Search for packages
| purl | pkg:rpm/redhat/python-django@4.2.15-1?arch=el8ui |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-7tph-k8q2-bue2
Aliases: BIT-django-2024-41991 CVE-2024-41991 GHSA-r836-hh6v-rg5g PYSEC-2024-69 |
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. | There are no reported fixed by versions. |
|
VCID-m91a-6235-nye9
Aliases: BIT-django-2024-42005 CVE-2024-42005 GHSA-pv4p-cwwg-4rph PYSEC-2024-70 |
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg. | There are no reported fixed by versions. |
|
VCID-u3zk-tff2-aua9
Aliases: BIT-django-2024-39614 CVE-2024-39614 GHSA-f6f8-9mx6-9mx2 PYSEC-2024-59 |
An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters. | There are no reported fixed by versions. |
|
VCID-v1xr-z4zu-yfb4
Aliases: BIT-django-2024-41989 CVE-2024-41989 GHSA-jh75-99hh-qvx9 PYSEC-2024-67 |
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent. | There are no reported fixed by versions. |
|
VCID-xhpa-mffz-syfy
Aliases: BIT-django-2024-41990 CVE-2024-41990 GHSA-795c-9xpc-xw6g PYSEC-2024-68 |
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T13:46:25.649103+00:00 | RedHat Importer | Affected by | VCID-u3zk-tff2-aua9 | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39614.json | 38.0.0 |
| 2026-04-01T13:45:48.370488+00:00 | RedHat Importer | Affected by | VCID-m91a-6235-nye9 | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42005.json | 38.0.0 |
| 2026-04-01T13:45:48.213097+00:00 | RedHat Importer | Affected by | VCID-7tph-k8q2-bue2 | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41991.json | 38.0.0 |
| 2026-04-01T13:45:48.113187+00:00 | RedHat Importer | Affected by | VCID-xhpa-mffz-syfy | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41990.json | 38.0.0 |
| 2026-04-01T13:45:48.007116+00:00 | RedHat Importer | Affected by | VCID-v1xr-z4zu-yfb4 | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41989.json | 38.0.0 |