{"url":"http://public2.vulnerablecode.io/api/packages/1037783?format=json","purl":"pkg:deb/debian/python-django@1:1.11.29-1~deb10u1","type":"deb","namespace":"debian","name":"python-django","version":"1:1.11.29-1~deb10u1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3:3.2.25-0+deb12u2","latest_non_vulnerable_version":"3:5.2.14-2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5917?format=json","vulnerability_id":"VCID-1v22-g646-wbay","summary":"An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14235.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14235.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14235","reference_id":"","reference_type":"","scores":[{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89187","published_at":"2026-05-05T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89179","published_at":"2026-04-29T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89175","published_at":"2026-04-26T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89169","published_at":"2026-04-24T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89153","published_at":"2026-04-21T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89156","published_at":"2026-04-18T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89143","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89145","published_at":"2026-04-12T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89148","published_at":"2026-04-11T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89138","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89132","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89115","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89112","published_at":"2026-04-04T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.8925","published_at":"2026-05-16T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.8924","published_at":"2026-05-14T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89221","published_at":"2026-05-12T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89211","published_at":"2026-05-11T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89215","published_at":"2026-05-09T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89204","published_at":"2026-05-07T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89098","published_at":"2026-04-02T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89089","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14235"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14233","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14233"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14234","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14234"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14235","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14235"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-v9qg-3j8p-r63v","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v9qg-3j8p-r63v"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-14.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-14.yaml"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14235","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14235"},{"reference_url":"https://seclists.org/bugtraq/2019/Aug/15","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/Aug/15"},{"reference_url":"https://security.gentoo.org/glsa/202004-17","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202004-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190828-0002","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20190828-0002"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190828-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190828-0002/"},{"reference_url":"https://www.debian.org/security/2019/dsa-4498","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4498"},{"reference_url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1734422","reference_id":"1734422","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1734422"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934026","reference_id":"934026","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934026"},{"reference_url":"https://security.archlinux.org/ASA-201908-2","reference_id":"ASA-201908-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-2"},{"reference_url":"https://security.archlinux.org/AVG-1015","reference_id":"AVG-1015","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1015"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1324","reference_id":"RHSA-2020:1324","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1324"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4390","reference_id":"RHSA-2020:4390","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4390"},{"reference_url":"https://usn.ubuntu.com/4084-1/","reference_id":"USN-4084-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4084-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049560?format=json","purl":"pkg:deb/debian/python-django@2:2.2.28-1~deb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2"}],"aliases":["CVE-2019-14235","GHSA-v9qg-3j8p-r63v","PYSEC-2019-14"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1v22-g646-wbay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/21504?format=json","vulnerability_id":"VCID-28g3-ubx6-ebff","summary":"Django has Inefficient Algorithmic Complexity\nAn issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.\n\n`django.utils.text.Truncator.chars()` and `Truncator.words()` methods (with `html=True`) and the `truncatechars_html` and `truncatewords_html` template filters allow a remote attacker to cause a potential denial-of-service via crafted inputs containing a large number of unmatched HTML end tags. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\n\nDjango would like to thank Seokchan Yoon for reporting this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1285.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1285.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1285","reference_id":"","reference_type":"","scores":[{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20125","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20187","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20242","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19968","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20047","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20106","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20613","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20551","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20715","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.2071","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20628","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20638","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20481","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20587","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20622","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20626","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20742","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20824","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20754","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20761","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20771","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20719","published_at":"2026-05-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1285"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1285","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1285"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/a33540b3e20b5d759aa8b2e4b9ca0e8edd285344","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/a33540b3e20b5d759aa8b2e4b9ca0e8edd285344"},{"reference_url":"https://groups.google.com/g/django-announce","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:22:30Z/"}],"url":"https://groups.google.com/g/django-announce"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1285","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1285"},{"reference_url":"https://www.djangoproject.com/weblog/2026/feb/03/security-releases","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2026/feb/03/security-releases"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914","reference_id":"1126914","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436340","reference_id":"2436340","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436340"},{"reference_url":"https://github.com/advisories/GHSA-4rrr-2h4v-f3j9","reference_id":"GHSA-4rrr-2h4v-f3j9","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4rrr-2h4v-f3j9"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14835","reference_id":"RHSA-2026:14835","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14835"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2694","reference_id":"RHSA-2026:2694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3958","reference_id":"RHSA-2026:3958","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3958"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3959","reference_id":"RHSA-2026:3959","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3959"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6291","reference_id":"RHSA-2026:6291","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6291"},{"reference_url":"https://www.djangoproject.com/weblog/2026/feb/03/security-releases/","reference_id":"security-releases","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:22:30Z/"}],"url":"https://www.djangoproject.com/weblog/2026/feb/03/security-releases/"},{"reference_url":"https://usn.ubuntu.com/8009-1/","reference_id":"USN-8009-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8009-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049561?format=json","purl":"pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1"}],"aliases":["CVE-2026-1285","GHSA-4rrr-2h4v-f3j9"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-28g3-ubx6-ebff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/21364?format=json","vulnerability_id":"VCID-2tfv-rtq7-2fg9","summary":"Django has Observable Timing Discrepancy\nAn issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.