Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/django@3.1.13
purl pkg:pypi/django@3.1.13
Next non-vulnerable version 4.2.29
Latest non-vulnerable version 6.0.4
Risk 10.0
Vulnerabilities affecting this package (7)
Vulnerability Summary Fixed by
VCID-6gss-ppm5-3yc9
Aliases:
BIT-django-2022-36359
CVE-2022-36359
GHSA-8x94-hmjh-97hq
PYSEC-2022-245
An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input.
3.2.15
Affected by 15 other vulnerabilities.
4.0.7
Affected by 10 other vulnerabilities.
VCID-84mm-45p6-xkau
Aliases:
CVE-2025-64458
GHSA-qw25-v68c-qjf3
Django has a denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on Windows An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. NFKC normalization in Python is slow on Windows. As a consequence, `django.http.HttpResponseRedirect`, `django.http.HttpResponsePermanentRedirect`, and the shortcut `django.shortcuts.redirect` were subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Seokchan Yoon for reporting this issue.
4.2.26
Affected by 10 other vulnerabilities.
5.1.14
Affected by 2 other vulnerabilities.
5.2.8
Affected by 10 other vulnerabilities.
6.0a1
Affected by 6 other vulnerabilities.
VCID-896g-hqec-ryb9
Aliases:
BIT-django-2025-48432
CVE-2025-48432
GHSA-7xr5-9hcq-chf9
PYSEC-2025-47
An issue was discovered in Django 5.2 before 5.2.2, 5.1 before 5.1.10, and 4.2 before 4.2.22. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.
4.2.22
Affected by 15 other vulnerabilities.
5.1.10
Affected by 7 other vulnerabilities.
5.2.2
Affected by 15 other vulnerabilities.
VCID-9uzd-mmyv-mfh4
Aliases:
CVE-2025-64459
GHSA-frmv-pr5f-9mcr
Django vulnerable to SQL injection via _connector keyword argument in QuerySet and Q objects. An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. The methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank cyberstan for reporting this issue.
4.2.26
Affected by 10 other vulnerabilities.
5.1.14
Affected by 2 other vulnerabilities.
5.2.8
Affected by 10 other vulnerabilities.
6.0a1
Affected by 6 other vulnerabilities.
VCID-e2jd-yd4j-kqgt
Aliases:
CVE-2024-45231
GHSA-rrqc-c2jx-6jgv
Django allows enumeration of user e-mail addresses An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing).
4.2.16
Affected by 22 other vulnerabilities.
5.0.9
Affected by 10 other vulnerabilities.
5.1.1
Affected by 15 other vulnerabilities.
VCID-mzdk-m12w-q3fc
Aliases:
BIT-django-2021-44420
CVE-2021-44420
GHSA-v6rh-hp5x-86rv
PYSEC-2021-439
In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.
3.1.14
Affected by 6 other vulnerabilities.
3.2.10
Affected by 24 other vulnerabilities.
VCID-w4pr-k5nj-ckgy
Aliases:
CVE-2025-57833
GHSA-6w2r-r2m5-xq5w
Django is subject to SQL injection through its column aliases An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed QuerySet.annotate() or QuerySet.alias().
4.2.24
Affected by 14 other vulnerabilities.
5.1.12
Affected by 6 other vulnerabilities.
5.2.6
Affected by 14 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-gan1-9gwu-63d2 Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application. BIT-django-2021-35042
CVE-2021-35042
GHSA-xpfp-f569-q3p2
PYSEC-2021-109

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T23:51:36.684231+00:00 GitLab Importer Affected by VCID-84mm-45p6-xkau https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2025-64458.yml 38.4.0
2026-04-16T23:51:33.858067+00:00 GitLab Importer Affected by VCID-9uzd-mmyv-mfh4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2025-64459.yml 38.4.0
2026-04-16T23:40:26.504402+00:00 GitLab Importer Affected by VCID-w4pr-k5nj-ckgy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2025-57833.yml 38.4.0
2026-04-16T23:30:24.659741+00:00 GitLab Importer Affected by VCID-896g-hqec-ryb9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2025-48432.yml 38.4.0
2026-04-16T23:10:35.216290+00:00 GitLab Importer Affected by VCID-e2jd-yd4j-kqgt https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2024-45231.yml 38.4.0
2026-04-16T22:06:57.619449+00:00 GitLab Importer Affected by VCID-6gss-ppm5-3yc9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2022-36359.yml 38.4.0
2026-04-16T21:36:02.156027+00:00 GitLab Importer Affected by VCID-mzdk-m12w-q3fc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2021-44420.yml 38.4.0
2026-04-16T21:31:29.399784+00:00 GitLab Importer Fixing VCID-gan1-9gwu-63d2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2021-35042.yml 38.4.0
2026-04-16T02:33:25.902515+00:00 GHSA Importer Affected by VCID-6gss-ppm5-3yc9 https://github.com/advisories/GHSA-8x94-hmjh-97hq 38.4.0
2026-04-16T01:58:13.209173+00:00 GHSA Importer Affected by VCID-mzdk-m12w-q3fc https://github.com/advisories/GHSA-v6rh-hp5x-86rv 38.4.0
