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2%3Fdistro=trixie
2
url pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-jzae-1awh-k7cm
6
vulnerability VCID-mga4-an1w-qqf9
7
vulnerability VCID-ssut-reka-r3f8
8
vulnerability VCID-xhpa-mffz-syfy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/python-django@3:4.2.17-1?distro=trixie
purl pkg:deb/debian/python-django@3:4.2.17-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.17-1%3Fdistro=trixie
4
url pkg:deb/debian/python-django@3:4.2.28-0%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/python-django@3:4.2.28-0%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-ssut-reka-r3f8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.28-0%252Bdeb13u1%3Fdistro=trixie
5
url pkg:deb/debian/python-django@3:4.2.29-1?distro=trixie
purl pkg:deb/debian/python-django@3:4.2.29-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ff2a-at5f-2qa8
3
vulnerability VCID-gfym-spzk-w7gk
4
vulnerability VCID-ssut-reka-r3f8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.29-1%3Fdistro=trixie
6
url pkg:deb/debian/python-django@3:4.2.30-1?distro=trixie
purl pkg:deb/debian/python-django@3:4.2.30-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.30-1%3Fdistro=trixie
aliases BIT-django-2024-53908, CVE-2024-53908, GHSA-m9g8-fxxm-xg86, PYSEC-2024-157
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3sac-ah8j-pucd
1
url VCID-6hfy-2gcp-1uh4
vulnerability_id VCID-6hfy-2gcp-1uh4
summary An issue was discovered in Django 2.1 before 2.1.2, in which unprivileged users can read the password hashes of arbitrary accounts. The read-only password widget used by the Django Admin to display an obfuscated password hash was bypassed if a user has only the "view" permission (new in Django 2.1), resulting in display of the entire password hash to those users. This may result in a vulnerability for sites with legacy user accounts using insecure hashes.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16984.json
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16984.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-16984
reference_id
reference_type
scores
0
value 0.00721
scoring_system epss
scoring_elements 0.72432
published_at 2026-04-07T12:55:00Z
1
value 0.00721
scoring_system epss
scoring_elements 0.7252
published_at 2026-04-16T12:55:00Z
2
value 0.00721
scoring_system epss
scoring_elements 0.72478
published_at 2026-04-13T12:55:00Z
3
value 0.00721
scoring_system epss
scoring_elements 0.72488
published_at 2026-04-12T12:55:00Z
4
value 0.00721
scoring_system epss
scoring_elements 0.72506
published_at 2026-04-11T12:55:00Z
5
value 0.00721
scoring_system epss
scoring_elements 0.72483
published_at 2026-04-09T12:55:00Z
6
value 0.00721
scoring_system epss
scoring_elements 0.7247
published_at 2026-04-08T12:55:00Z
7
value 0.00721
scoring_system epss
scoring_elements 0.72437
published_at 2026-04-02T12:55:00Z
8
value 0.00721
scoring_system epss
scoring_elements 0.72455
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-16984
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/advisories/GHSA-6mx3-3vqg-hpp2
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-6mx3-3vqg-hpp2
4
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
5
reference_url https://github.com/django/django/commit/bf39978a53f117ca02e9a0c78b76664a41a54745
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/bf39978a53f117ca02e9a0c78b76664a41a54745
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-3.yaml
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-3.yaml
7
reference_url https://security.netapp.com/advisory/ntap-20190502-0009
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190502-0009
8
reference_url https://security.netapp.com/advisory/ntap-20190502-0009/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190502-0009/
9
reference_url https://web.archive.org/web/20200517123022/http://www.securitytracker.com/id/1041749
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200517123022/http://www.securitytracker.com/id/1041749
10
reference_url https://www.djangoproject.com/weblog/2018/oct/01/security-release
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2018/oct/01/security-release
11
reference_url https://www.djangoproject.com/weblog/2018/oct/01/security-release/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2018/oct/01/security-release/
12
reference_url http://www.securitytracker.com/id/1041749
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1041749
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1639398
reference_id 1639398
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1639398
14
reference_url https://security.archlinux.org/ASA-201810-5
reference_id ASA-201810-5
reference_type
scores
url https://security.archlinux.org/ASA-201810-5
15
reference_url https://security.archlinux.org/AVG-773
reference_id AVG-773
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-773
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-16984
reference_id CVE-2018-16984
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-16984
fixed_packages
0
url pkg:deb/debian/python-django@0?distro=trixie
purl pkg:deb/debian/python-django@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@0%3Fdistro=trixie
1
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2?distro=trixie
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-jzae-1awh-k7cm
6
vulnerability VCID-mga4-an1w-qqf9
7
vulnerability VCID-ssut-reka-r3f8
8
vulnerability VCID-xhpa-mffz-syfy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2%3Fdistro=trixie
2
url pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-jzae-1awh-k7cm
6
vulnerability VCID-mga4-an1w-qqf9
7
vulnerability VCID-ssut-reka-r3f8
8
vulnerability VCID-xhpa-mffz-syfy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/python-django@3:4.2.28-0%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/python-django@3:4.2.28-0%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-ssut-reka-r3f8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.28-0%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/python-django@3:4.2.29-1?distro=trixie
purl pkg:deb/debian/python-django@3:4.2.29-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ff2a-at5f-2qa8
3
vulnerability VCID-gfym-spzk-w7gk
4
vulnerability VCID-ssut-reka-r3f8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.29-1%3Fdistro=trixie
5
url pkg:deb/debian/python-django@3:4.2.30-1?distro=trixie
purl pkg:deb/debian/python-django@3:4.2.30-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.30-1%3Fdistro=trixie
aliases CVE-2018-16984, GHSA-6mx3-3vqg-hpp2, PYSEC-2018-3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6hfy-2gcp-1uh4
2
url VCID-78r4-85ms-63hm
vulnerability_id VCID-78r4-85ms-63hm
summary An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46695.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46695.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-46695
reference_id
reference_type
scores
0
value 0.03582
scoring_system epss
scoring_elements 0.87759
published_at 2026-04-16T12:55:00Z
1
value 0.03582
scoring_system epss
scoring_elements 0.87735
published_at 2026-04-08T12:55:00Z
2
value 0.03582
scoring_system epss
scoring_elements 0.87745
published_at 2026-04-13T12:55:00Z
3
value 0.03582
scoring_system epss
scoring_elements 0.87746
published_at 2026-04-12T12:55:00Z
4
value 0.03582
scoring_system epss