\n\nThe `django.contrib.auth.handlers.modwsgi.check_password()` function for authentication via `mod_wsgi` allows remote attackers to enumerate users via a timing attack. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\n\nDjango would like to thank Stackered for reporting this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13473.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13473.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13473","reference_id":"","reference_type":"","scores":[{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08755","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.0873","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08653","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08729","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08681","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.1079","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10648","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10623","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10488","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10506","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10631","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10579","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10578","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10525","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10482","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10619","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10685","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10667","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10709","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10759","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10767","published_at":"2026-05-15T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13473"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13473","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13473"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://groups.google.com/g/django-announce","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:19:11Z/"}],"url":"https://groups.google.com/g/django-announce"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-13473","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-13473"},{"reference_url":"https://www.djangoproject.com/weblog/2026/feb/03/security-releases","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2026/feb/03/security-releases"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914","reference_id":"1126914","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436343","reference_id":"2436343","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436343"},{"reference_url":"https://github.com/advisories/GHSA-2mcm-79hx-8fxw","reference_id":"GHSA-2mcm-79hx-8fxw","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2mcm-79hx-8fxw"},{"reference_url":"https://www.djangoproject.com/weblog/2026/feb/03/security-releases/","reference_id":"security-releases","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:19:11Z/"}],"url":"https://www.djangoproject.com/weblog/2026/feb/03/security-releases/"},{"reference_url":"https://usn.ubuntu.com/8009-1/","reference_id":"USN-8009-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8009-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049561?format=json","purl":"pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1"}],"aliases":["CVE-2025-13473","GHSA-2mcm-79hx-8fxw"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2tfv-rtq7-2fg9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5915?format=json","vulnerability_id":"VCID-2zb9-27sm-3kgh","summary":"An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14232.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14232.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14232","reference_id":"","reference_type":"","scores":[{"value":"0.03026","scoring_system":"epss","scoring_elements":"0.86685","published_at":"2026-04-26T12:55:00Z"},{"value":"0.03026","scoring_system":"epss","scoring_elements":"0.86677","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03026","scoring_system":"epss","scoring_elements":"0.86665","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03026","scoring_system":"epss","scoring_elements":"0.86659","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03026","scoring_system":"epss","scoring_elements":"0.86646","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03026","scoring_system":"epss","scoring_elements":"0.86653","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03026","scoring_system":"epss","scoring_elements":"0.86655","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03026","scoring_system":"epss","scoring_elements":"0.86725","published_at":"2026-05-07T12:55:00Z"},{"value":"0.03026","scoring_system":"epss","scoring_elements":"0.8679","published_at":"2026-05-16T12:55:00Z"},{"value":"0.03026","scoring_system":"epss","scoring_elements":"0.86789","published_at":"2026-05-15T12:55:00Z"},{"value":"0.03026","scoring_system":"epss","scoring_elements":"0.8678","published_at":"2026-05-14T12:55:00Z"},{"value":"0.03026","scoring_system":"epss","scoring_elements":"0.86748","published_at":"2026-05-12T12:55:00Z"},{"value":"0.03026","scoring_system":"epss","scoring_elements":"0.86737","published_at":"2026-05-11T12:55:00Z"},{"value":"0.03026","scoring_system":"epss","scoring_elements":"0.86742","published_at":"2026-05-09T12:55:00Z"},{"value":"0.03026","scoring_system":"epss","scoring_elements":"0.86707","published_at":"2026-05-05T12:55:00Z"},{"value":"0.03026","scoring_system":"epss","scoring_elements":"0.86684","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03026","scoring_system":"epss","scoring_elements":"0.86642","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03026","scoring_system":"epss","scoring_elements":"0.86632","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03026","scoring_system":"epss","scoring_elements":"0.86613","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03026","scoring_system":"epss","scoring_elements":"0.86594","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03026","scoring_system":"epss","scoring_elements":"0.86583","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14233","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14233"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14234","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14234"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14235","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14235"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/"}],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-c4qh-4vgv-qc6g","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c4qh-4vgv-qc6g"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-11.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-11.yaml"},{"reference_url":"https://github.com/pypa/advisory-db/tree/main/vulns/django/PYSEC-2019-11.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-db/tree/main/vulns/django/PYSEC-2019-11.yaml"},{"reference_url":"https://groups.google.com/forum/#%21topic/django-announce/jIoju2-KLDs","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/"}],"url":"https://groups.google.com/forum/#%21topic/django-announce/jIoju2-KLDs"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/"},{"reference_url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/3LGJSPCN3VEG2UJPYCUB6TU75JTIV2TQ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/3LGJSPCN3VEG2UJPYCUB6TU75JTIV2TQ"},{"reference_url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/5XTP44JEOSNXRVW4JDZXA5XGMBDZLWSW","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/5XTP44JEOSNXRVW4JDZXA5XGMBDZLWSW"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14232","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14232"},{"reference_url":"https://seclists.org/bugtraq/2019/Aug/15","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/"}],"url":"https://seclists.org/bugtraq/2019/Aug/15"},{"reference_url":"https://security.gentoo.org/glsa/202004-17","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/"}],"url":"https://security.gentoo.org/glsa/202004-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190828-0002","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20190828-0002"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190828-0002/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/"}],"url":"https://security.netapp.com/advisory/ntap-20190828-0002/"},{"reference_url":"https://www.debian.org/security/2019/dsa-4498","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/"}],"url":"https://www.debian.org/security/2019/dsa-4498"},{"reference_url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/"}],"url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases/"},{"reference_url":"https://www.openwall.com/lists/oss-security/2023/10/04/6","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2023/10/04/6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/10/04/6","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/10/04/6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/03/04/1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