Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/django@5.1rc1
purl pkg:pypi/django@5.1rc1
Next non-vulnerable version 5.1.15
Latest non-vulnerable version 6.0.4
Risk 10.0
Vulnerabilities affecting this package (6)
Vulnerability Summary Fixed by
VCID-84mm-45p6-xkau
Aliases:
CVE-2025-64458
GHSA-qw25-v68c-qjf3
Django has a denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on Windows An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. NFKC normalization in Python is slow on Windows. As a consequence, `django.http.HttpResponseRedirect`, `django.http.HttpResponsePermanentRedirect`, and the shortcut `django.shortcuts.redirect` were subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Seokchan Yoon for reporting this issue.
5.1.14
Affected by 2 other vulnerabilities.
5.2.8
Affected by 10 other vulnerabilities.
6.0a1
Affected by 6 other vulnerabilities.
VCID-896g-hqec-ryb9
Aliases:
BIT-django-2025-48432
CVE-2025-48432
GHSA-7xr5-9hcq-chf9
PYSEC-2025-47
An issue was discovered in Django 5.2 before 5.2.2, 5.1 before 5.1.10, and 4.2 before 4.2.22. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.
5.1.10
Affected by 7 other vulnerabilities.
5.2.2
Affected by 15 other vulnerabilities.
VCID-9uzd-mmyv-mfh4
Aliases:
CVE-2025-64459
GHSA-frmv-pr5f-9mcr
Django vulnerable to SQL injection via _connector keyword argument in QuerySet and Q objects. An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. The methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank cyberstan for reporting this issue.
5.1.14
Affected by 2 other vulnerabilities.
5.2.8
Affected by 10 other vulnerabilities.
6.0a1
Affected by 6 other vulnerabilities.
VCID-ukkt-wgau-t3et
Aliases:
CVE-2025-64460
GHSA-vrcr-9hj9-jcg6
Django is vulnerable to DoS via XML serializer text extraction An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in `django.core.serializers.xml_serializer.getInnerText()` allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML input processed by the XML `Deserializer`. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Seokchan Yoon for reporting this issue.
5.1.15
Affected by 0 other vulnerabilities.
5.2.9
Affected by 8 other vulnerabilities.
6.0a1
Affected by 6 other vulnerabilities.
VCID-vwt9-q3dt-vbfg
Aliases:
CVE-2025-13372
GHSA-rqw2-ghq9-44m7
Django is vulnerable to SQL injection in column aliases An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. `FilteredRelation` is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the `**kwargs` passed to `QuerySet.annotate()` or `QuerySet.alias()` on PostgreSQL. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Stackered for reporting this issue.
5.1.15
Affected by 0 other vulnerabilities.
5.2.9
Affected by 8 other vulnerabilities.
6.0a1
Affected by 6 other vulnerabilities.
VCID-w4pr-k5nj-ckgy
Aliases:
CVE-2025-57833
GHSA-6w2r-r2m5-xq5w
Django is subject to SQL injection through its column aliases An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed QuerySet.annotate() or QuerySet.alias().
5.1.12
Affected by 6 other vulnerabilities.
5.2.6
Affected by 14 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-17T00:01:03.899842+00:00 GitLab Importer Affected by VCID-ukkt-wgau-t3et https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2025-64460.yml 38.4.0
2026-04-17T00:00:48.658511+00:00 GitLab Importer Affected by VCID-vwt9-q3dt-vbfg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2025-13372.yml 38.4.0
2026-04-16T23:51:37.064275+00:00 GitLab Importer Affected by VCID-84mm-45p6-xkau https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2025-64458.yml 38.4.0
2026-04-16T23:51:34.233215+00:00 GitLab Importer Affected by VCID-9uzd-mmyv-mfh4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2025-64459.yml 38.4.0
2026-04-16T23:40:26.900967+00:00 GitLab Importer Affected by VCID-w4pr-k5nj-ckgy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2025-57833.yml 38.4.0
2026-04-16T23:30:25.047835+00:00 GitLab Importer Affected by VCID-896g-hqec-ryb9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2025-48432.yml 38.4.0
2026-04-12T01:23:57.680441+00:00 GitLab Importer Affected by VCID-ukkt-wgau-t3et https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2025-64460.yml 38.3.0
2026-04-12T01:23:40.180837+00:00 GitLab Importer Affected by VCID-vwt9-q3dt-vbfg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2025-13372.yml 38.3.0
2026-04-12T01:13:11.027337+00:00 GitLab Importer Affected by VCID-84mm-45p6-xkau https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2025-64458.yml 38.3.0
2026-04-12T01:13:07.625713+00:00 GitLab Importer Affected by VCID-9uzd-mmyv-mfh4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2025-64459.yml 38.3.0
2026-04-12T01:01:13.648658+00:00 GitLab Importer Affected by VCID-w4pr-k5nj-ckgy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2025-57833.yml 38.3.0
2026-04-12T00:50:06.838309+00:00 GitLab Importer Affected by VCID-896g-hqec-ryb9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2025-48432.yml 38.3.0
2026-04-03T01:32:37.494289+00:00 GitLab Importer Affected by VCID-ukkt-wgau-t3et https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2025-64460.yml 38.1.0
2026-04-03T01:32:20.071210+00:00 GitLab Importer Affected by VCID-vwt9-q3dt-vbfg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2025-13372.yml 38.1.0
2026-04-03T01:22:07.753907+00:00 GitLab Importer Affected by VCID-84mm-45p6-xkau https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2025-64458.yml 38.1.0
2026-04-03T01:22:04.576505+00:00 GitLab Importer Affected by VCID-9uzd-mmyv-mfh4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2025-64459.yml 38.1.0
2026-04-03T01:09:28.354441+00:00 GitLab Importer Affected by VCID-w4pr-k5nj-ckgy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2025-57833.yml 38.1.0
2026-04-03T00:58:10.293320+00:00 GitLab Importer Affected by VCID-896g-hqec-ryb9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2025-48432.yml 38.1.0