Search for packages
| purl | pkg:rpm/redhat/python-django@3.2.14-2?arch=el8pc |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-t6uc-dfrd-jyfg
Aliases: BIT-django-2022-34265 CVE-2022-34265 GHSA-p64x-8rxx-wf6q PYSEC-2022-213 |
An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected. | There are no reported fixed by versions. |
|
VCID-ume2-wt6y-jye7
Aliases: BIT-django-2022-22818 CVE-2022-22818 GHSA-95rw-fx8r-36v6 PYSEC-2022-19 |
The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T13:59:45.797569+00:00 | RedHat Importer | Affected by | VCID-ume2-wt6y-jye7 | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22818.json | 38.0.0 |
| 2026-04-01T13:58:02.791931+00:00 | RedHat Importer | Affected by | VCID-t6uc-dfrd-jyfg | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34265.json | 38.0.0 |