/03/04/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1734405","reference_id":"1734405","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1734405"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934026","reference_id":"934026","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934026"},{"reference_url":"https://security.archlinux.org/ASA-201908-2","reference_id":"ASA-201908-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-2"},{"reference_url":"https://security.archlinux.org/AVG-1015","reference_id":"AVG-1015","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1015"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1324","reference_id":"RHSA-2020:1324","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1324"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4390","reference_id":"RHSA-2020:4390","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4390"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/","reference_id":"STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/"},{"reference_url":"https://usn.ubuntu.com/4084-1/","reference_id":"USN-4084-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4084-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049560?format=json","purl":"pkg:deb/debian/python-django@2:2.2.28-1~deb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2"}],"aliases":["CVE-2019-14232","GHSA-c4qh-4vgv-qc6g","PYSEC-2019-11"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2zb9-27sm-3kgh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10247?format=json","vulnerability_id":"VCID-42x9-8c3c-bug1","summary":"In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's \"Uploading multiple files\" documentation suggested otherwise.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31047.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31047.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-31047","reference_id":"","reference_type":"","scores":[{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31293","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31327","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31306","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30904","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30987","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31109","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31279","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.3134","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31371","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31425","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31467","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31286","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31331","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31375","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38291","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38413","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38391","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38383","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38309","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38283","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38372","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38362","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-31047"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31047","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31047"},{"reference_url":"https://docs.djangoproject.com/en/4.2/releases/security","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/4.2/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/4.2/releases/security/","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-29T15:49:48Z/"}],"url":"https://docs.djangoproject.com/en/4.2/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/21b1b1fc03e5f9e9f8c977ee6e35618dd3b353dd","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/21b1b1fc03e5f9e9f8c977ee6e35618dd3b353dd"},{"reference_url":"https://github.com/django/django/commit/e7c3a2ccc3a562328600be05068ed9149e12ce64","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/e7c3a2ccc3a562328600be05068ed9149e12ce64"},{"reference_url":"https://github.com/django/django/commit/eed53d0011622e70b936e203005f0e6f4ac48965","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/eed53d0011622e70b936e203005f0e6f4ac48965"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-61.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-61.yaml"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNEHD6N435OE2XUFGDAAVAXSYWLCUBFD","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNEHD6N435OE2XUFGDAAVAXSYWLCUBFD"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230609-0008","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20230609-0008"},{"reference_url":"https://www.djangoproject.com/weblog/2023/may/03/security-releases","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2023/may/03/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2023/may/03/security-releases/","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-29T15:49:48Z/"}],"url":"https://www.djangoproject.com/weblog/2023/may/03/security-releases/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035467","reference_id":"1035467","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035467"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2192565","reference_id":"2192565","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2192565"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW/","reference_id":"A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-29T15:49:48Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-31047","reference_id":"CVE-2023-31047","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-31047"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DNEHD6N435OE2XUFGDAAVAXSYWLCUBFD/","reference_id":"DNEHD6N435OE2XUFGDAAVAXSYWLCUBFD","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-29T15:49:48Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DNEHD6N435OE2XUFGDAAVAXSYWLCUBFD/"},{"reference_url":"https://github.com/advisories/GHSA-r3xc-prgr-mg9p","reference_id":"GHSA-r3xc-prgr-mg9p","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r3xc-prgr-mg9p"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230609-0008/","reference_id":"ntap-20230609-0008","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-29T15:49:48Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230609-0008/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4591","reference_id":"RHSA-2023:4591","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4591"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5931","reference_id":"RHSA-2023:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6818","reference_id":"RHSA-2023:6818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6818"},{"reference_url":"https://usn.ubuntu.com/6054-1/","reference_id":"USN-6054-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6054-1/"},{"reference_url":"https://usn.ubuntu.com/6054-2/","reference_id":"USN-6054-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6054-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049560?format=json","purl":"pkg:deb/debian/python-django@2:2.2.28-1~deb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2"}],"aliases":["BIT-django-2023-31047","CVE-2023-31047","GHSA-r3xc-prgr-mg9p","PYSEC-2023-61"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-42x9-8c3c-bug1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11392?format=json","vulnerability_id":"VCID-4ztz-fq98-5fh1","summary":"In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41164.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41164.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-41164","reference_id":"","reference_type":"","scores":[{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61231","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61097","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61045","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61092","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61103","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.6112","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61113","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61071","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.6109","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61104","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61083","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61067","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61019","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61053","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61025","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61217","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61202","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61143","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61116","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61154","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61095","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-41164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460"},{"reference_url":"https://docs.djangoproject.com/en/4.2/releases/security","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/4.2/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/4.2/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.2/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/6f030b1149bd8fa4ba90452e77cb3edc095ce54e","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/6f030b1149bd8fa4ba90452e77cb3edc095ce54e"},{"reference_url":"https://github.com/django/django/commit/9c51b4dcfa0cefcb48231f4d71cafa80821f87b9","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/9c51b4dcfa0cefcb48231f4d71cafa80821f87b9"},{"reference_url":"https://github.com/django/django/commit/ba00bc5ec6a7eff5e08be438f7b5b0e9574e8ff0","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/ba00bc5ec6a7eff5e08be438f7b5b0e9574e8ff0"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-225.