Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/django@1.7a1
purl pkg:pypi/django@1.7a1
Tags Ghost
Next non-vulnerable version 4.2.29
Latest non-vulnerable version 6.0.4
Risk 4.5
Vulnerabilities affecting this package (4)
Vulnerability Summary Fixed by
VCID-bgjt-c6sa-pfaj
Aliases:
CVE-2014-3730
GHSA-vq3h-3q7v-9prw
PYSEC-2014-20
The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by "http:\\\djangoproject.com."
1.7b4
Affected by 0 other vulnerabilities.
VCID-eker-m822-cuax
Aliases:
CVE-2014-0483
GHSA-rw75-m7gp-92m3
PYSEC-2014-7
The administrative interface (contrib.admin) in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a to_field parameter in a popup action to an admin change form page, as demonstrated by a /admin/auth/user/?pop=1&t=password URI.
1.7rc3
Affected by 0 other vulnerabilities.
VCID-jc9f-vgy8-ruan
Aliases:
CVE-2014-0482
GHSA-625g-gx8c-xcmg
PYSEC-2014-6
The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors related to the REMOTE_USER header.
1.7rc3
Affected by 0 other vulnerabilities.
VCID-q64b-r7td-2yab
Aliases:
CVE-2014-1418
GHSA-q7q2-qf2q-rw3w
PYSEC-2014-19
Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the (1) Vary: Cookie or (2) Cache-Control header in responses, which allows remote attackers to obtain sensitive information or poison the cache via a request from certain browsers.
1.7b4
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-04T14:31:25.942408+00:00 GHSA Importer Affected by VCID-q64b-r7td-2yab https://github.com/advisories/GHSA-q7q2-qf2q-rw3w 38.1.0
2026-04-04T14:30:41.716284+00:00 GHSA Importer Affected by VCID-bgjt-c6sa-pfaj https://github.com/advisories/GHSA-vq3h-3q7v-9prw 38.1.0
2026-04-04T14:30:41.396065+00:00 GHSA Importer Affected by VCID-eker-m822-cuax https://github.com/advisories/GHSA-rw75-m7gp-92m3 38.1.0
2026-04-04T14:30:41.324478+00:00 GHSA Importer Affected by VCID-jc9f-vgy8-ruan https://github.com/advisories/GHSA-625g-gx8c-xcmg 38.1.0
2026-04-01T12:50:42.567234+00:00 GitLab Importer Affected by VCID-q64b-r7td-2yab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2014-1418.yml 38.0.0
2026-04-01T12:50:38.614469+00:00 GitLab Importer Affected by VCID-bgjt-c6sa-pfaj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2014-3730.yml 38.0.0
2026-04-01T12:50:36.525855+00:00 GitLab Importer Affected by VCID-eker-m822-cuax https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2014-0483.yml 38.0.0
2026-04-01T12:50:35.443831+00:00 GitLab Importer Affected by VCID-jc9f-vgy8-ruan https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2014-0482.yml 38.0.0