Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/django@5.0.11
purl pkg:pypi/django@5.0.11
Next non-vulnerable version 5.1.15
Latest non-vulnerable version 6.0.4
Risk 10.0
Vulnerabilities affecting this package (6)
Vulnerability Summary Fixed by
VCID-84mm-45p6-xkau
Aliases:
CVE-2025-64458
GHSA-qw25-v68c-qjf3
Django has a denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on Windows An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. NFKC normalization in Python is slow on Windows. As a consequence, `django.http.HttpResponseRedirect`, `django.http.HttpResponsePermanentRedirect`, and the shortcut `django.shortcuts.redirect` were subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Seokchan Yoon for reporting this issue.
5.1.14
Affected by 2 other vulnerabilities.
5.2.8
Affected by 10 other vulnerabilities.
6.0a1
Affected by 6 other vulnerabilities.
VCID-896g-hqec-ryb9
Aliases:
BIT-django-2025-48432
CVE-2025-48432
GHSA-7xr5-9hcq-chf9
PYSEC-2025-47
An issue was discovered in Django 5.2 before 5.2.2, 5.1 before 5.1.10, and 4.2 before 4.2.22. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.
5.1.10
Affected by 7 other vulnerabilities.
5.2.2
Affected by 15 other vulnerabilities.
VCID-9uzd-mmyv-mfh4
Aliases:
CVE-2025-64459
GHSA-frmv-pr5f-9mcr
Django vulnerable to SQL injection via _connector keyword argument in QuerySet and Q objects. An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. The methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank cyberstan for reporting this issue.
5.1.14
Affected by 2 other vulnerabilities.
5.2.8
Affected by 10 other vulnerabilities.
6.0a1
Affected by 6 other vulnerabilities.
VCID-p9fd-1qx2-8ubc
Aliases:
BIT-django-2025-27556
CVE-2025-27556
GHSA-wqfg-m96j-85vm
PYSEC-2025-14
An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.
5.0.14
Affected by 4 other vulnerabilities.
5.1a1
Affected by 6 other vulnerabilities.
5.1.8
Affected by 9 other vulnerabilities.
5.2a1
Affected by 11 other vulnerabilities.
VCID-w4pr-k5nj-ckgy
Aliases:
CVE-2025-57833
GHSA-6w2r-r2m5-xq5w
Django is subject to SQL injection through its column aliases An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed QuerySet.annotate() or QuerySet.alias().
5.1.12
Affected by 6 other vulnerabilities.
5.2.6
Affected by 14 other vulnerabilities.
VCID-xgv1-s2ek-q3dp
Aliases:
BIT-django-2025-26699
CVE-2025-26699
GHSA-p3fp-8748-vqfq
PYSEC-2025-13
An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap() method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings.
5.0.13
Affected by 5 other vulnerabilities.
5.1a1
Affected by 6 other vulnerabilities.
5.1.7
Affected by 10 other vulnerabilities.
5.2a1
Affected by 11 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-e87q-1j8h-93hh An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (The django.db.models.GenericIPAddressField model field is not affected.) BIT-django-2024-56374
CVE-2024-56374
GHSA-qcgg-j2x8-h9g8
PYSEC-2025-1

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T23:51:37.044874+00:00 GitLab Importer Affected by VCID-84mm-45p6-xkau https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2025-64458.yml 38.4.0
2026-04-16T23:51:34.213986+00:00 GitLab Importer Affected by VCID-9uzd-mmyv-mfh4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2025-64459.yml 38.4.0
2026-04-16T23:40:26.881204+00:00 GitLab Importer Affected by VCID-w4pr-k5nj-ckgy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2025-57833.yml 38.4.0
2026-04-16T23:30:25.027795+00:00 GitLab Importer Affected by VCID-896g-hqec-ryb9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2025-48432.yml 38.4.0
2026-04-16T23:25:43.519296+00:00 GitLab Importer Affected by VCID-p9fd-1qx2-8ubc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2025-27556.yml 38.4.0
2026-04-16T23:22:24.195751+00:00 GitLab Importer Affected by VCID-xgv1-s2ek-q3dp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2025-26699.yml 38.4.0
2026-04-12T01:13:11.005117+00:00 GitLab Importer Affected by VCID-84mm-45p6-xkau https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2025-64458.yml 38.3.0
2026-04-12T01:13:07.604369+00:00 GitLab Importer Affected by VCID-9uzd-mmyv-mfh4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2025-64459.yml 38.3.0
2026-04-12T01:01:13.626829+00:00 GitLab Importer Affected by VCID-w4pr-k5nj-ckgy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2025-57833.yml 38.3.0
2026-04-12T00:50:06.816728+00:00 GitLab Importer Affected by VCID-896g-hqec-ryb9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2025-48432.yml 38.3.0
2026-04-12T00:45:07.503563+00:00 GitLab Importer Affected by VCID-p9fd-1qx2-8ubc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2025-27556.yml 38.3.0
2026-04-12T00:41:31.810719+00:00 GitLab Importer Affected by VCID-xgv1-s2ek-q3dp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2025-26699.yml 38.3.0
2026-04-07T04:56:49.586652+00:00 GHSA Importer Fixing VCID-e87q-1j8h-93hh https://github.com/advisories/GHSA-qcgg-j2x8-h9g8 38.1.0
2026-04-03T01:22:07.731500+00:00 GitLab Importer Affected by VCID-84mm-45p6-xkau https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2025-64458.yml 38.1.0
2026-04-03T01:22:04.554685+00:00 GitLab Importer Affected by VCID-9uzd-mmyv-mfh4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2025-64459.yml 38.1.0
2026-04-03T01:09:28.332105+00:00 GitLab Importer Affected by VCID-w4pr-k5nj-ckgy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2025-57833.yml 38.1.0
2026-04-03T00:58:10.269941+00:00 GitLab Importer Affected by VCID-896g-hqec-ryb9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2025-48432.yml 38.1.0
2026-04-03T00:53:03.440609+00:00 GitLab Importer Affected by VCID-p9fd-1qx2-8ubc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2025-27556.yml 38.1.0
2026-04-03T00:49:28.499827+00:00 GitLab Importer Affected by VCID-xgv1-s2ek-q3dp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2025-26699.yml 38.1.0
2026-04-01T15:17:36.748731+00:00 PyPI Importer Affected by VCID-p9fd-1qx2-8ubc https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0
2026-04-01T15:17:33.195652+00:00 PyPI Importer Affected by VCID-xgv1-s2ek-q3dp https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0
2026-04-01T15:17:28.751397+00:00 PyPI Importer Fixing VCID-e87q-1j8h-93hh https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0
2026-04-01T12:55:24.385661+00:00 GithubOSV Importer Fixing VCID-e87q-1j8h-93hh https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-qcgg-j2x8-h9g8/GHSA-qcgg-j2x8-h9g8.json 38.0.0
2026-04-01T12:50:16.160366+00:00 Pypa Importer Affected by VCID-p9fd-1qx2-8ubc https://github.com/pypa/advisory-database/blob/main/vulns/django/PYSEC-2025-14.yaml 38.0.0
2026-04-01T12:50:14.146972+00:00 Pypa Importer Affected by VCID-xgv1-s2ek-q3dp https://github.com/pypa/advisory-database/blob/main/vulns/django/PYSEC-2025-13.yaml 38.0.0
2026-04-01T12:50:11.527878+00:00 Pypa Importer Fixing VCID-e87q-1j8h-93hh https://github.com/pypa/advisory-database/blob/main/vulns/django/PYSEC-2025-1.yaml 38.0.0