scoring_elements 0.87752
published_at 2026-04-11T12:55:00Z
5
value 0.03582
scoring_system epss
scoring_elements 0.87741
published_at 2026-04-09T12:55:00Z
6
value 0.03582
scoring_system epss
scoring_elements 0.87714
published_at 2026-04-07T12:55:00Z
7
value 0.03582
scoring_system epss
scoring_elements 0.87712
published_at 2026-04-04T12:55:00Z
8
value 0.03582
scoring_system epss
scoring_elements 0.877
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-46695
2
reference_url https://docs.djangoproject.com/en/4.2/releases/security
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/4.2/releases/security
3
reference_url https://docs.djangoproject.com/en/4.2/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.2/releases/security/
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
6
reference_url https://github.com/django/django/commit/048a9ebb6ea468426cb4e57c71572cbbd975517f
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/048a9ebb6ea468426cb4e57c71572cbbd975517f
7
reference_url https://github.com/django/django/commit/4965bfdde2e5a5c883685019e57d123a3368a75e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/4965bfdde2e5a5c883685019e57d123a3368a75e
8
reference_url https://github.com/django/django/commit/f9a7fb8466a7ba4857eaf930099b5258f3eafb2b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/f9a7fb8466a7ba4857eaf930099b5258f3eafb2b
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-222.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-222.yaml
10
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#%21forum/django-announce
11
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!forum/django-announce
12
reference_url https://security.netapp.com/advisory/ntap-20231214-0001
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20231214-0001
13
reference_url https://www.djangoproject.com/weblog/2023/nov/01/security-releases
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2023/nov/01/security-releases
14
reference_url https://www.djangoproject.com/weblog/2023/nov/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/nov/01/security-releases/
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2247097
reference_id 2247097
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2247097
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-46695
reference_id CVE-2023-46695
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-46695
17
reference_url https://github.com/advisories/GHSA-qmf9-6jqf-j8fq
reference_id GHSA-qmf9-6jqf-j8fq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qmf9-6jqf-j8fq
fixed_packages
0
url pkg:deb/debian/python-django@0?distro=trixie
purl pkg:deb/debian/python-django@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@0%3Fdistro=trixie
1
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2?distro=trixie
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-jzae-1awh-k7cm
6
vulnerability VCID-mga4-an1w-qqf9
7
vulnerability VCID-ssut-reka-r3f8
8
vulnerability VCID-xhpa-mffz-syfy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2%3Fdistro=trixie
2
url pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-jzae-1awh-k7cm
6
vulnerability VCID-mga4-an1w-qqf9
7
vulnerability VCID-ssut-reka-r3f8
8
vulnerability VCID-xhpa-mffz-syfy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/python-django@3:4.2.28-0%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/python-django@3:4.2.28-0%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-ssut-reka-r3f8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.28-0%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/python-django@3:4.2.29-1?distro=trixie
purl pkg:deb/debian/python-django@3:4.2.29-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ff2a-at5f-2qa8
3
vulnerability VCID-gfym-spzk-w7gk
4
vulnerability VCID-ssut-reka-r3f8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.29-1%3Fdistro=trixie
5
url pkg:deb/debian/python-django@3:4.2.30-1?distro=trixie
purl pkg:deb/debian/python-django@3:4.2.30-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.30-1%3Fdistro=trixie
aliases BIT-django-2023-46695, CVE-2023-46695, GHSA-qmf9-6jqf-j8fq, PYSEC-2023-222
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-78r4-85ms-63hm
3
url VCID-84mm-45p6-xkau
vulnerability_id VCID-84mm-45p6-xkau
summary 
Django has a denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on Windows
An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.
NFKC normalization in Python is slow on Windows. As a consequence, `django.http.HttpResponseRedirect`, `django.http.HttpResponsePermanentRedirect`, and the shortcut `django.shortcuts.redirect`  were subject to a potential  denial-of-service attack via certain inputs with a very large number of Unicode characters.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Seokchan Yoon for reporting this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64458.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64458.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-64458
reference_id
reference_type
scores
0
value 0.0002
scoring_system epss
scoring_elements 0.05432
published_at 2026-04-13T12:55:00Z
1
value 0.0002
scoring_system epss
scoring_elements 0.05452
published_at 2026-04-11T12:55:00Z
2
value 0.0002
scoring_system epss
scoring_elements 0.05459
published_at 2026-04-08T12:55:00Z
3
value 0.0002
scoring_system epss
scoring_elements 0.05424
published_at 2026-04-07T12:55:00Z
4
value 0.0002
scoring_system epss
scoring_elements 0.05417
published_at 2026-04-04T12:55:00Z
5
value 0.0002
scoring_system epss
scoring_elements 0.05438
published_at 2026-04-12T12:55:00Z
6
value 0.0002
scoring_system epss
scoring_elements 0.0548
published_at 2026-04-09T12:55:00Z
7
value 0.00024
scoring_system epss
scoring_elements 0.06443
published_at 2026-04-16T12:55:00Z
8
value 0.00026
scoring_system epss
scoring_elements 0.07235
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-64458
2
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
3
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
4
reference_url https://github.com/django/django/commit/3790593781d26168e7306b5b2f8ea0309de16242
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/3790593781d26168e7306b5b2f8ea0309de16242
5
reference_url https://github.com/django/django/commit/4f5d904b63751dea9ffc3b0e046404a7fa5881ac
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/4f5d904b63751dea9ffc3b0e046404a7fa5881ac
6
reference_url https://github.com/django/django/commit/6e13348436fccf8f22982921d6a3a3e65c956a9f
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/6e13348436fccf8f22982921d6a3a3e65c956a9f
7
reference_url https://github.com/django/django/commit/770eea38d7a0e9ba9455140b5a9a9e33618226a7
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/770eea38d7a0e9ba9455140b5a9a9e33618226a7
8
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-05T16:20:23Z/
url https://groups.google.com/g/django-announce
9
reference_url https://www.djangoproject.com/weblog/2025/nov/05/security-releases
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2025/nov/05/security-releases
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2412649
reference_id 2412649
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2412649
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-64458
reference_id CVE-2025-64458
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-64458
12
reference_url https://github.com/advisories/GHSA-qw25-v68c-qjf3