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-225.yaml"},{"reference_url":"https://groups.google.com/forum/#%21forum/django-announce","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#%21forum/django-announce"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D"},{"reference_url":"https://security.netapp.com/advisory/ntap-20231214-0002","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20231214-0002"},{"reference_url":"https://www.djangoproject.com/weblog/2023/sep/04/security-releases","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2023/sep/04/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2023/sep/04/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2023/sep/04/security-releases/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051226","reference_id":"1051226","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051226"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2237258","reference_id":"2237258","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2237258"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-41164","reference_id":"CVE-2023-41164","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-41164"},{"reference_url":"https://github.com/advisories/GHSA-7h4p-27mh-hmrw","reference_id":"GHSA-7h4p-27mh-hmrw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7h4p-27mh-hmrw"},{"reference_url":"https://security.gentoo.org/glsa/202509-03","reference_id":"GLSA-202509-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202509-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5208","reference_id":"RHSA-2023:5208","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5208"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1878","reference_id":"RHSA-2024:1878","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1878"},{"reference_url":"https://usn.ubuntu.com/6378-1/","reference_id":"USN-6378-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6378-1/"},{"reference_url":"https://usn.ubuntu.com/6414-2/","reference_id":"USN-6414-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6414-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049561?format=json","purl":"pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1"}],"aliases":["BIT-django-2023-41164","CVE-2023-41164","GHSA-7h4p-27mh-hmrw","PYSEC-2023-225"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4ztz-fq98-5fh1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7516?format=json","vulnerability_id":"VCID-66w1-4zku-gyfp","summary":"Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45452.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45452.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-45452","reference_id":"","reference_type":"","scores":[{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52593","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52549","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52725","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.5272","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52708","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52606","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52643","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.5262","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52586","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52637","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52632","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52683","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52666","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52597","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52545","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.5263","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52603","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.5264","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52679","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.5265","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52688","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52695","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-45452"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45452","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45452"},{"reference_url":"https://docs.djangoproject.com/en/4.0/releases/security","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/4.0/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/4.0/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.0/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-jrh2-hc4r-7jwx","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jrh2-hc4r-7jwx"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/4cb35b384ceef52123fc66411a73c36a706825e1","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/4cb35b384ceef52123fc66411a73c36a706825e1"},{"reference_url":"https://github.com/django/django/commit/8d2f7cff76200cbd2337b2cf1707e383eb1fb54b","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/8d2f7cff76200cbd2337b2cf1707e383eb1fb54b"},{"reference_url":"https://github.com/django/django/commit/e1592e0f26302e79856cc7f2218ae848ae19b0f6","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/e1592e0f26302e79856cc7f2218ae848ae19b0f6"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-3.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-3.yaml"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220121-0005","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220121-0005"},{"reference_url":"https://www.djangoproject.com/weblog/2022/jan/04/security-releases","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2022/jan/04/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2022/jan/04/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2022/jan/04/security-releases/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003113","reference_id":"1003113","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003113"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2037028","reference_id":"2037028","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2037028"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-45452","reference_id":"CVE-2021-45452","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-45452"},{"reference_url":"https://security.gentoo.org/glsa/202509-03","reference_id":"GLSA-202509-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202509-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5498","reference_id":"RHSA-2022:5498","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5498"},{"reference_url":"https://usn.ubuntu.com/5204-1/","reference_id":"USN-5204-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5204-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049560?format=json","purl":"pkg:deb/debian/python-django@2:2.2.28-1~deb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2"}],"aliases":["BIT-django-2021-45452","CVE-2021-45452","GHSA-jrh2-hc4r-7jwx","PYSEC-2022-3"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-66w1-4zku-gyfp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9153?format=json","vulnerability_id":"VCID-6gss-ppm5-3yc9","summary":"An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36359","reference_id":"","reference_type":"","scores":[{"value":"0.00675","scoring_system":"epss","scoring_elements":"0.71636","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00675","scoring_system":"epss","scoring_elements":"0.71656","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00675","scoring_system":"epss","scoring_elements":"0.71645","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00789","scoring_system":"epss","scoring_elements":"0.73823","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00789","scoring_system":"epss","scoring_elements":"0.73951","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00789","scoring_system":"epss","scoring_elements":"0.73942","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00789","scoring_system":"epss","scoring_elements":"0.73908","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00789","scoring_system":"epss","scoring_elements":"0.73916","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00789","scoring_system":"epss","scoring_elements":"0.73907","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00789","scoring_system":"epss","scoring_elements":"0.73865","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00789","scoring_system":"epss","scoring_elements":"0.73873","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00789","scoring_system":"epss","scoring_elements":"0.73892","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00789","scoring_system":"epss","scoring_elements":"0.7387","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00789","scoring_system":"epss","scoring_elements":"0.73857","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00789","scoring_system":"epss","scoring_elements":"0.73828","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00789","scoring_system":"epss","scoring_elements":"0.73852","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74185","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74158","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74164","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74193","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