Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/djangorestframework@3.9.0-1%2Bdeb10u1
purl pkg:deb/debian/djangorestframework@3.9.0-1%2Bdeb10u1
Next non-vulnerable version 3.16.0-1
Latest non-vulnerable version 3.16.0-1
Risk 3.1
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-9h2z-u4vm-2kdk
Aliases:
CVE-2018-25045
GHSA-xqcf-hj92-967m
Django REST framework XSS Vulnerability Django REST framework (aka django-rest-framework) before 3.9.1 allows XSS because the default DRF Browsable API view templates disable autoescaping.
3.12.1-1
Affected by 1 other vulnerability.
VCID-az5u-1a5w-9ffa
Aliases:
CVE-2020-25626
GHSA-fx83-3ph3-9j2q
PYSEC-2020-263
A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious <script> tags, leading to a cross-site-scripting (XSS) vulnerability.
3.12.1-1
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-9h2z-u4vm-2kdk Django REST framework XSS Vulnerability Django REST framework (aka django-rest-framework) before 3.9.1 allows XSS because the default DRF Browsable API view templates disable autoescaping. CVE-2018-25045
GHSA-xqcf-hj92-967m
VCID-az5u-1a5w-9ffa A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious <script> tags, leading to a cross-site-scripting (XSS) vulnerability. CVE-2020-25626
GHSA-fx83-3ph3-9j2q
PYSEC-2020-263

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T00:39:45.914502+00:00 Debian Oval Importer Affected by VCID-az5u-1a5w-9ffa https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T18:52:17.892179+00:00 Debian Oval Importer Affected by VCID-9h2z-u4vm-2kdk https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T14:55:05.916715+00:00 Debian Oval Importer Fixing VCID-9h2z-u4vm-2kdk https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 38.4.0
2026-04-15T14:53:20.330462+00:00 Debian Oval Importer Fixing VCID-az5u-1a5w-9ffa https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 38.4.0
2026-04-12T00:12:39.169887+00:00 Debian Oval Importer Affected by VCID-az5u-1a5w-9ffa https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T18:36:47.566208+00:00 Debian Oval Importer Affected by VCID-9h2z-u4vm-2kdk https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T14:43:21.695882+00:00 Debian Oval Importer Fixing VCID-9h2z-u4vm-2kdk https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 38.3.0
2026-04-11T14:41:34.784375+00:00 Debian Oval Importer Fixing VCID-az5u-1a5w-9ffa https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 38.3.0
2026-04-08T23:43:41.375973+00:00 Debian Oval Importer Affected by VCID-az5u-1a5w-9ffa https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T18:21:53.758116+00:00 Debian Oval Importer Affected by VCID-9h2z-u4vm-2kdk https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-07T23:16:16.157384+00:00 Debian Oval Importer Fixing VCID-9h2z-u4vm-2kdk https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 38.1.0
2026-04-07T23:14:34.000937+00:00 Debian Oval Importer Fixing VCID-az5u-1a5w-9ffa https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 38.1.0