reference_id GHSA-qw25-v68c-qjf3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qw25-v68c-qjf3
13
reference_url https://www.djangoproject.com/weblog/2025/nov/05/security-releases/
reference_id security-releases
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-05T16:20:23Z/
url https://www.djangoproject.com/weblog/2025/nov/05/security-releases/
fixed_packages
0
url pkg:deb/debian/python-django@0?distro=trixie
purl pkg:deb/debian/python-django@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@0%3Fdistro=trixie
1
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2?distro=trixie
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-jzae-1awh-k7cm
6
vulnerability VCID-mga4-an1w-qqf9
7
vulnerability VCID-ssut-reka-r3f8
8
vulnerability VCID-xhpa-mffz-syfy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2%3Fdistro=trixie
2
url pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-jzae-1awh-k7cm
6
vulnerability VCID-mga4-an1w-qqf9
7
vulnerability VCID-ssut-reka-r3f8
8
vulnerability VCID-xhpa-mffz-syfy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/python-django@3:4.2.28-0%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/python-django@3:4.2.28-0%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-ssut-reka-r3f8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.28-0%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/python-django@3:4.2.29-1?distro=trixie
purl pkg:deb/debian/python-django@3:4.2.29-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ff2a-at5f-2qa8
3
vulnerability VCID-gfym-spzk-w7gk
4
vulnerability VCID-ssut-reka-r3f8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.29-1%3Fdistro=trixie
5
url pkg:deb/debian/python-django@3:4.2.30-1?distro=trixie
purl pkg:deb/debian/python-django@3:4.2.30-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.30-1%3Fdistro=trixie
aliases CVE-2025-64458, GHSA-qw25-v68c-qjf3
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-84mm-45p6-xkau
4
url VCID-e9k9-1s9f-dbgv
vulnerability_id VCID-e9k9-1s9f-dbgv
summary 
Django has Inefficient Algorithmic Complexity
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.

`ASGIRequest` allows a remote attacker to cause a potential denial-of-service via a crafted request with multiple duplicate headers.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.

Django would like to thank Jiyong Yang for reporting this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14550.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14550.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-14550
reference_id
reference_type
scores
0
value 0.00059
scoring_system epss
scoring_elements 0.18717
published_at 2026-04-02T12:55:00Z
1
value 0.00059
scoring_system epss
scoring_elements 0.18625
published_at 2026-04-11T12:55:00Z
2
value 0.00059
scoring_system epss
scoring_elements 0.18621
published_at 2026-04-09T12:55:00Z
3
value 0.00059
scoring_system epss
scoring_elements 0.18568
published_at 2026-04-08T12:55:00Z
4
value 0.00059
scoring_system epss
scoring_elements 0.18487
published_at 2026-04-07T12:55:00Z
5
value 0.00059
scoring_system epss
scoring_elements 0.18771
published_at 2026-04-04T12:55:00Z
6
value 0.00062
scoring_system epss
scoring_elements 0.19221
published_at 2026-04-16T12:55:00Z
7
value 0.00062
scoring_system epss
scoring_elements 0.19259
published_at 2026-04-13T12:55:00Z
8
value 0.00062
scoring_system epss
scoring_elements 0.19314
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-14550
2
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
5
reference_url https://github.com/django/django/commit/eb22e1d6d643360e952609ef562c139a100ea4eb
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/eb22e1d6d643360e952609ef562c139a100ea4eb
6
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:27:25Z/
url https://groups.google.com/g/django-announce
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-14550
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-14550
8
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914
reference_id 1126914
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2436341
reference_id 2436341
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2436341
11
reference_url https://github.com/advisories/GHSA-33mw-q7rj-mjwj
reference_id GHSA-33mw-q7rj-mjwj
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-33mw-q7rj-mjwj
12
reference_url https://access.redhat.com/errata/RHSA-2026:2694
reference_id RHSA-2026:2694
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2694
13
reference_url https://access.redhat.com/errata/RHSA-2026:3958
reference_id RHSA-2026:3958
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3958
14
reference_url https://access.redhat.com/errata/RHSA-2026:3959
reference_id RHSA-2026:3959
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3959
15
reference_url https://access.redhat.com/errata/RHSA-2026:6291
reference_id RHSA-2026:6291
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6291
16
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
reference_id security-releases
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:27:25Z/
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
17
reference_url https://usn.ubuntu.com/8009-1/
reference_id USN-8009-1
reference_type
scores
url https://usn.ubuntu.com/8009-1/
fixed_packages
0
url pkg:deb/debian/python-django@0?distro=trixie
purl pkg:deb/debian/python-django@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@0%3Fdistro=trixie
1
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2?distro=trixie
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-jzae-1awh-k7cm
6
vulnerability VCID-mga4-an1w-qqf9
7
vulnerability VCID-ssut-reka-r3f8
8
vulnerability VCID-xhpa-mffz-syfy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2%3Fdistro=trixie
2
url pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-jzae-1awh-k7cm
6
vulnerability VCID-mga4-an1w-qqf9
7
vulnerability VCID-ssut-reka-r3f8
8
vulnerability VCID-xhpa-mffz-syfy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2?distro=trixie
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2%3Fdistro=trixie
4
url pkg:deb/debian/python-django@3:4.2.28-0%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/python-django@3:4.2.28-0%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-ssut-reka-r3f8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.28-0%252Bdeb13u1%3Fdistro=trixie
5
url pkg:deb/debian/python-django@3:4.2.28-1?distro=trixie
purl pkg:deb/debian/python-django@3:4.2.28-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.28-1%3Fdistro=trixie
6
url pkg:deb/debian/python-django@3:4.2.29-1?distro=trixie
purl pkg:deb/debian/python-django@3:4.2.29-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ff2a-at5f-2qa8
3
vulnerability VCID-gfym-spzk-w7gk
4
vulnerability VCID-ssut-reka-r3f8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.29-1%3Fdistro=trixie
7
url pkg:deb/debian/python-django@3:4.2.30-1?distro=trixie
purl pkg:deb/debian/python-django@3:4.2.30-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.30-1%3Fdistro=trixie
aliases CVE-2025-14550, GHSA-33mw-q7rj-mjwj
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e9k9-1s9f-dbgv
5
url VCID-fw2d-s2rt-syfz
vulnerability_id VCID-fw2d-s2rt-syfz
summary Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / (slash) character in a key in a session cookie, related to session replays.
