Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/python-django@3:4.2.14-1?distro=trixie
purl pkg:deb/debian/python-django@3:4.2.14-1?distro=trixie
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (4)
Vulnerability Summary Aliases
VCID-jzae-1awh-k7cm An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets. BIT-django-2024-38875
CVE-2024-38875
GHSA-qg2p-9jwr-mmqf
PYSEC-2024-56
VCID-q12d-kv8p-8ff7 An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate() method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password. BIT-django-2024-39329
CVE-2024-39329
GHSA-x7q2-wr7g-xqmf
PYSEC-2024-57
VCID-u3zk-tff2-aua9 An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters. BIT-django-2024-39614
CVE-2024-39614
GHSA-f6f8-9mx6-9mx2
PYSEC-2024-59
VCID-z27q-zfpz-ckby An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations from the parent class, potentially allow directory traversal via certain inputs during a save() call. (Built-in Storage sub-classes are unaffected.) BIT-django-2024-39330
CVE-2024-39330
GHSA-9jmf-237g-qf46
PYSEC-2024-58

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T12:20:33.999444+00:00 Debian Importer Fixing VCID-z27q-zfpz-ckby https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:53:00.583556+00:00 Debian Importer Fixing VCID-q12d-kv8p-8ff7 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:10:33.542691+00:00 Debian Importer Fixing VCID-u3zk-tff2-aua9 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-12T18:15:35.491991+00:00 Debian Importer Fixing VCID-z27q-zfpz-ckby https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-12T18:15:35.401906+00:00 Debian Importer Fixing VCID-q12d-kv8p-8ff7 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-12T18:15:35.302673+00:00 Debian Importer Fixing VCID-jzae-1awh-k7cm https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:08:32.560606+00:00 Debian Importer Fixing VCID-u3zk-tff2-aua9 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-03T07:50:44.712904+00:00 Debian Importer Fixing VCID-u3zk-tff2-aua9 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:50:44.649191+00:00 Debian Importer Fixing VCID-z27q-zfpz-ckby https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:50:44.585814+00:00 Debian Importer Fixing VCID-q12d-kv8p-8ff7 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:50:44.515442+00:00 Debian Importer Fixing VCID-jzae-1awh-k7cm https://security-tracker.debian.org/tracker/data/json 38.1.0