VulnerableCode Package Details - pkg:deb/debian/python-django@1.4.4-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-8yfq-hpqh-zqcp	XML External Entity (XXE) in Django The XML libraries for Python as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.	CVE-2013-1665 GHSA-x64m-686f-fmm3
VCID-cnnp-j1tv-7uhu	The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of service (memory consumption) or trigger server errors via a modified max_num parameter.	CVE-2013-0306 GHSA-g8xg-jgj6-49r3 PYSEC-2013-17
VCID-t3um-xpzf-23eg	The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated administrators to obtain sensitive object history information.	CVE-2013-0305 GHSA-r7w6-p47g-vj53 PYSEC-2013-16

Vulnerability

Summary

Aliases

VCID-8yfq-hpqh-zqcp

XML External Entity (XXE) in Django The XML libraries for Python as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.

CVE-2013-1665
GHSA-x64m-686f-fmm3

VCID-cnnp-j1tv-7uhu

The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of service (memory consumption) or trigger server errors via a modified max_num parameter.

CVE-2013-0306
GHSA-g8xg-jgj6-49r3
PYSEC-2013-17

VCID-t3um-xpzf-23eg

The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated administrators to obtain sensitive object history information.

CVE-2013-0305
GHSA-r7w6-p47g-vj53
PYSEC-2013-16

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T10:51:21.208952+00:00	Debian Importer	Fixing	VCID-cnnp-j1tv-7uhu	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:07:54.144141+00:00	Debian Importer	Fixing	VCID-t3um-xpzf-23eg	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:38:34.534649+00:00	Debian Importer	Fixing	VCID-8yfq-hpqh-zqcp	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-12T18:15:30.698282+00:00	Debian Importer	Fixing	VCID-8yfq-hpqh-zqcp	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-12T18:15:30.601475+00:00	Debian Importer	Fixing	VCID-cnnp-j1tv-7uhu	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-12T18:15:30.553018+00:00	Debian Importer	Fixing	VCID-t3um-xpzf-23eg	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:50:40.283478+00:00	Debian Importer	Fixing	VCID-8yfq-hpqh-zqcp	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:50:40.188357+00:00	Debian Importer	Fixing	VCID-cnnp-j1tv-7uhu	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:50:40.139790+00:00	Debian Importer	Fixing	VCID-t3um-xpzf-23eg	https://security-tracker.debian.org/tracker/data/json	38.1.0