Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/django@0.95
purl pkg:pypi/django@0.95
Tags Ghost
Next non-vulnerable version 4.2.29
Latest non-vulnerable version 6.0.4
Risk 4.0
Vulnerabilities affecting this package (4)
Vulnerability Summary Fixed by
VCID-72fp-zabh-6qbv
Aliases:
CVE-2007-0405
GHSA-mwv2-398h-v489
Django Improper Access Control The LazyUser class in the AuthenticationMiddleware for Django 0.95 does not properly cache the user name across requests, which allows remote authenticated users to gain the privileges of a different user.
1.0
Affected by 2 other vulnerabilities.
VCID-8b12-22bg-jkch
Aliases:
CVE-2007-5712
GHSA-9v8h-57gv-qch6
PYSEC-2007-1
The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USE_I18N option and the i18n component are enabled, allows remote attackers to cause a denial of service (memory consumption) via many HTTP requests with large Accept-Language headers.
0.95.2
Affected by 0 other vulnerabilities.
0.96.1
Affected by 0 other vulnerabilities.
1.1
Affected by 45 other vulnerabilities.
VCID-v466-zd6u-dqce
Aliases:
CVE-2008-2302
GHSA-54qj-48vx-cr9f
PYSEC-2008-1
Cross-site scripting (XSS) vulnerability in the login form in the administration application in Django 0.91 before 0.91.2, 0.95 before 0.95.3, and 0.96 before 0.96.2 allows remote attackers to inject arbitrary web script or HTML via the URI of a certain previous request.
0.95.3
Affected by 0 other vulnerabilities.
0.96.2
Affected by 0 other vulnerabilities.
1.1
Affected by 45 other vulnerabilities.
VCID-yx42-v5s7-h7ac
Aliases:
CVE-2007-0404
GHSA-qc99-g3wm-hgxr
Django Arbitrary Code Execution `bin/compile-messages.py` in Django 0.95 does not quote argument strings before invoking the msgfmt program through the os.system function, which allows attackers to execute arbitrary commands via shell metacharacters in a (1) .po or (2) .mo file.
1.0
Affected by 2 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T16:00:34.515952+00:00 GHSA Importer Affected by VCID-v466-zd6u-dqce https://github.com/advisories/GHSA-54qj-48vx-cr9f 38.0.0
2026-04-01T16:00:32.218965+00:00 GHSA Importer Affected by VCID-8b12-22bg-jkch https://github.com/advisories/GHSA-9v8h-57gv-qch6 38.0.0
2026-04-01T16:00:28.976851+00:00 GHSA Importer Affected by VCID-yx42-v5s7-h7ac https://github.com/advisories/GHSA-qc99-g3wm-hgxr 38.0.0
2026-04-01T16:00:28.949722+00:00 GHSA Importer Affected by VCID-72fp-zabh-6qbv https://github.com/advisories/GHSA-mwv2-398h-v489 38.0.0
2026-04-01T13:12:04.335311+00:00 GithubOSV Importer Affected by VCID-72fp-zabh-6qbv https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-mwv2-398h-v489/GHSA-mwv2-398h-v489.json 38.0.0
2026-04-01T13:09:11.062050+00:00 GithubOSV Importer Affected by VCID-yx42-v5s7-h7ac https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qc99-g3wm-hgxr/GHSA-qc99-g3wm-hgxr.json 38.0.0
2026-04-01T12:49:58.999936+00:00 GitLab Importer Affected by VCID-8b12-22bg-jkch https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2007-5712.yml 38.0.0
2026-04-01T12:49:58.641062+00:00 GitLab Importer Affected by VCID-v466-zd6u-dqce https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2008-2302.yml 38.0.0
2026-04-01T12:49:58.453196+00:00 GitLab Importer Affected by VCID-72fp-zabh-6qbv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2007-0405.yml 38.0.0
2026-04-01T12:49:55.831839+00:00 GitLab Importer Affected by VCID-yx42-v5s7-h7ac https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2007-0404.yml 38.0.0