Search for packages
| purl | pkg:deb/debian/python-django@1.5.2-1?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-gwme-keqv-kkgr | The is_safe_url function in utils/http.py in Django 1.4.x before 1.4.6, 1.5.x before 1.5.2, and 1.6 before beta 2 treats a URL's scheme as safe even if it is not HTTP or HTTPS, which might introduce cross-site scripting (XSS) or other vulnerabilities into Django applications that use this function, as demonstrated by "the login view in django.contrib.auth.views" and the javascript: scheme. |
CVE-2013-6044
GHSA-9cwg-mhxf-hh59 PYSEC-2013-21 |
| VCID-hk24-1yzs-ybhu | Cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets.py in Django 1.5.x before 1.5.2 and 1.6.x before 1.6 beta 2 allows remote attackers to inject arbitrary web script or HTML via a URLField. |
CVE-2013-4249
GHSA-4894-5vqc-6r2r PYSEC-2013-19 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-16T10:53:20.154928+00:00 | Debian Importer | Fixing | VCID-gwme-keqv-kkgr | https://security-tracker.debian.org/tracker/data/json | 38.4.0 |
| 2026-04-16T09:49:08.350606+00:00 | Debian Importer | Fixing | VCID-hk24-1yzs-ybhu | https://security-tracker.debian.org/tracker/data/json | 38.4.0 |
| 2026-04-12T18:15:30.868349+00:00 | Debian Importer | Fixing | VCID-gwme-keqv-kkgr | https://security-tracker.debian.org/tracker/data/json | 38.3.0 |
| 2026-04-12T18:15:30.754867+00:00 | Debian Importer | Fixing | VCID-hk24-1yzs-ybhu | https://security-tracker.debian.org/tracker/data/json | 38.3.0 |
| 2026-04-03T07:50:40.414274+00:00 | Debian Importer | Fixing | VCID-gwme-keqv-kkgr | https://security-tracker.debian.org/tracker/data/json | 38.1.0 |
| 2026-04-03T07:50:40.324938+00:00 | Debian Importer | Fixing | VCID-hk24-1yzs-ybhu | https://security-tracker.debian.org/tracker/data/json | 38.1.0 |