.7417","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74208","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22818","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22818"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28346","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28346"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28347","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28347"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34265","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34265"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41323","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41323"},{"reference_url":"https://docs.djangoproject.com/en/4.0/releases/security","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/4.0/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/4.0/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.0/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-8x94-hmjh-97hq","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8x94-hmjh-97hq"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/b3e4494d759202a3b6bf247fd34455bf13be5b80","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/b3e4494d759202a3b6bf247fd34455bf13be5b80"},{"reference_url":"https://github.com/django/django/commit/b7d9529cbe0af4adabb6ea5d01ed8dcce3668fb3","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/b7d9529cbe0af4adabb6ea5d01ed8dcce3668fb3"},{"reference_url":"https://github.com/django/django/commit/bd062445cffd3f6cc6dcd20d13e2abed818fa173","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/bd062445cffd3f6cc6dcd20d13e2abed818fa173"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-245.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-245.yaml"},{"reference_url":"https://groups.google.com/g/django-announce/c/8cz--gvaJr4","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/django-announce/c/8cz--gvaJr4"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36359","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36359"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220915-0008","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220915-0008"},{"reference_url":"https://www.debian.org/security/2022/dsa-5254","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2022/dsa-5254"},{"reference_url":"https://www.djangoproject.com/weblog/2022/aug/03/security-releases","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2022/aug/03/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2022/aug/03/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2022/aug/03/security-releases/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/08/03/1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/08/03/1"},{"reference_url":"https://security.archlinux.org/AVG-2810","reference_id":"AVG-2810","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2810"},{"reference_url":"https://security.gentoo.org/glsa/202509-03","reference_id":"GLSA-202509-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202509-03"},{"reference_url":"https://usn.ubuntu.com/5549-1/","reference_id":"USN-5549-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5549-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049560?format=json","purl":"pkg:deb/debian/python-django@2:2.2.28-1~deb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2"}],"aliases":["BIT-django-2022-36359","CVE-2022-36359","GHSA-8x94-hmjh-97hq","PYSEC-2022-245"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6gss-ppm5-3yc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9688?format=json","vulnerability_id":"VCID-7tca-pgcs-cuhd","summary":"In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41323.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41323.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41323","reference_id":"","reference_type":"","scores":[{"value":"0.07863","scoring_system":"epss","scoring_elements":"0.92031","published_at":"2026-05-05T12:55:00Z"},{"value":"0.07863","scoring_system":"epss","scoring_elements":"0.92044","published_at":"2026-05-07T12:55:00Z"},{"value":"0.07863","scoring_system":"epss","scoring_elements":"0.92024","published_at":"2026-04-24T12:55:00Z"},{"value":"0.07863","scoring_system":"epss","scoring_elements":"0.92019","published_at":"2026-04-29T12:55:00Z"},{"value":"0.07863","scoring_system":"epss","scoring_elements":"0.92022","published_at":"2026-04-26T12:55:00Z"},{"value":"0.07863","scoring_system":"epss","scoring_elements":"0.92025","published_at":"2026-04-16T12:55:00Z"},{"value":"0.07863","scoring_system":"epss","scoring_elements":"0.92011","published_at":"2026-04-12T12:55:00Z"},{"value":"0.07863","scoring_system":"epss","scoring_elements":"0.9201","published_at":"2026-04-11T12:55:00Z"},{"value":"0.07863","scoring_system":"epss","scoring_elements":"0.92007","published_at":"2026-04-13T12:55:00Z"},{"value":"0.07863","scoring_system":"epss","scoring_elements":"0.92003","published_at":"2026-04-08T12:55:00Z"},{"value":"0.07863","scoring_system":"epss","scoring_elements":"0.91991","published_at":"2026-04-07T12:55:00Z"},{"value":"0.07863","scoring_system":"epss","scoring_elements":"0.91985","published_at":"2026-04-04T12:55:00Z"},{"value":"0.07863","scoring_system":"epss","scoring_elements":"0.91977","published_at":"2026-04-02T12:55:00Z"},{"value":"0.09673","scoring_system":"epss","scoring_elements":"0.92958","published_at":"2026-05-09T12:55:00Z"},{"value":"0.09673","scoring_system":"epss","scoring_elements":"0.92969","published_at":"2026-05-12T12:55:00Z"},{"value":"0.09673","scoring_system":"epss","scoring_elements":"0.92991","published_at":"2026-05-16T12:55:00Z"},{"value":"0.09673","scoring_system":"epss","scoring_elements":"0.92997","published_at":"2026-05-15T12:55:00Z"},{"value":"0.09673","scoring_system":"epss","scoring_elements":"0.92961","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41323"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22818","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22818"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28346","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28346"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28347","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28347"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34265","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34265"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41323","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41323"},{"reference_url":"https://docs.djangoproject.com/en/4.0/releases/security","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/4.0/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/4.0/releases/security/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-14T14:39:15Z/"}],"url":"https://docs.djangoproject.com/en/4.0/releases/security/"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/23f0093125ac2e553da6c1b2f9988eb6a3dd2ea1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/23f0093125ac2e553da6c1b2f9988eb6a3dd2ea1"},{"reference_url":"https://github.com/django/django/commit/5b6b257fa7ec37ff27965358800c67e2dd11c924","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-14T14:39:15Z/"}],"url":"https://github.com/django/django/commit/5b6b257fa7ec37ff27965358800c67e2dd11c924"},{"reference_url":"https://github.com/django/django/commit/9d656ea51d9ea7105c0c0785783ac29d426a7d25","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/9d656ea51d9ea7105c0c0785783ac29d426a7d25"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-304.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-304.yaml"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41323","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41323"},{"reference_url":"https://security.netapp.com/advisory/ntap-20221124-0001","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20221124-0001"},{"reference_url":"https://www.djangoproject.com/weblog/2022/oct/04/security-releases","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2022/oct/04/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2022/oct/04/security-releases/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-14T14:39:15Z/"}],"url":"https://www.djangoproject.com/weblog/2022/oct/04/security-releases/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2136130","reference_id":"2136130","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2136130"},{"reference_url":"https://security.archlinux.org/AVG-2809","reference_id":"AVG-2809","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2809"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B/","reference_id":"FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-14T14:39:15Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B/"},{"reference_url":"https://github.com/advisories/GHSA-qrw5-5h28-6cmg","reference_id":"GHSA-qrw5-5h28-6cmg","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qrw5-5h28-6cmg"},{"reference_url":"https://security.gentoo.org/glsa/202509-03","reference_id":"GLSA-202509-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202509-03"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/","reference_id":"HWY6DQWRVBALV73BPUVBXC3QIYUM24IK","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-14T14:39:15Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/","reference_id":"LTZVAKU5ALQWOKFTPISE257VCVIYGFQI","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-14T14:39:15Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20221124-0001/","reference_id":"ntap-20221124-0001","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-14T14:39:15Z/"}],"url":"https://security.netapp.com/advisory/ntap-20221124-0001/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0742","reference_id":"RHSA-2023:0742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0742"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2097","reference_id":"RHSA-2023:2097","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2097"},{"reference_url":"https://usn.ubuntu.com/5653-1/","reference_id":"USN-5653-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5653-1/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77/","reference_id":"VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-14T14:39:15Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP/","reference_id":"YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-14T14:39:15Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049560?format=json","purl":"pkg:deb/debian/python-django@2:2.2.28-1~deb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2"}],"aliases":["BIT-django-2022-41323","CVE-2022-41323","GHSA-qrw5-5h28-6cmg","PYSEC-2022-304"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7tca-pgcs-cuhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13419?format=json","vulnerability_id":"VCID-7tph-k8q2-bue2","summary":"An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41991.