Search for packages
| purl | pkg:deb/debian/python-django@3:4.2.28-0%2Bdeb13u1 |
| Next non-vulnerable version | 3:4.2.28-0+deb13u2 |
| Latest non-vulnerable version | 3:5.2.14-2 |
| Risk |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-55xg-pw9n-zkdy
Aliases: CVE-2026-35193 |
django: Django: Information disclosure due to improper caching of authenticated responses |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-tuqc-c251-h7ds
Aliases: CVE-2026-33033 GHSA-5mf9-h53q-7mhq PYSEC-2026-48 |
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. `MultiPartParser` allows remote attackers to degrade performance by submitting multipart uploads with `Content-Transfer-Encoding: base64` including excessive whitespace. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Seokchan Yoon for reporting this issue. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-04T19:57:10.515975+00:00 | Debian Importer | Affected by | VCID-tuqc-c251-h7ds | https://security-tracker.debian.org/tracker/data/json | 38.6.0 |
| 2026-06-04T19:43:27.500627+00:00 | Debian Importer | Affected by | VCID-55xg-pw9n-zkdy | https://security-tracker.debian.org/tracker/data/json | 38.6.0 |