Search for packages
| purl | pkg:deb/debian/python-django@3:4.2.16-1?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-e2jd-yd4j-kqgt | Django allows enumeration of user e-mail addresses An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing). |
CVE-2024-45231
GHSA-rrqc-c2jx-6jgv |
| VCID-mga4-an1w-qqf9 | Django vulnerable to denial-of-service attack via the urlize() and urlizetrunc() template filters An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters. |
BIT-django-2024-45230
CVE-2024-45230 GHSA-5hgc-2vfp-mqvc PYSEC-2024-102 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-16T09:45:42.768473+00:00 | Debian Importer | Fixing | VCID-e2jd-yd4j-kqgt | https://security-tracker.debian.org/tracker/data/json | 38.4.0 |
| 2026-04-12T18:15:35.964360+00:00 | Debian Importer | Fixing | VCID-e2jd-yd4j-kqgt | https://security-tracker.debian.org/tracker/data/json | 38.3.0 |
| 2026-04-12T18:15:35.896561+00:00 | Debian Importer | Fixing | VCID-mga4-an1w-qqf9 | https://security-tracker.debian.org/tracker/data/json | 38.3.0 |
| 2026-04-03T07:50:45.066371+00:00 | Debian Importer | Fixing | VCID-e2jd-yd4j-kqgt | https://security-tracker.debian.org/tracker/data/json | 38.1.0 |
| 2026-04-03T07:50:45.004691+00:00 | Debian Importer | Fixing | VCID-mga4-an1w-qqf9 | https://security-tracker.debian.org/tracker/data/json | 38.1.0 |