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41991.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-41991","reference_id":"","reference_type":"","scores":[{"value":"0.0091","scoring_system":"epss","scoring_elements":"0.76031","published_at":"2026-05-16T12:55:00Z"},{"value":"0.0091","scoring_system":"epss","scoring_elements":"0.76021","published_at":"2026-05-15T12:55:00Z"},{"value":"0.0091","scoring_system":"epss","scoring_elements":"0.75878","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0091","scoring_system":"epss","scoring_elements":"0.75815","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0091","scoring_system":"epss","scoring_elements":"0.75803","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0091","scoring_system":"epss","scoring_elements":"0.7577","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0091","scoring_system":"epss","scoring_elements":"0.75792","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0091","scoring_system":"epss","scoring_elements":"0.75759","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0091","scoring_system":"epss","scoring_elements":"0.76007","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0091","scoring_system":"epss","scoring_elements":"0.75957","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0091","scoring_system":"epss","scoring_elements":"0.75943","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0091","scoring_system":"epss","scoring_elements":"0.75959","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0091","scoring_system":"epss","scoring_elements":"0.75936","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0091","scoring_system":"epss","scoring_elements":"0.75906","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0091","scoring_system":"epss","scoring_elements":"0.75899","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0091","scoring_system":"epss","scoring_elements":"0.75887","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0091","scoring_system":"epss","scoring_elements":"0.75855","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0091","scoring_system":"epss","scoring_elements":"0.75851","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0091","scoring_system":"epss","scoring_elements":"0.75813","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0091","scoring_system":"epss","scoring_elements":"0.7582","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0091","scoring_system":"epss","scoring_elements":"0.75839","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-41991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-07T17:57:11Z/"}],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/523da8771bce321023f490f70d71a9e973ddc927","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/523da8771bce321023f490f70d71a9e973ddc927"},{"reference_url":"https://github.com/django/django/commit/efea1ef7e2190e3f77ca0651b5458297bc0f6a9f","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/efea1ef7e2190e3f77ca0651b5458297bc0f6a9f"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-69.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-69.yaml"},{"reference_url":"https://groups.google.com/forum/#%21forum/django-announce","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-07T17:57:11Z/"}],"url":"https://groups.google.com/forum/#%21forum/django-announce"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41991","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41991"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240905-0007","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240905-0007"},{"reference_url":"https://www.djangoproject.com/weblog/2024/aug/06/security-releases","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2024/aug/06/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2024/aug/06/security-releases/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-07T17:57:11Z/"}],"url":"https://www.djangoproject.com/weblog/2024/aug/06/security-releases/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074","reference_id":"1078074","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2302435","reference_id":"2302435","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2302435"},{"reference_url":"https://github.com/advisories/GHSA-r836-hh6v-rg5g","reference_id":"GHSA-r836-hh6v-rg5g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r836-hh6v-rg5g"},{"reference_url":"https://security.gentoo.org/glsa/202509-03","reference_id":"GLSA-202509-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202509-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6428","reference_id":"RHSA-2024:6428","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6428"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7987","reference_id":"RHSA-2024:7987","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7987"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1335","reference_id":"RHSA-2025:1335","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1335"},{"reference_url":"https://usn.ubuntu.com/6946-1/","reference_id":"USN-6946-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6946-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049561?format=json","purl":"pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1"}],"aliases":["BIT-django-2024-41991","CVE-2024-41991","GHSA-r836-hh6v-rg5g","PYSEC-2024-69"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7tph-k8q2-bue2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15097?format=json","vulnerability_id":"VCID-896g-hqec-ryb9","summary":"An issue was discovered in Django 5.2 before 5.2.2, 5.1 before 5.1.10, and 4.2 before 4.2.22. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48432.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48432.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48432","reference_id":"","reference_type":"","scores":[{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61584","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.6157","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61555","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61502","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61407","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61446","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.6146","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61439","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61423","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61377","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61378","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61474","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61512","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61404","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61452","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61457","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61442","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61455","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61471","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61467","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61428","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/"}],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-47.