Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:alpm/archlinux/python-django@1.10.3-2
purl pkg:alpm/archlinux/python-django@1.10.3-2
Next non-vulnerable version 1.11-1
Latest non-vulnerable version 5.1.11-1
Risk 3.1
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-bdms-nb18-guf9
Aliases:
CVE-2017-7233
GHSA-37hp-765x-j95x
PYSEC-2017-9
Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an "on success" URL. The security check for these redirects (namely ``django.utils.http.is_safe_url()``) considered some numeric URLs "safe" when they shouldn't be, aka an open redirect vulnerability. Also, if a developer relies on ``is_safe_url()`` to provide safe redirect targets and puts such a URL into a link, they could suffer from an XSS attack.
1.11-1
Affected by 0 other vulnerabilities.
VCID-k25u-g17y-hyfh
Aliases:
CVE-2017-7234
GHSA-h4hv-m4h4-mhwg
PYSEC-2017-10
A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18) site using the ``django.views.static.serve()`` view could redirect to any other domain, aka an open redirect vulnerability.
1.11-1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T18:27:12.458702+00:00 Arch Linux Importer Affected by VCID-bdms-nb18-guf9 https://security.archlinux.org/AVG-233 38.0.0
2026-04-01T18:27:12.433555+00:00 Arch Linux Importer Affected by VCID-k25u-g17y-hyfh https://security.archlinux.org/AVG-233 38.0.0