VulnerableCode Package Details - pkg:deb/debian/python-django@1.6.3-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-2m9f-3cgw-ekdr	The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users.	CVE-2014-0473 GHSA-89hj-xfx5-7q66 PYSEC-2014-2
VCID-qzba-9xmg-3qer	The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path."	CVE-2014-0472 GHSA-rvq6-mrpv-m6rm PYSEC-2014-1
VCID-yemh-qd63-wuca	The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, related to "MySQL typecasting."	CVE-2014-0474 GHSA-wqjj-hx84-v449 PYSEC-2014-3

Vulnerability

Summary

Aliases

VCID-2m9f-3cgw-ekdr

The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users.

CVE-2014-0473
GHSA-89hj-xfx5-7q66
PYSEC-2014-2

VCID-qzba-9xmg-3qer

The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path."

CVE-2014-0472
GHSA-rvq6-mrpv-m6rm
PYSEC-2014-1

VCID-yemh-qd63-wuca

The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, related to "MySQL typecasting."

CVE-2014-0474
GHSA-wqjj-hx84-v449
PYSEC-2014-3

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T09:14:40.505845+00:00	Debian Importer	Fixing	VCID-qzba-9xmg-3qer	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:59:55.269640+00:00	Debian Importer	Fixing	VCID-yemh-qd63-wuca	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:58:34.051575+00:00	Debian Importer	Fixing	VCID-2m9f-3cgw-ekdr	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-12T18:15:30.915501+00:00	Debian Importer	Fixing	VCID-qzba-9xmg-3qer	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:02:03.088042+00:00	Debian Importer	Fixing	VCID-yemh-qd63-wuca	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:01:14.351614+00:00	Debian Importer	Fixing	VCID-2m9f-3cgw-ekdr	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:50:40.538058+00:00	Debian Importer	Fixing	VCID-yemh-qd63-wuca	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:50:40.496597+00:00	Debian Importer	Fixing	VCID-2m9f-3cgw-ekdr	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:50:40.455947+00:00	Debian Importer	Fixing	VCID-qzba-9xmg-3qer	https://security-tracker.debian.org/tracker/data/json	38.1.0