Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/djangorestframework@2.4.3-2
purl pkg:deb/debian/djangorestframework@2.4.3-2
Next non-vulnerable version 3.16.0-1
Latest non-vulnerable version 3.16.0-1
Risk 3.1
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-9h2z-u4vm-2kdk
Aliases:
CVE-2018-25045
GHSA-xqcf-hj92-967m
Django REST framework XSS Vulnerability Django REST framework (aka django-rest-framework) before 3.9.1 allows XSS because the default DRF Browsable API view templates disable autoescaping.
3.9.0-1+deb10u1
Affected by 2 other vulnerabilities.
3.12.1-1
Affected by 1 other vulnerability.
VCID-az5u-1a5w-9ffa
Aliases:
CVE-2020-25626
GHSA-fx83-3ph3-9j2q
PYSEC-2020-263
A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious <script> tags, leading to a cross-site-scripting (XSS) vulnerability.
3.9.0-1+deb10u1
Affected by 2 other vulnerabilities.
3.12.1-1
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T00:39:45.906859+00:00 Debian Oval Importer Affected by VCID-az5u-1a5w-9ffa https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T18:52:17.884078+00:00 Debian Oval Importer Affected by VCID-9h2z-u4vm-2kdk https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T14:55:05.910074+00:00 Debian Oval Importer Affected by VCID-9h2z-u4vm-2kdk https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 38.4.0
2026-04-15T14:53:20.323566+00:00 Debian Oval Importer Affected by VCID-az5u-1a5w-9ffa https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 38.4.0
2026-04-12T00:12:39.162058+00:00 Debian Oval Importer Affected by VCID-az5u-1a5w-9ffa https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T18:36:47.562069+00:00 Debian Oval Importer Affected by VCID-9h2z-u4vm-2kdk https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T14:43:21.687624+00:00 Debian Oval Importer Affected by VCID-9h2z-u4vm-2kdk https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 38.3.0
2026-04-11T14:41:34.776841+00:00 Debian Oval Importer Affected by VCID-az5u-1a5w-9ffa https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 38.3.0
2026-04-08T23:43:41.368253+00:00 Debian Oval Importer Affected by VCID-az5u-1a5w-9ffa https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T18:21:53.749992+00:00 Debian Oval Importer Affected by VCID-9h2z-u4vm-2kdk https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-07T23:16:16.139935+00:00 Debian Oval Importer Affected by VCID-9h2z-u4vm-2kdk https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 38.1.0
2026-04-07T23:14:33.990911+00:00 Debian Oval Importer Affected by VCID-az5u-1a5w-9ffa https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 38.1.0