references
0
reference_url http://openwall.com/lists/oss-security/2011/02/09/6
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2011/02/09/6
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-0698
reference_id
reference_type
scores
0
value 0.00719
scoring_system epss
scoring_elements 0.72499
published_at 2026-04-16T12:55:00Z
1
value 0.00719
scoring_system epss
scoring_elements 0.72458
published_at 2026-04-13T12:55:00Z
2
value 0.00719
scoring_system epss
scoring_elements 0.72467
published_at 2026-04-12T12:55:00Z
3
value 0.00719
scoring_system epss
scoring_elements 0.7245
published_at 2026-04-08T12:55:00Z
4
value 0.00719
scoring_system epss
scoring_elements 0.72411
published_at 2026-04-07T12:55:00Z
5
value 0.00719
scoring_system epss
scoring_elements 0.72416
published_at 2026-04-02T12:55:00Z
6
value 0.00719
scoring_system epss
scoring_elements 0.72485
published_at 2026-04-11T12:55:00Z
7
value 0.00719
scoring_system epss
scoring_elements 0.72462
published_at 2026-04-09T12:55:00Z
8
value 0.00719
scoring_system epss
scoring_elements 0.72434
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-0698
2
reference_url http://secunia.com/advisories/43230
reference_id
reference_type
scores
url http://secunia.com/advisories/43230
3
reference_url https://github.com/advisories/GHSA-7g9h-c88w-r7h2
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-7g9h-c88w-r7h2
4
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
5
reference_url https://github.com/django/django/commit/194566480b15cf4e294d3f03ff587019b74044b2
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/194566480b15cf4e294d3f03ff587019b74044b2
6
reference_url https://github.com/django/django/commit/570a32a047ea56265646217264b0d3dab1a14dbd
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/570a32a047ea56265646217264b0d3dab1a14dbd
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2011-12.yaml
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2011-12.yaml
8
reference_url https://web.archive.org/web/20110521033259/http://secunia.com/advisories/43230
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20110521033259/http://secunia.com/advisories/43230
9
reference_url https://web.archive.org/web/20130616104703/http://www.securityfocus.com/bid/46296
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20130616104703/http://www.securityfocus.com/bid/46296
10
reference_url http://www.djangoproject.com/weblog/2011/feb/08/security
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.djangoproject.com/weblog/2011/feb/08/security
11
reference_url http://www.djangoproject.com/weblog/2011/feb/08/security/
reference_id
reference_type
scores
url http://www.djangoproject.com/weblog/2011/feb/08/security/
12
reference_url http://www.mandriva.com/security/advisories?name=MDVSA-2011:031
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.mandriva.com/security/advisories?name=MDVSA-2011:031
13
reference_url http://www.securityfocus.com/bid/46296
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/46296
14
reference_url http://www.vupen.com/english/advisories/2011/0372
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2011/0372
15
reference_url http://www.vupen.com/english/advisories/2011/0439
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2011/0439
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.1:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.1.0:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.1.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.1.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.1.2:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.1.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.1.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.1.3:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.2:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.2.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.2.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.2.1:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.2.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.2.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.2.2:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.2.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.2.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.2.3:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.2.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.2.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.2.4:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
reference_id cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-0698
reference_id CVE-2011-0698
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P
1
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-0698
fixed_packages
0
url pkg:deb/debian/python-django@0?distro=trixie
purl pkg:deb/debian/python-django@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@0%3Fdistro=trixie
1
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2?distro=trixie
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-jzae-1awh-k7cm
6
vulnerability VCID-mga4-an1w-qqf9
7
vulnerability VCID-ssut-reka-r3f8
8
vulnerability VCID-xhpa-mffz-syfy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2%3Fdistro=trixie
2
url pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-jzae-1awh-k7cm
6
vulnerability VCID-mga4-an1w-qqf9
7
vulnerability VCID-ssut-reka-r3f8
8
vulnerability VCID-xhpa-mffz-syfy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/python-django@3:4.2.28-0%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/python-django@3:4.2.28-0%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-ssut-reka-r3f8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.28-0%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/python-django@3:4.2.29-1?distro=trixie
purl pkg:deb/debian/python-django@3:4.2.29-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ff2a-at5f-2qa8
3
vulnerability VCID-gfym-spzk-w7gk
4
vulnerability VCID-ssut-reka-r3f8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.29-1%3Fdistro=trixie
5
url pkg:deb/debian/python-django@3:4.2.30-1?distro=trixie
purl pkg:deb/debian/python-django@3:4.2.30-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.30-1%3Fdistro=trixie
aliases CVE-2011-0698, GHSA-7g9h-c88w-r7h2, PYSEC-2011-12
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fw2d-s2rt-syfz
6
url VCID-gan1-9gwu-63d2
vulnerability_id VCID-gan1-9gwu-63d2
summary Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-35042.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-35042.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-35042
reference_id
reference_type
scores
0
value 0.89973
scoring_system epss
scoring_elements 0.99577
published_at 2026-04-04T12:55:00Z
1
value 0.89973
scoring_system epss
scoring_elements 0.99576
published_at 2026-04-02T12:55:00Z
2
value 0.89973
scoring_system epss
scoring_elements 0.9958
published_at 2026-04-16T12:55:00Z
3
value 0.89973
scoring_system epss
scoring_elements 0.99579
published_at 2026-04-13T12:55:00Z
4
value 0.89973
scoring_system epss
scoring_elements 0.99578
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-35042
2
reference_url https://docs.djangoproject.com/en/3.2/releases/security
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/3.2/releases/security
3
reference_url https://docs.djangoproject.com/en/3.2/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/3.2/releases/security/
4
reference_url https://github.com/advisories/GHSA-xpfp-f569-q3p2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-xpfp-f569-q3p2
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
6
reference_url https://github.com/django/django/commit/0bd57a879a0d54920bb9038a732645fb917040e9
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/0bd57a879a0d54920bb9038a732645fb917040e9
7
reference_url https://github.com/django/django/commit/a34a5f724c5d5adb2109374ba3989ebb7b11f81f
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/a34a5f724c5d5adb2109374ba3989ebb7b11f81f
8
reference_url https://github.com/django/django/commit/dae83a24519d6f284c74414e0b81d64d9b5a0db4
