Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/python-django@1.9.4-1?distro=trixie
purl pkg:deb/debian/python-django@1.9.4-1?distro=trixie
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-325d-7dfk-sqd2 The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests. CVE-2016-2513
GHSA-fp6p-5xvw-m74f
PYSEC-2016-16
VCID-ukxp-wqpr-t3by The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting (XSS) attacks via a URL containing basic authentication, as demonstrated by http://mysite.example.com\@attacker.com. CVE-2016-2512
GHSA-pw27-w7w4-9qc7
PYSEC-2016-15

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T09:29:06.248172+00:00 Debian Importer Fixing VCID-325d-7dfk-sqd2 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T08:39:34.761935+00:00 Debian Importer Fixing VCID-ukxp-wqpr-t3by https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-11T18:19:30.455683+00:00 Debian Importer Fixing VCID-325d-7dfk-sqd2 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T17:49:16.994509+00:00 Debian Importer Fixing VCID-ukxp-wqpr-t3by https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-03T07:50:41.586532+00:00 Debian Importer Fixing VCID-325d-7dfk-sqd2 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:50:41.538553+00:00 Debian Importer Fixing VCID-ukxp-wqpr-t3by https://security-tracker.debian.org/tracker/data/json 38.1.0