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-47.yaml"},{"reference_url":"https://groups.google.com/g/django-announce","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/"}],"url":"https://groups.google.com/g/django-announce"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48432","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48432"},{"reference_url":"https://www.djangoproject.com/weblog/2025/jun/04/security-releases","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2025/jun/04/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2025/jun/04/security-releases/","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/"}],"url":"https://www.djangoproject.com/weblog/2025/jun/04/security-releases/"},{"reference_url":"https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/06/04/5","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/06/04/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/06/10/2","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/06/10/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/06/10/3","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/06/10/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/06/10/4","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/06/10/4"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107282","reference_id":"1107282","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107282"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2370365","reference_id":"2370365","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2370365"},{"reference_url":"https://security.archlinux.org/ASA-202506-6","reference_id":"ASA-202506-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202506-6"},{"reference_url":"https://security.archlinux.org/AVG-2894","reference_id":"AVG-2894","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2894"},{"reference_url":"https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases/","reference_id":"bugfix-releases","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/"}],"url":"https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases/"},{"reference_url":"https://github.com/advisories/GHSA-7xr5-9hcq-chf9","reference_id":"GHSA-7xr5-9hcq-chf9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7xr5-9hcq-chf9"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14686","reference_id":"RHSA-2025:14686","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14686"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16487","reference_id":"RHSA-2025:16487","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16487"},{"reference_url":"https://usn.ubuntu.com/7555-1/","reference_id":"USN-7555-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7555-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049561?format=json","purl":"pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1"}],"aliases":["BIT-django-2025-48432","CVE-2025-48432","GHSA-7xr5-9hcq-chf9","PYSEC-2025-47"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-896g-hqec-ryb9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5988?format=json","vulnerability_id":"VCID-8jaq-53td-wbeg","summary":"Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.)","references":[{"reference_url":"http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19844.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19844.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19844","reference_id":"","reference_type":"","scores":[{"value":"0.13973","scoring_system":"epss","scoring_elements":"0.94289","published_at":"2026-04-01T12:55:00Z"},{"value":"0.13973","scoring_system":"epss","scoring_elements":"0.94403","published_at":"2026-05-16T12:55:00Z"},{"value":"0.13973","scoring_system":"epss","scoring_elements":"0.94407","published_at":"2026-05-15T12:55:00Z"},{"value":"0.13973","scoring_system":"epss","scoring_elements":"0.94404","published_at":"2026-05-14T12:55:00Z"},{"value":"0.13973","scoring_system":"epss","scoring_elements":"0.9432","published_at":"2026-04-08T12:55:00Z"},{"value":"0.13973","scoring_system":"epss","scoring_elements":"0.9431","published_at":"2026-04-07T12:55:00Z"},{"value":"0.13973","scoring_system":"epss","scoring_elements":"0.94309","published_at":"2026-04-04T12:55:00Z"},{"value":"0.13973","scoring_system":"epss","scoring_elements":"0.94298","published_at":"2026-04-02T12:55:00Z"},{"value":"0.13973","scoring_system":"epss","scoring_elements":"0.9439","published_at":"2026-05-12T12:55:00Z"},{"value":"0.13973","scoring_system":"epss","scoring_elements":"0.94384","published_at":"2026-05-11T12:55:00Z"},{"value":"0.13973","scoring_system":"epss","scoring_elements":"0.94377","published_at":"2026-05-09T12:55:00Z"},{"value":"0.13973","scoring_system":"epss","scoring_elements":"0.94365","published_at":"2026-05-07T12:55:00Z"},{"value":"0.13973","scoring_system":"epss","scoring_elements":"0.94356","published_at":"2026-05-05T12:55:00Z"},{"value":"0.13973","scoring_system":"epss","scoring_elements":"0.94353","published_at":"2026-04-26T12:55:00Z"},{"value":"0.13973","scoring_system":"epss","scoring_elements":"0.94354","published_at":"2026-04-24T12:55:00Z"},{"value":"0.13973","scoring_system":"epss","scoring_elements":"0.9435","published_at":"2026-04-21T12:55:00Z"},{"value":"0.13973","scoring_system":"epss","scoring_elements":"0.94351","published_at":"2026-04-29T12:55:00Z"},{"value":"0.13973","scoring_system":"epss","scoring_elements":"0.94345","published_at":"2026-04-16T12:55:00Z"},{"value":"0.13973","scoring_system":"epss","scoring_elements":"0.9433","published_at":"2026-04-13T12:55:00Z"},{"value":"0.13973","scoring_system":"epss","scoring_elements":"0.94329","published_at":"2026-04-12T12:55:00Z"},{"value":"0.13973","scoring_system":"epss","scoring_elements":"0.94328","published_at":"2026-04-11T12:55:00Z"},{"value":"0.13973","scoring_system":"epss","scoring_elements":"0.94324","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19844"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-vfq6-hq5r-27r6","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vfq6-hq5r-27r6"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/302a4ff1e8b1c798aab97673909c7a3dfda42c26","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/302a4ff1e8b1c798aab97673909c7a3dfda42c26"},{"reference_url":"https://github.com/django/django/commit/4d334bea06cac63dc1272abcec545b85136cca0e","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/4d334bea06cac63dc1272abcec545b85136cca0e"},{"reference_url":"https://github.com/django/django/commit/5b1fbcef7a8bec991ebe7b2a18b5d5a95d72cb70","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/5b1fbcef7a8bec991ebe7b2a18b5d5a95d72cb70"},{"reference_url":"https://github.com/django/django/commit/f4cff43bf921fcea6a29b726eb66767f67753fa2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/f4cff43bf921fcea6a29b726eb66767f67753fa2"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-16.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-16.yaml"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19844","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19844"},{"reference_url":"https://seclists.org/bugtraq/2020/Jan/9","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2020/Jan/9"},{"reference_url":"https://security.gentoo.org/glsa/202004-17","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202004-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200110-0003","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200110-0003"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200110-0003/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20200110-0003/"},{"reference_url":"https://usn.ubuntu.com/4224-1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4224-1"},{"reference_url":"https://usn.ubuntu.com/4224-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4224-1/"},{"reference_url":"https://www.debian.org/security/2020/dsa-4598","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2020/dsa-4598"},{"reference_url":"https://www.djangoproject.com/weblog/2019/dec/18/security-releases","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2019/dec/18/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2019/dec/18/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2019/dec/18/security-releases/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1788425","reference_id":"1788425","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1788425"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946937","reference_id":"946937","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946937"},{"reference_url":"https://security.archlinux.org/AVG-1080","reference_id":"AVG-1080","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1080"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/webapps/47879.md","reference_id":"CVE-2019-19844","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/webapps/47879.md"},{"reference_url":"https://ryu22e.org/en/posts/2019/12/25/django-cve-2019-19844/","reference_id":"CVE-2019-19844","reference_type":"exploit","scores":[],"url":"https://ryu22e.org/en/posts/2019/12/25/django-cve-2019-19844/"},{"reference_url":"https://usn.ubuntu.com/6722-1/","reference_id":"USN-6722-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6722-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049560?format=json","purl":"pkg:deb/debian/python-django@2:2.2.28-1~deb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2"}],"aliases":["CVE-2019-19844","GHSA-vfq6-hq5r-27r6","PYSEC-2019-16"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8jaq-53td-wbeg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11405?format=json","vulnerability_id":"VCID-8m4b-y4va-kqgm","summary":"In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43665.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43665.