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/dae83a24519d6f284c74414e0b81d64d9b5a0db4
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-109.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-109.yaml
10
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!forum/django-announce
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SS6NJTBYWOX6J7G4U3LUOILARJKWPQ5Y
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SS6NJTBYWOX6J7G4U3LUOILARJKWPQ5Y
12
reference_url https://security.netapp.com/advisory/ntap-20210805-0008
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210805-0008
13
reference_url https://www.djangoproject.com/weblog/2021/jul/01/security-releases
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2021/jul/01/security-releases
14
reference_url https://www.djangoproject.com/weblog/2021/jul/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2021/jul/01/security-releases/
15
reference_url https://www.openwall.com/lists/oss-security/2021/07/02/2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2021/07/02/2
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1975918
reference_id 1975918
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1975918
17
reference_url https://security.archlinux.org/ASA-202107-11
reference_id ASA-202107-11
reference_type
scores
url https://security.archlinux.org/ASA-202107-11
18
reference_url https://security.archlinux.org/AVG-2123
reference_id AVG-2123
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2123
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-35042
reference_id CVE-2021-35042
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-35042
20
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
fixed_packages
0
url pkg:deb/debian/python-django@0?distro=trixie
purl pkg:deb/debian/python-django@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@0%3Fdistro=trixie
1
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2?distro=trixie
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-jzae-1awh-k7cm
6
vulnerability VCID-mga4-an1w-qqf9
7
vulnerability VCID-ssut-reka-r3f8
8
vulnerability VCID-xhpa-mffz-syfy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2%3Fdistro=trixie
2
url pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-jzae-1awh-k7cm
6
vulnerability VCID-mga4-an1w-qqf9
7
vulnerability VCID-ssut-reka-r3f8
8
vulnerability VCID-xhpa-mffz-syfy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/python-django@3:4.2.28-0%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/python-django@3:4.2.28-0%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-ssut-reka-r3f8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.28-0%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/python-django@3:4.2.29-1?distro=trixie
purl pkg:deb/debian/python-django@3:4.2.29-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ff2a-at5f-2qa8
3
vulnerability VCID-gfym-spzk-w7gk
4
vulnerability VCID-ssut-reka-r3f8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.29-1%3Fdistro=trixie
5
url pkg:deb/debian/python-django@3:4.2.30-1?distro=trixie
purl pkg:deb/debian/python-django@3:4.2.30-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.30-1%3Fdistro=trixie
aliases BIT-django-2021-35042, CVE-2021-35042, GHSA-xpfp-f569-q3p2, PYSEC-2021-109
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gan1-9gwu-63d2
7
url VCID-khxh-hjmn-fbdq
vulnerability_id VCID-khxh-hjmn-fbdq
summary The session.flush function in the cached_db backend in Django 1.8.x before 1.8.2 does not properly flush the session, which allows remote attackers to hijack user sessions via an empty string in the session key.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3982.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3982.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-3982
reference_id
reference_type
scores
0
value 0.00225
scoring_system epss
scoring_elements 0.4522
published_at 2026-04-02T12:55:00Z
1
value 0.00225
scoring_system epss
scoring_elements 0.45184
published_at 2026-04-07T12:55:00Z
2
value 0.00225
scoring_system epss
scoring_elements 0.45242
published_at 2026-04-04T12:55:00Z
3
value 0.00225
scoring_system epss
scoring_elements 0.45139
published_at 2026-04-01T12:55:00Z
4
value 0.00225
scoring_system epss
scoring_elements 0.45281
published_at 2026-04-16T12:55:00Z
5
value 0.00225
scoring_system epss
scoring_elements 0.4523
published_at 2026-04-13T12:55:00Z
6
value 0.00225
scoring_system epss
scoring_elements 0.45229
published_at 2026-04-12T12:55:00Z
7
value 0.00225
scoring_system epss
scoring_elements 0.45261
published_at 2026-04-11T12:55:00Z
8
value 0.00225
scoring_system epss
scoring_elements 0.45239
published_at 2026-04-09T12:55:00Z
9
value 0.00225
scoring_system epss
scoring_elements 0.4524
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-3982
2
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
3
reference_url https://github.com/django/django/commit/31cb25adecba930bdeee4556709f5a1c42d88fd6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/31cb25adecba930bdeee4556709f5a1c42d88fd6
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2015-19.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2015-19.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-3982
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-3982
6
reference_url https://web.archive.org/web/20200228092138/http://www.securityfocus.com/bid/74960
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228092138/http://www.securityfocus.com/bid/74960
7
reference_url https://www.djangoproject.com/weblog/2015/may/20/security-release
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2015/may/20/security-release
8
reference_url https://www.djangoproject.com/weblog/2015/may/20/security-release/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2015/may/20/security-release/
9
reference_url http://www.securityfocus.com/bid/74960
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/74960
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1221526
reference_id 1221526
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1221526
11
reference_url https://github.com/advisories/GHSA-6wgp-fwfm-mxp3
reference_id GHSA-6wgp-fwfm-mxp3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6wgp-fwfm-mxp3
fixed_packages
0
url pkg:deb/debian/python-django@0?distro=trixie
purl pkg:deb/debian/python-django@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@0%3Fdistro=trixie
1
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2?distro=trixie
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-jzae-1awh-k7cm
6
vulnerability VCID-mga4-an1w-qqf9
7
vulnerability VCID-ssut-reka-r3f8
8
vulnerability VCID-xhpa-mffz-syfy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2%3Fdistro=trixie
2
url pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-jzae-1awh-k7cm
6
vulnerability VCID-mga4-an1w-qqf9
7
vulnerability VCID-ssut-reka-r3f8
8
vulnerability VCID-xhpa-mffz-syfy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/python-django@3:4.2.28-0%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/python-django@3:4.2.28-0%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-ssut-reka-r3f8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.28-0%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/python-django@3:4.2.29-1?distro=trixie
purl pkg:deb/debian/python-django@3:4.2.29-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ff2a-at5f-2qa8
3
vulnerability VCID-gfym-spzk-w7gk
4
vulnerability VCID-ssut-reka-r3f8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.29-1%3Fdistro=trixie
5
url pkg:deb/debian/python-django@3:4.2.30-1?distro=trixie
purl pkg:deb/debian/python-django@3:4.2.30-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.30-1%3Fdistro=trixie
aliases CVE-2015-3982, GHSA-6wgp-fwfm-mxp3, PYSEC-2015-19
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-khxh-hjmn-fbdq
8
url VCID-nda7-9219-6kce
vulnerability_id VCID-nda7-9219-6kce
summary 
Django vulnerable to Uncontrolled Resource Consumption
An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29.

