Search for packages
| purl | pkg:pypi/django@4.2.0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3sac-ah8j-pucd
Aliases: BIT-django-2024-53908 CVE-2024-53908 GHSA-m9g8-fxxm-xg86 PYSEC-2024-157 |
Django SQL injection in HasKey(lhs, rhs) on Oracle An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. (Applications that use the jsonfield.has_key lookup via __ are unaffected.) |
Affected by 19 other vulnerabilities. Affected by 7 other vulnerabilities. Affected by 12 other vulnerabilities. |
|
VCID-wwa5-mhgu-9khz
Aliases: CVE-2024-53907 GHSA-8498-2h75-472j |
Django denial-of-service in django.utils.html.strip_tags() An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities. |
Affected by 19 other vulnerabilities. Affected by 7 other vulnerabilities. Affected by 12 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-07T04:56:35.206471+00:00 | GHSA Importer | Affected by | VCID-3sac-ah8j-pucd | https://github.com/advisories/GHSA-m9g8-fxxm-xg86 | 38.1.0 |
| 2026-04-07T04:56:34.998115+00:00 | GHSA Importer | Affected by | VCID-wwa5-mhgu-9khz | https://github.com/advisories/GHSA-8498-2h75-472j | 38.1.0 |
| 2026-04-02T12:40:31.144910+00:00 | GitLab Importer | Affected by | VCID-3sac-ah8j-pucd | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2024-53908.yml | 38.0.0 |
| 2026-04-02T12:40:31.041070+00:00 | GitLab Importer | Affected by | VCID-wwa5-mhgu-9khz | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2024-53907.yml | 38.0.0 |