Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/djangorestframework@3.11.2
purl pkg:pypi/djangorestframework@3.11.2
Next non-vulnerable version 3.15.2
Latest non-vulnerable version 3.15.2
Risk 2.8
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-exen-v4sg-mudc
Aliases:
CVE-2024-21520
GHSA-gw84-84pc-xp82
Cross-site Scripting in djangorestframework Versions of the package djangorestframework before 3.15.2 are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with <br> tags.
3.15.2
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-az5u-1a5w-9ffa A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious <script> tags, leading to a cross-site-scripting (XSS) vulnerability. CVE-2020-25626
GHSA-fx83-3ph3-9j2q
PYSEC-2020-263

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T23:03:08.555755+00:00 GitLab Importer Affected by VCID-exen-v4sg-mudc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/djangorestframework/CVE-2024-21520.yml 38.4.0
2026-04-16T21:19:11.411591+00:00 GitLab Importer Fixing VCID-az5u-1a5w-9ffa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/djangorestframework/CVE-2020-25626.yml 38.4.0
2026-04-16T01:41:37.137746+00:00 GHSA Importer Fixing VCID-az5u-1a5w-9ffa https://github.com/advisories/GHSA-fx83-3ph3-9j2q 38.4.0
2026-04-12T00:20:59.229124+00:00 GitLab Importer Affected by VCID-exen-v4sg-mudc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/djangorestframework/CVE-2024-21520.yml 38.3.0
2026-04-11T22:31:28.576566+00:00 GitLab Importer Fixing VCID-az5u-1a5w-9ffa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/djangorestframework/CVE-2020-25626.yml 38.3.0
2026-04-11T13:10:43.303763+00:00 GHSA Importer Fixing VCID-az5u-1a5w-9ffa https://github.com/advisories/GHSA-fx83-3ph3-9j2q 38.3.0
2026-04-03T00:28:31.855395+00:00 GitLab Importer Affected by VCID-exen-v4sg-mudc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/djangorestframework/CVE-2024-21520.yml 38.1.0
2026-04-02T22:42:50.517861+00:00 GitLab Importer Fixing VCID-az5u-1a5w-9ffa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/djangorestframework/CVE-2020-25626.yml 38.1.0
2026-04-02T14:02:23.705318+00:00 GHSA Importer Fixing VCID-az5u-1a5w-9ffa https://github.com/advisories/GHSA-fx83-3ph3-9j2q 38.1.0
2026-04-01T17:00:31.824846+00:00 GitLab Importer Fixing VCID-az5u-1a5w-9ffa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/djangorestframework/CVE-2020-25626.yml 38.0.0
2026-04-01T15:02:41.044231+00:00 PyPI Importer Fixing VCID-az5u-1a5w-9ffa https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0
2026-04-01T13:01:52.716652+00:00 GithubOSV Importer Fixing VCID-az5u-1a5w-9ffa https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/03/GHSA-fx83-3ph3-9j2q/GHSA-fx83-3ph3-9j2q.json 38.0.0
2026-04-01T12:42:54.609043+00:00 Pypa Importer Fixing VCID-az5u-1a5w-9ffa https://github.com/pypa/advisory-database/blob/main/vulns/djangorestframework/PYSEC-2020-263.yaml 38.0.0