`URLField.to_python()` in Django calls `urllib.parse.urlsplit()`, which performs NFKC normalization on Windows that is disproportionately slow for certain Unicode characters, allowing a remote attacker to cause denial of service via large URL inputs containing these characters.

Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Seokchan Yoon for reporting this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25673.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25673.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25673
reference_id
reference_type
scores
0
value 0.00211
scoring_system epss
scoring_elements 0.43562
published_at 2026-04-02T12:55:00Z
1
value 0.00229
scoring_system epss
scoring_elements 0.45804
published_at 2026-04-16T12:55:00Z
2
value 0.00229
scoring_system epss
scoring_elements 0.45754
published_at 2026-04-13T12:55:00Z
3
value 0.00229
scoring_system epss
scoring_elements 0.45745
published_at 2026-04-12T12:55:00Z
4
value 0.00229
scoring_system epss
scoring_elements 0.45775
published_at 2026-04-11T12:55:00Z
5
value 0.00229
scoring_system epss
scoring_elements 0.45753
published_at 2026-04-09T12:55:00Z
6
value 0.00229
scoring_system epss
scoring_elements 0.45757
published_at 2026-04-08T12:55:00Z
7
value 0.00229
scoring_system epss
scoring_elements 0.457
published_at 2026-04-07T12:55:00Z
8
value 0.00229
scoring_system epss
scoring_elements 0.45751
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25673
2
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
5
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-03T15:25:53Z/
url https://groups.google.com/g/django-announce
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25673
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25673
7
reference_url https://www.djangoproject.com/weblog/2026/mar/03/security-releases
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2026/mar/03/security-releases
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2444115
reference_id 2444115
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2444115
9
reference_url https://github.com/advisories/GHSA-8p8v-wh79-9r56
reference_id GHSA-8p8v-wh79-9r56
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8p8v-wh79-9r56
10
reference_url https://www.djangoproject.com/weblog/2026/mar/03/security-releases/
reference_id security-releases
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-03T15:25:53Z/
url https://www.djangoproject.com/weblog/2026/mar/03/security-releases/
fixed_packages
0
url pkg:deb/debian/python-django@0?distro=trixie
purl pkg:deb/debian/python-django@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@0%3Fdistro=trixie
1
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2?distro=trixie
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-jzae-1awh-k7cm
6
vulnerability VCID-mga4-an1w-qqf9
7
vulnerability VCID-ssut-reka-r3f8
8
vulnerability VCID-xhpa-mffz-syfy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2%3Fdistro=trixie
2
url pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-jzae-1awh-k7cm
6
vulnerability VCID-mga4-an1w-qqf9
7
vulnerability VCID-ssut-reka-r3f8
8
vulnerability VCID-xhpa-mffz-syfy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/python-django@3:4.2.28-0%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/python-django@3:4.2.28-0%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-ssut-reka-r3f8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.28-0%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/python-django@3:4.2.29-1?distro=trixie
purl pkg:deb/debian/python-django@3:4.2.29-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ff2a-at5f-2qa8
3
vulnerability VCID-gfym-spzk-w7gk
4
vulnerability VCID-ssut-reka-r3f8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.29-1%3Fdistro=trixie
5
url pkg:deb/debian/python-django@3:4.2.30-1?distro=trixie
purl pkg:deb/debian/python-django@3:4.2.30-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.30-1%3Fdistro=trixie
aliases CVE-2026-25673, GHSA-8p8v-wh79-9r56
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nda7-9219-6kce
9
url VCID-p9fd-1qx2-8ubc
vulnerability_id VCID-p9fd-1qx2-8ubc
summary An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27556.json
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27556.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-27556
reference_id
reference_type
scores
0
value 0.00169
scoring_system epss
scoring_elements 0.38111
published_at 2026-04-16T12:55:00Z
1
value 0.00169
scoring_system epss
scoring_elements 0.38066
published_at 2026-04-13T12:55:00Z
2
value 0.00169
scoring_system epss
scoring_elements 0.3809
published_at 2026-04-12T12:55:00Z
3
value 0.00169
scoring_system epss
scoring_elements 0.38126
published_at 2026-04-11T12:55:00Z
4
value 0.00169
scoring_system epss
scoring_elements 0.381
published_at 2026-04-08T12:55:00Z
5
value 0.00169
scoring_system epss
scoring_elements 0.3805
published_at 2026-04-07T12:55:00Z
6
value 0.00169
scoring_system epss
scoring_elements 0.3818
published_at 2026-04-04T12:55:00Z
7
value 0.00169
scoring_system epss
scoring_elements 0.38157
published_at 2026-04-02T12:55:00Z
8
value 0.00169
scoring_system epss
scoring_elements 0.38108
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-27556
2
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
3
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-02T13:21:14Z/
url https://docs.djangoproject.com/en/dev/releases/security/
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
6
reference_url https://github.com/django/django/commit/2cb311f7b069723027fb5def4044d1816d7d2afd
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/2cb311f7b069723027fb5def4044d1816d7d2afd
7
reference_url https://github.com/django/django/commit/39e2297210d9d2938c75fc911d45f0e863dc4821
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/39e2297210d9d2938c75fc911d45f0e863dc4821
8
reference_url https://github.com/django/django/commit/8c6871b097b6c49d2a782c0d80d908bcbe2116f1
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/8c6871b097b6c49d2a782c0d80d908bcbe2116f1
9
reference_url https://github.com/django/django/commit/edc2716d01a6fdd84b173c02031695231bcee1f8
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/edc2716d01a6fdd84b173c02031695231bcee1f8
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-14.yaml
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-14.yaml
11
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-02T13:21:14Z/
url https://groups.google.com/g/django-announce
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-27556
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-27556
13
reference_url https://www.djangoproject.com/weblog/2025/apr/02/security-releases
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2025/apr/02/security-releases
14
reference_url https://www.djangoproject.com/weblog/2025/apr/02/security-releases/
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-02T13:21:14Z/
url https://www.djangoproject.com/weblog/2025/apr/02/security-releases/
15
reference_url http://www.openwall.com/lists/oss-security/2025/04/02/2
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/04/02/2
