Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/python-django@2:2.2.21-1?distro=trixie

Type deb

Namespace debian

Name python-django

Version 2:2.2.21-1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 2:2.2.22-1

Latest_non_vulnerable_version 3:4.2.30-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-kypj-ptb9-8qhz

vulnerability_id VCID-kypj-ptb9-8qhz

summary In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31542.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31542.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-31542

reference_id

reference_type

scores

value	0.06886
scoring_system	epss
scoring_elements	0.91403
published_at	2026-04-18T12:55:00Z

value	0.06886
scoring_system	epss
scoring_elements	0.91334
published_at	2026-04-02T12:55:00Z

value	0.06886
scoring_system	epss
scoring_elements	0.91378
published_at	2026-04-11T12:55:00Z

value	0.06886
scoring_system	epss
scoring_elements	0.91371
published_at	2026-04-09T12:55:00Z

value	0.06886
scoring_system	epss
scoring_elements	0.91364
published_at	2026-04-08T12:55:00Z

value	0.06886
scoring_system	epss
scoring_elements	0.91352
published_at	2026-04-07T12:55:00Z

value	0.06886
scoring_system	epss
scoring_elements	0.91344
published_at	2026-04-04T12:55:00Z

value	0.06886
scoring_system	epss
scoring_elements	0.9133
published_at	2026-04-01T12:55:00Z

value	0.06886
scoring_system	epss
scoring_elements	0.91405
published_at	2026-04-21T12:55:00Z

value	0.06886
scoring_system	epss
scoring_elements	0.9138
published_at	2026-04-13T12:55:00Z

value	0.06886
scoring_system	epss
scoring_elements	0.91381
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-31542

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31542
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31542

reference_url

https://docs.djangoproject.com/en/3.2/releases/security

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://docs.djangoproject.com/en/3.2/releases/security

reference_url	https://docs.djangoproject.com/en/3.2/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/3.2/releases/security/

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/advisories/GHSA-rxjp-mfm9-w4wr

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-rxjp-mfm9-w4wr

reference_url

https://github.com/django/django

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django

reference_url

https://github.com/django/django/commit/04ac1624bdc2fa737188401757cf95ced122d26d

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/04ac1624bdc2fa737188401757cf95ced122d26d

reference_url

https://github.com/django/django/commit/25d84d64122c15050a0ee739e859f22ddab5ac48

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/25d84d64122c15050a0ee739e859f22ddab5ac48

reference_url

https://github.com/django/django/commit/c98f446c188596d4ba6de71d1b77b4a6c5c2a007

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/c98f446c188596d4ba6de71d1b77b4a6c5c2a007

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-7.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-7.yaml

reference_url

https://groups.google.com/forum/#%21forum/django-announce

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#%21forum/django-announce

reference_url

https://groups.google.com/forum/#!forum/django-announce

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!forum/django-announce

reference_url

https://lists.debian.org/debian-lts-announce/2021/05/msg00005.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/05/msg00005.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-31542

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-31542

reference_url

https://security.netapp.com/advisory/ntap-20210618-0001

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210618-0001

reference_url

https://www.djangoproject.com/weblog/2021/may/04/security-releases

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.djangoproject.com/weblog/2021/may/04/security-releases

reference_url	https://www.djangoproject.com/weblog/2021/may/04/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2021/may/04/security-releases/

reference_url

http://www.openwall.com/lists/oss-security/2021/05/04/3

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2021/05/04/3

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1954294
reference_id	1954294
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1954294

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988053
reference_id	988053
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988053

reference_url

https://security.archlinux.org/AVG-1910

reference_id

AVG-1910

reference_type

scores

value	Low
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1910

reference_url	https://security.gentoo.org/glsa/202509-03
reference_id	GLSA-202509-03
reference_type
scores
url	https://security.gentoo.org/glsa/202509-03

reference_url	https://access.redhat.com/errata/RHSA-2021:4702
reference_id	RHSA-2021:4702
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4702

reference_url	https://access.redhat.com/errata/RHSA-2021:5070
reference_id	RHSA-2021:5070
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:5070

reference_url	https://usn.ubuntu.com/4932-1/
reference_id	USN-4932-1
reference_type
scores
url	https://usn.ubuntu.com/4932-1/

reference_url	https://usn.ubuntu.com/4932-2/
reference_id	USN-4932-2
reference_type
scores
url	https://usn.ubuntu.com/4932-2/

fixed_packages

url	pkg:deb/debian/python-django@2:2.2.21-1?distro=trixie
purl	pkg:deb/debian/python-django@2:2.2.21-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.21-1%3Fdistro=trixie

url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2?distro=trixie

purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1adz-zw3h-pqek

vulnerability	VCID-46pv-pzsu-jucd

vulnerability	VCID-ac4c-321h-tqfk

vulnerability	VCID-ff2a-at5f-2qa8

vulnerability	VCID-gfym-spzk-w7gk

vulnerability	VCID-jzae-1awh-k7cm

vulnerability	VCID-mga4-an1w-qqf9

vulnerability	VCID-ssut-reka-r3f8

vulnerability	VCID-xhpa-mffz-syfy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2%3Fdistro=trixie

url pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1adz-zw3h-pqek

vulnerability	VCID-46pv-pzsu-jucd

vulnerability	VCID-ac4c-321h-tqfk

vulnerability	VCID-ff2a-at5f-2qa8

vulnerability	VCID-gfym-spzk-w7gk

vulnerability	VCID-jzae-1awh-k7cm

vulnerability	VCID-mga4-an1w-qqf9

vulnerability	VCID-ssut-reka-r3f8

vulnerability	VCID-xhpa-mffz-syfy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/python-django@3:4.2.28-0%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/python-django@3:4.2.28-0%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1adz-zw3h-pqek

vulnerability	VCID-46pv-pzsu-jucd

vulnerability	VCID-ac4c-321h-tqfk

vulnerability	VCID-ff2a-at5f-2qa8

vulnerability	VCID-gfym-spzk-w7gk

vulnerability	VCID-ssut-reka-r3f8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.28-0%252Bdeb13u1%3Fdistro=trixie

url pkg:deb/debian/python-django@3:4.2.29-1?distro=trixie

purl pkg:deb/debian/python-django@3:4.2.29-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1adz-zw3h-pqek

vulnerability	VCID-46pv-pzsu-jucd

vulnerability	VCID-ff2a-at5f-2qa8

vulnerability	VCID-gfym-spzk-w7gk

vulnerability	VCID-ssut-reka-r3f8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.29-1%3Fdistro=trixie

url	pkg:deb/debian/python-django@3:4.2.30-1?distro=trixie
purl	pkg:deb/debian/python-django@3:4.2.30-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.30-1%3Fdistro=trixie

aliases BIT-django-2021-31542, CVE-2021-31542, GHSA-rxjp-mfm9-w4wr, PYSEC-2021-7

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kypj-ptb9-8qhz

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.21-1%3Fdistro=trixie

Package Instance