2026-04-16T01:55:30.330036+00:00 GHSA Importer Fixing VCID-gan1-9gwu-63d2 https://github.com/advisories/GHSA-xpfp-f569-q3p2 38.4.0
2026-04-12T01:13:10.606145+00:00 GitLab Importer Affected by VCID-84mm-45p6-xkau https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2025-64458.yml 38.3.0
2026-04-12T01:13:07.209719+00:00 GitLab Importer Affected by VCID-9uzd-mmyv-mfh4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2025-64459.yml 38.3.0
2026-04-12T01:01:13.181555+00:00 GitLab Importer Affected by VCID-w4pr-k5nj-ckgy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2025-57833.yml 38.3.0
2026-04-12T00:50:06.404885+00:00 GitLab Importer Affected by VCID-896g-hqec-ryb9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2025-48432.yml 38.3.0
2026-04-12T00:28:53.681215+00:00 GitLab Importer Affected by VCID-e2jd-yd4j-kqgt https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2024-45231.yml 38.3.0
2026-04-11T23:23:14.687061+00:00 GitLab Importer Affected by VCID-6gss-ppm5-3yc9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2022-36359.yml 38.3.0
2026-04-11T22:49:42.435946+00:00 GitLab Importer Affected by VCID-mzdk-m12w-q3fc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2021-44420.yml 38.3.0
2026-04-11T22:44:41.345678+00:00 GitLab Importer Fixing VCID-gan1-9gwu-63d2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2021-35042.yml 38.3.0
2026-04-11T13:58:53.655745+00:00 GHSA Importer Affected by VCID-6gss-ppm5-3yc9 https://github.com/advisories/GHSA-8x94-hmjh-97hq 38.3.0
2026-04-11T13:25:19.489678+00:00 GHSA Importer Affected by VCID-mzdk-m12w-q3fc https://github.com/advisories/GHSA-v6rh-hp5x-86rv 38.3.0
2026-04-11T13:22:31.959662+00:00 GHSA Importer Fixing VCID-gan1-9gwu-63d2 https://github.com/advisories/GHSA-xpfp-f569-q3p2 38.3.0
2026-04-03T01:22:07.321211+00:00 GitLab Importer Affected by VCID-84mm-45p6-xkau https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2025-64458.yml 38.1.0
2026-04-03T01:22:04.161434+00:00 GitLab Importer Affected by VCID-9uzd-mmyv-mfh4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2025-64459.yml 38.1.0
2026-04-03T01:09:27.923534+00:00 GitLab Importer Affected by VCID-w4pr-k5nj-ckgy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2025-57833.yml 38.1.0
2026-04-03T00:58:09.878479+00:00 GitLab Importer Affected by VCID-896g-hqec-ryb9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2025-48432.yml 38.1.0
2026-04-03T00:36:39.566916+00:00 GitLab Importer Affected by VCID-e2jd-yd4j-kqgt https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2024-45231.yml 38.1.0
2026-04-02T23:29:51.174818+00:00 GitLab Importer Affected by VCID-6gss-ppm5-3yc9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2022-36359.yml 38.1.0
2026-04-02T22:59:08.804456+00:00 GitLab Importer Affected by VCID-mzdk-m12w-q3fc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2021-44420.yml 38.1.0
2026-04-02T22:54:40.777218+00:00 GitLab Importer Fixing VCID-gan1-9gwu-63d2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2021-35042.yml 38.1.0
2026-04-02T14:45:06.163188+00:00 GHSA Importer Affected by VCID-6gss-ppm5-3yc9 https://github.com/advisories/GHSA-8x94-hmjh-97hq 38.1.0
2026-04-02T14:15:35.730157+00:00 GHSA Importer Affected by VCID-mzdk-m12w-q3fc https://github.com/advisories/GHSA-v6rh-hp5x-86rv 38.1.0
2026-04-02T14:13:06.711810+00:00 GHSA Importer Fixing VCID-gan1-9gwu-63d2 https://github.com/advisories/GHSA-xpfp-f569-q3p2 38.1.0
2026-04-01T17:51:16.040655+00:00 GitLab Importer Affected by VCID-6gss-ppm5-3yc9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2022-36359.yml 38.0.0
2026-04-01T17:17:49.515502+00:00 GitLab Importer Affected by VCID-mzdk-m12w-q3fc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2021-44420.yml 38.0.0
2026-04-01T15:11:46.756399+00:00 PyPI Importer Affected by VCID-mzdk-m12w-q3fc https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0
2026-04-01T15:09:49.181730+00:00 PyPI Importer Fixing VCID-gan1-9gwu-63d2 https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0
2026-04-01T13:01:00.196510+00:00 GithubOSV Importer Fixing VCID-gan1-9gwu-63d2 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/09/GHSA-xpfp-f569-q3p2/GHSA-xpfp-f569-q3p2.json 38.0.0
2026-04-01T12:48:52.478509+00:00 GitLab Importer Fixing VCID-gan1-9gwu-63d2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2021-35042.yml 38.0.0
2026-04-01T12:47:02.733132+00:00 Pypa Importer Affected by VCID-mzdk-m12w-q3fc https://github.com/pypa/advisory-database/blob/main/vulns/django/PYSEC-2021-439.yaml 38.0.0
2026-04-01T12:46:07.088859+00:00 Pypa Importer Fixing VCID-gan1-9gwu-63d2 https://github.com/pypa/advisory-database/blob/main/vulns/django/PYSEC-2021-109.yaml 38.0.0