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2356899
reference_id 2356899
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2356899
17
reference_url https://github.com/advisories/GHSA-wqfg-m96j-85vm
reference_id GHSA-wqfg-m96j-85vm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wqfg-m96j-85vm
fixed_packages
0
url pkg:deb/debian/python-django@0?distro=trixie
purl pkg:deb/debian/python-django@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@0%3Fdistro=trixie
1
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2?distro=trixie
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-jzae-1awh-k7cm
6
vulnerability VCID-mga4-an1w-qqf9
7
vulnerability VCID-ssut-reka-r3f8
8
vulnerability VCID-xhpa-mffz-syfy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2%3Fdistro=trixie
2
url pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-jzae-1awh-k7cm
6
vulnerability VCID-mga4-an1w-qqf9
7
vulnerability VCID-ssut-reka-r3f8
8
vulnerability VCID-xhpa-mffz-syfy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/python-django@3:4.2.28-0%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/python-django@3:4.2.28-0%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-ssut-reka-r3f8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.28-0%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/python-django@3:4.2.29-1?distro=trixie
purl pkg:deb/debian/python-django@3:4.2.29-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ff2a-at5f-2qa8
3
vulnerability VCID-gfym-spzk-w7gk
4
vulnerability VCID-ssut-reka-r3f8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.29-1%3Fdistro=trixie
5
url pkg:deb/debian/python-django@3:4.2.30-1?distro=trixie
purl pkg:deb/debian/python-django@3:4.2.30-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.30-1%3Fdistro=trixie
aliases BIT-django-2025-27556, CVE-2025-27556, GHSA-wqfg-m96j-85vm, PYSEC-2025-14
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p9fd-1qx2-8ubc
10
url VCID-t8d7-68j2-suet
vulnerability_id VCID-t8d7-68j2-suet
summary validators.URLValidator in Django 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5145.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5145.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-5145
reference_id
reference_type
scores
0
value 0.00787
scoring_system epss
scoring_elements 0.73791
published_at 2026-04-02T12:55:00Z
1
value 0.00787
scoring_system epss
scoring_elements 0.73784
published_at 2026-04-07T12:55:00Z
2
value 0.00787
scoring_system epss
scoring_elements 0.73814
published_at 2026-04-04T12:55:00Z
3
value 0.00787
scoring_system epss
scoring_elements 0.73781
published_at 2026-04-01T12:55:00Z
4
value 0.00787
scoring_system epss
scoring_elements 0.7387
published_at 2026-04-16T12:55:00Z
5
value 0.00787
scoring_system epss
scoring_elements 0.73828
published_at 2026-04-13T12:55:00Z
6
value 0.00787
scoring_system epss
scoring_elements 0.73836
published_at 2026-04-12T12:55:00Z
7
value 0.00787
scoring_system epss
scoring_elements 0.73854
published_at 2026-04-11T12:55:00Z
8
value 0.00787
scoring_system epss
scoring_elements 0.73832
published_at 2026-04-09T12:55:00Z
9
value 0.00787
scoring_system epss
scoring_elements 0.73819
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-5145
2
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
3
reference_url https://github.com/django/django/blob/4555a823fd57e261e1b19c778429473256c8ea08/docs/releases/1.8.3.txt#L63-L68
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/blob/4555a823fd57e261e1b19c778429473256c8ea08/docs/releases/1.8.3.txt#L63-L68
4
reference_url https://github.com/django/django/commit/8f9a4d3a2bc42f14bb437defd30c7315adbff22c
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/8f9a4d3a2bc42f14bb437defd30c7315adbff22c
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2015-21.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2015-21.yaml
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-5145
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-5145
7
reference_url https://security.gentoo.org/glsa/201510-06
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201510-06
8
reference_url https://web.archive.org/web/20150924150801/http://www.securitytracker.com/id/1032820
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20150924150801/http://www.securitytracker.com/id/1032820
9
reference_url https://web.archive.org/web/20170526042302/http://www.securityfocus.com/bid/75691
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20170526042302/http://www.securityfocus.com/bid/75691
10
reference_url https://www.djangoproject.com/weblog/2015/jul/08/security-releases
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2015/jul/08/security-releases
11
reference_url https://www.djangoproject.com/weblog/2015/jul/08/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2015/jul/08/security-releases/
12
reference_url http://www.securityfocus.com/bid/75691
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/75691
13
reference_url http://www.securitytracker.com/id/1032820
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1032820
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1240526
reference_id 1240526
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1240526
15
reference_url https://github.com/advisories/GHSA-cqf7-ff9h-7967
reference_id GHSA-cqf7-ff9h-7967
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cqf7-ff9h-7967
fixed_packages
0
url pkg:deb/debian/python-django@0?distro=trixie
purl pkg:deb/debian/python-django@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@0%3Fdistro=trixie
1
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2?distro=trixie
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-jzae-1awh-k7cm
6
vulnerability VCID-mga4-an1w-qqf9
7
vulnerability VCID-ssut-reka-r3f8
8
vulnerability VCID-xhpa-mffz-syfy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2%3Fdistro=trixie
2
url pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-jzae-1awh-k7cm
6
vulnerability VCID-mga4-an1w-qqf9
7
vulnerability VCID-ssut-reka-r3f8
8
vulnerability VCID-xhpa-mffz-syfy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/python-django@3:4.2.28-0%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/python-django@3:4.2.28-0%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-ssut-reka-r3f8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.28-0%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/python-django@3:4.2.29-1?distro=trixie
purl pkg:deb/debian/python-django@3:4.2.29-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ff2a-at5f-2qa8
3
vulnerability VCID-gfym-spzk-w7gk
4
vulnerability VCID-ssut-reka-r3f8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.29-1%3Fdistro=trixie
5
url pkg:deb/debian/python-django@3:4.2.30-1?distro=trixie
purl pkg:deb/debian/python-django@3:4.2.30-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.30-1%3Fdistro=trixie
aliases CVE-2015-5145, GHSA-cqf7-ff9h-7967, PYSEC-2015-21
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t8d7-68j2-suet
11
url VCID-vwt9-q3dt-vbfg
vulnerability_id VCID-vwt9-q3dt-vbfg
summary 
Django is vulnerable to SQL injection in column aliases
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27.
