VulnerableCode Package Details - pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-1adz-zw3h-pqek		CVE-2026-3902 GHSA-mvfq-ggxm-9mc5
VCID-46pv-pzsu-jucd		CVE-2026-4292 GHSA-mmwr-2jhp-mc7j
VCID-ac4c-321h-tqfk	Django has a Race Condition vulnerability An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. Race condition in file-system storage and file-based cache backends in Django allows an attacker to cause file system objects to be created with incorrect permissions via concurrent requests, where one thread's temporary `umask` change affects other threads in multi-threaded environments. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Tarek Nakkouch for reporting this issue.	CVE-2026-25674 GHSA-mjgh-79qc-68w3
VCID-ff2a-at5f-2qa8		CVE-2026-33033 GHSA-5mf9-h53q-7mhq
VCID-gfym-spzk-w7gk		CVE-2026-4277 GHSA-pwjp-ccjc-ghwg
VCID-jzae-1awh-k7cm	An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets.	BIT-django-2024-38875 CVE-2024-38875 GHSA-qg2p-9jwr-mmqf PYSEC-2024-56
VCID-mga4-an1w-qqf9	Django vulnerable to denial-of-service attack via the urlize() and urlizetrunc() template filters An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.	BIT-django-2024-45230 CVE-2024-45230 GHSA-5hgc-2vfp-mqvc PYSEC-2024-102
VCID-ssut-reka-r3f8		CVE-2026-33034 GHSA-933h-hp56-hf7m
VCID-xhpa-mffz-syfy	An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.	BIT-django-2024-41990 CVE-2024-41990 GHSA-795c-9xpc-xw6g PYSEC-2024-68

Vulnerability

Summary

Aliases

VCID-1adz-zw3h-pqek

CVE-2026-3902
GHSA-mvfq-ggxm-9mc5

VCID-46pv-pzsu-jucd

CVE-2026-4292
GHSA-mmwr-2jhp-mc7j

VCID-ac4c-321h-tqfk

Django has a Race Condition vulnerability An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. Race condition in file-system storage and file-based cache backends in Django allows an attacker to cause file system objects to be created with incorrect permissions via concurrent requests, where one thread's temporary `umask` change affects other threads in multi-threaded environments. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Tarek Nakkouch for reporting this issue.

CVE-2026-25674
GHSA-mjgh-79qc-68w3

VCID-ff2a-at5f-2qa8

CVE-2026-33033
GHSA-5mf9-h53q-7mhq

VCID-gfym-spzk-w7gk

CVE-2026-4277
GHSA-pwjp-ccjc-ghwg

VCID-jzae-1awh-k7cm

An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets.

BIT-django-2024-38875
CVE-2024-38875
GHSA-qg2p-9jwr-mmqf
PYSEC-2024-56

VCID-mga4-an1w-qqf9

Django vulnerable to denial-of-service attack via the urlize() and urlizetrunc() template filters An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.

BIT-django-2024-45230
CVE-2024-45230
GHSA-5hgc-2vfp-mqvc
PYSEC-2024-102

VCID-ssut-reka-r3f8

CVE-2026-33034
GHSA-933h-hp56-hf7m

VCID-xhpa-mffz-syfy

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.

BIT-django-2024-41990
CVE-2024-41990
GHSA-795c-9xpc-xw6g
PYSEC-2024-68

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T12:39:26.072365+00:00	Debian Importer	Fixing	VCID-ac4c-321h-tqfk	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:19:52.435794+00:00	Debian Importer	Fixing	VCID-gfym-spzk-w7gk	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:56:30.569704+00:00	Debian Importer	Fixing	VCID-jzae-1awh-k7cm	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:57:11.096036+00:00	Debian Importer	Fixing	VCID-46pv-pzsu-jucd	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:54:13.505647+00:00	Debian Importer	Fixing	VCID-xhpa-mffz-syfy	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:52:21.021736+00:00	Debian Importer	Fixing	VCID-1adz-zw3h-pqek	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:33:24.724345+00:00	Debian Importer	Fixing	VCID-mga4-an1w-qqf9	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:22:23.294431+00:00	Debian Importer	Fixing	VCID-ff2a-at5f-2qa8	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:48:52.358732+00:00	Debian Importer	Fixing	VCID-ssut-reka-r3f8	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:40:27.454284+00:00	Debian Importer	Fixing	VCID-ac4c-321h-tqfk	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:42:42.246722+00:00	Debian Importer	Fixing	VCID-gfym-spzk-w7gk	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:25:10.033797+00:00	Debian Importer	Fixing	VCID-jzae-1awh-k7cm	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:39:56.643341+00:00	Debian Importer	Fixing	VCID-46pv-pzsu-jucd	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:37:37.860450+00:00	Debian Importer	Fixing	VCID-xhpa-mffz-syfy	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:36:08.500084+00:00	Debian Importer	Fixing	VCID-1adz-zw3h-pqek	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:22:11.744034+00:00	Debian Importer	Fixing	VCID-mga4-an1w-qqf9	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:15:34.358309+00:00	Debian Importer	Fixing	VCID-ff2a-at5f-2qa8	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:55:19.973663+00:00	Debian Importer	Fixing	VCID-ssut-reka-r3f8	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-10T09:17:40.517906+00:00	Debian Importer	Fixing	VCID-1adz-zw3h-pqek	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-10T08:14:41.294086+00:00	Debian Importer	Fixing	VCID-gfym-spzk-w7gk	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-10T08:06:51.314600+00:00	Debian Importer	Fixing	VCID-46pv-pzsu-jucd	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-10T07:11:51.293686+00:00	Debian Importer	Fixing	VCID-ff2a-at5f-2qa8	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-10T06:53:22.700147+00:00	Debian Importer	Fixing	VCID-ssut-reka-r3f8	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T19:46:36.473662+00:00	Debian Importer	Fixing	VCID-ac4c-321h-tqfk	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T18:55:51.850761+00:00	Debian Importer	Fixing	VCID-jzae-1awh-k7cm	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T18:24:18.597157+00:00	Debian Importer	Fixing	VCID-xhpa-mffz-syfy	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T18:13:27.852969+00:00	Debian Importer	Fixing	VCID-mga4-an1w-qqf9	https://security-tracker.debian.org/tracker/data/json	38.1.0