VulnerableCode Package Details - pkg:alpm/archlinux/python-django@3.2-1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:alpm/archlinux/python-django@3.2-1

Essentials
History (2)

purl	pkg:alpm/archlinux/python-django@3.2-1

Next non-vulnerable version	3.2.2-1
Latest non-vulnerable version	5.1.11-1
Risk	4.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-kypj-ptb9-8qhz Aliases: BIT-django-2021-31542 CVE-2021-31542 GHSA-rxjp-mfm9-w4wr PYSEC-2021-7	In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names.	3.2.1-1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-u7m5-tzv2-c7hn	In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability.	BIT-django-2021-28658 CVE-2021-28658 GHSA-xgxc-v2qg-chmh PYSEC-2021-6

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T18:27:18.672277+00:00	Arch Linux Importer	Fixing	VCID-u7m5-tzv2-c7hn	https://security.archlinux.org/AVG-1776	38.0.0
2026-04-01T18:27:18.449903+00:00	Arch Linux Importer	Affected by	VCID-kypj-ptb9-8qhz	https://security.archlinux.org/AVG-1910	38.0.0