VulnerableCode Package Details - pkg:deb/debian/python-django@3:4.2.17-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-3sac-ah8j-pucd	Django SQL injection in HasKey(lhs, rhs) on Oracle An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. (Applications that use the jsonfield.has_key lookup via __ are unaffected.)	BIT-django-2024-53908 CVE-2024-53908 GHSA-m9g8-fxxm-xg86 PYSEC-2024-157
VCID-wwa5-mhgu-9khz	Django denial-of-service in django.utils.html.strip_tags() An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities.	CVE-2024-53907 GHSA-8498-2h75-472j

Vulnerability

Summary

Aliases

VCID-3sac-ah8j-pucd

Django SQL injection in HasKey(lhs, rhs) on Oracle An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. (Applications that use the jsonfield.has_key lookup via __ are unaffected.)

BIT-django-2024-53908
CVE-2024-53908
GHSA-m9g8-fxxm-xg86
PYSEC-2024-157

VCID-wwa5-mhgu-9khz

Django denial-of-service in django.utils.html.strip_tags() An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities.

CVE-2024-53907
GHSA-8498-2h75-472j

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T10:38:05.096419+00:00	Debian Importer	Fixing	VCID-wwa5-mhgu-9khz	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:54:59.079005+00:00	Debian Importer	Fixing	VCID-3sac-ah8j-pucd	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-12T18:15:36.027108+00:00	Debian Importer	Fixing	VCID-wwa5-mhgu-9khz	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:59:00.900589+00:00	Debian Importer	Fixing	VCID-3sac-ah8j-pucd	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:50:45.172961+00:00	Debian Importer	Fixing	VCID-3sac-ah8j-pucd	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:50:45.124546+00:00	Debian Importer	Fixing	VCID-wwa5-mhgu-9khz	https://security-tracker.debian.org/tracker/data/json	38.1.0