Search for packages
| purl | pkg:rpm/redhat/python3.11-django@4.2.18-1?arch=el9ap |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 3.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-e87q-1j8h-93hh
Aliases: BIT-django-2024-56374 CVE-2024-56374 GHSA-qcgg-j2x8-h9g8 PYSEC-2025-1 |
An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (The django.db.models.GenericIPAddressField model field is not affected.) | There are no reported fixed by versions. |
|
VCID-wwa5-mhgu-9khz
Aliases: CVE-2024-53907 GHSA-8498-2h75-472j |
Django denial-of-service in django.utils.html.strip_tags() An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T13:43:45.907361+00:00 | RedHat Importer | Affected by | VCID-wwa5-mhgu-9khz | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53907.json | 38.0.0 |
| 2026-04-01T13:43:14.220193+00:00 | RedHat Importer | Affected by | VCID-e87q-1j8h-93hh | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56374.json | 38.0.0 |