`FilteredRelation` is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the `**kwargs` passed to `QuerySet.annotate()` or `QuerySet.alias()` on PostgreSQL.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Stackered for reporting this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13372.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13372.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-13372
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01173
published_at 2026-04-16T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.01184
published_at 2026-04-13T12:55:00Z
2
value 0.00011
scoring_system epss
scoring_elements 0.01181
published_at 2026-04-12T12:55:00Z
3
value 0.00011
scoring_system epss
scoring_elements 0.01188
published_at 2026-04-11T12:55:00Z
4
value 0.00011
scoring_system epss
scoring_elements 0.01201
published_at 2026-04-08T12:55:00Z
5
value 0.00011
scoring_system epss
scoring_elements 0.01194
published_at 2026-04-07T12:55:00Z
6
value 0.00011
scoring_system epss
scoring_elements 0.01182
published_at 2026-04-04T12:55:00Z
7
value 0.00011
scoring_system epss
scoring_elements 0.01203
published_at 2026-04-09T12:55:00Z
8
value 9e-05
scoring_system epss
scoring_elements 0.00835
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-13372
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
26
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
27
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
28
reference_url https://github.com/django/django/commit/479415ce5249bcdebeb6570c72df2a87f45a7bbf
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/479415ce5249bcdebeb6570c72df2a87f45a7bbf
29
reference_url https://github.com/django/django/commit/56aea00c3c5e1aacf4ed05f8ee06c2e78f02cea0
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/56aea00c3c5e1aacf4ed05f8ee06c2e78f02cea0
30
reference_url https://github.com/django/django/commit/5b90ca1e7591fa36fccf2d6dad67cf1477e6293e
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/5b90ca1e7591fa36fccf2d6dad67cf1477e6293e
31
reference_url https://github.com/django/django/commit/9c6a5bde24240382807d13bc3748d08444709355
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/9c6a5bde24240382807d13bc3748d08444709355
32
reference_url https://github.com/django/django/commit/f997037b235f6b5c9e7c4a501491ec45f3400f3d
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/f997037b235f6b5c9e7c4a501491ec45f3400f3d
33
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-02T15:43:29Z/
url https://groups.google.com/g/django-announce
34
reference_url https://www.djangoproject.com/weblog/2025/dec/02/security-releases
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2025/dec/02/security-releases
35
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121788
reference_id 1121788
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121788
36
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2418372
reference_id 2418372
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2418372
37
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-13372
reference_id CVE-2025-13372
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-13372
38
reference_url https://github.com/advisories/GHSA-rqw2-ghq9-44m7
reference_id GHSA-rqw2-ghq9-44m7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rqw2-ghq9-44m7
39
reference_url https://www.djangoproject.com/weblog/2025/dec/02/security-releases/
reference_id security-releases
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-02T15:43:29Z/
url https://www.djangoproject.com/weblog/2025/dec/02/security-releases/
40
reference_url https://usn.ubuntu.com/7903-1/
reference_id USN-7903-1
reference_type
scores
url https://usn.ubuntu.com/7903-1/
fixed_packages
0
url pkg:deb/debian/python-django@0?distro=trixie
purl pkg:deb/debian/python-django@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@0%3Fdistro=trixie
1
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2?distro=trixie
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-jzae-1awh-k7cm
6
vulnerability VCID-mga4-an1w-qqf9
7
vulnerability VCID-ssut-reka-r3f8
8
vulnerability VCID-xhpa-mffz-syfy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2%3Fdistro=trixie
2
url pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-jzae-1awh-k7cm
6
vulnerability VCID-mga4-an1w-qqf9
7
vulnerability VCID-ssut-reka-r3f8
8
vulnerability VCID-xhpa-mffz-syfy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u1%3Fdistro=trixie
4
url pkg:deb/debian/python-django@3:4.2.27-0%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/python-django@3:4.2.27-0%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.27-0%252Bdeb13u1%3Fdistro=trixie
5
url pkg:deb/debian/python-django@3:4.2.27-1?distro=trixie
purl pkg:deb/debian/python-django@3:4.2.27-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.27-1%3Fdistro=trixie
6
url pkg:deb/debian/python-django@3:4.2.28-0%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/python-django@3:4.2.28-0%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-ssut-reka-r3f8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.28-0%252Bdeb13u1%3Fdistro=trixie
7
url pkg:deb/debian/python-django@3:4.2.29-1?distro=trixie
purl pkg:deb/debian/python-django@3:4.2.29-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ff2a-at5f-2qa8
3
vulnerability VCID-gfym-spzk-w7gk
4
vulnerability VCID-ssut-reka-r3f8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.29-1%3Fdistro=trixie
8
url pkg:deb/debian/python-django@3:4.2.30-1?distro=trixie
purl pkg:deb/debian/python-django@3:4.2.30-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.30-1%3Fdistro=trixie
aliases CVE-2025-13372, GHSA-rqw2-ghq9-44m7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vwt9-q3dt-vbfg
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@0%3Fdistro=trixie