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43665","reference_id":"","reference_type":"","scores":[{"value":"0.02194","scoring_system":"epss","scoring_elements":"0.84423","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02194","scoring_system":"epss","scoring_elements":"0.844","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02194","scoring_system":"epss","scoring_elements":"0.84404","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0279","scoring_system":"epss","scoring_elements":"0.86185","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0279","scoring_system":"epss","scoring_elements":"0.8603","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0279","scoring_system":"epss","scoring_elements":"0.86189","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0279","scoring_system":"epss","scoring_elements":"0.8617","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0279","scoring_system":"epss","scoring_elements":"0.86148","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0279","scoring_system":"epss","scoring_elements":"0.86091","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0279","scoring_system":"epss","scoring_elements":"0.86119","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0279","scoring_system":"epss","scoring_elements":"0.86099","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0279","scoring_system":"epss","scoring_elements":"0.86047","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0279","scoring_system":"epss","scoring_elements":"0.86046","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0279","scoring_system":"epss","scoring_elements":"0.86066","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0279","scoring_system":"epss","scoring_elements":"0.86076","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0279","scoring_system":"epss","scoring_elements":"0.86129","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0279","scoring_system":"epss","scoring_elements":"0.86248","published_at":"2026-05-16T12:55:00Z"},{"value":"0.0279","scoring_system":"epss","scoring_elements":"0.86237","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0279","scoring_system":"epss","scoring_elements":"0.86198","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43665"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460"},{"reference_url":"https://docs.djangoproject.com/en/4.2/releases/security","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/4.2/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/4.2/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.2/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/be9c27c4d18c2e6a5be8af4e53c0797440794473","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/be9c27c4d18c2e6a5be8af4e53c0797440794473"},{"reference_url":"https://github.com/django/django/commit/c7b7024742250414e426ad49fb80db943e7ba4e8","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/c7b7024742250414e426ad49fb80db943e7ba4e8"},{"reference_url":"https://github.com/django/django/commit/ccdade1a0262537868d7ca64374de3d957ca50c5","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/ccdade1a0262537868d7ca64374de3d957ca50c5"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-226.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-226.yaml"},{"reference_url":"https://groups.google.com/forum/#%21forum/django-announce","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#%21forum/django-announce"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D"},{"reference_url":"https://security.netapp.com/advisory/ntap-20231221-0001","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20231221-0001"},{"reference_url":"https://www.djangoproject.com/weblog/2023/oct/04/security-releases","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2023/oct/04/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2023/oct/04/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2023/oct/04/security-releases/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/03/04/1","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/03/04/1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053475","reference_id":"1053475","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053475"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2241046","reference_id":"2241046","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2241046"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-43665","reference_id":"CVE-2023-43665","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-43665"},{"reference_url":"https://github.com/advisories/GHSA-h8gc-pgj2-vjm3","reference_id":"GHSA-h8gc-pgj2-vjm3","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h8gc-pgj2-vjm3"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6158","reference_id":"RHSA-2023:6158","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6158"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1878","reference_id":"RHSA-2024:1878","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1878"},{"reference_url":"https://usn.ubuntu.com/6414-1/","reference_id":"USN-6414-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6414-1/"},{"reference_url":"https://usn.ubuntu.com/6414-2/","reference_id":"USN-6414-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6414-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049561?format=json","purl":"pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1"}],"aliases":["BIT-django-2023-43665","CVE-2023-43665","GHSA-h8gc-pgj2-vjm3","PYSEC-2023-226"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8m4b-y4va-kqgm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20852?format=json","vulnerability_id":"VCID-8qu1-45n9-gyb1","summary":"Django has an SQL Injection issue\nAn issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.\n\n`FilteredRelation` is subject to SQL injection in column aliases via control characters, using a suitably crafted dictionary, with dictionary expansion, as the `**kwargs` passed to `QuerySet` methods `annotate()`, `aggregate()`, `extra()`, `values()`, `values_list()`, and `alias()`. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\n\nDjango would like to thank Solomon Kebede for reporting this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1287.json","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1287.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1287","reference_id":"","reference_type":"","scores":[{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01067","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01083","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01084","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01079","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01072","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01069","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01527","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01443","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01444","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01433","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01446","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01534","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01541","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01539","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01549","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01536","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.0153","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01523","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01521","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01517","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01529","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1287"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1287","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1287"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/e891a84c7ef9962bfcc3b4685690219542f86a22","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/e891a84c7ef9962bfcc3b4685690219542f86a22"},{"reference_url":"https://groups.google.com/g/django-announce","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"8.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:26:40Z/"}],"url":"https://groups.google.com/g/django-announce"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1287","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1287"},{"reference_url":"https://www.djangoproject.com/weblog/2026/feb/03/security-releases","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2026/feb/03/security-releases"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914","reference_id":"1126914","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436339","reference_id":"2436339","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436339"},{"reference_url":"https://github.com/advisories/GHSA-gvg8-93h5-g6qq","reference_id":"GHSA-gvg8-93h5-g6qq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gvg8-93h5-g6qq"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14835","reference_id":"RHSA-2026:14835","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14835"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2694","reference_id":"RHSA-2026:2694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3958","reference_id":"RHSA-2026:3958","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3958"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3959","reference_id":"RHSA-2026:3959","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3959"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3960","reference_id":"RHSA-2026:3960","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3960"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3962","reference_id":"RHSA-2026:3962","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3962"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6291","reference_id":"RHSA-2026:6291","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6291"},{"reference_url":"https://www.djangoproject.com/weblog/2026/feb/03/security-releases/","reference_id":"security-releases","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:26:40Z/"}],"url":"https://www.djangoproject.com/weblog/2026/feb/03/security-releases/"},{"reference_url":"https://usn.ubuntu.com/8009-1/","reference_id":"USN-8009-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8009-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049561?format=json","purl":"pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1"}],"aliases":["CVE-2026-1287","GHSA-gvg8-93h5-g6qq"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8qu1-45n9-gyb1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12375?format=json","vulnerability_id":"VCID-8xgs-8xjr-cber","summary":"An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24680.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24680.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-24680","reference_id":"","reference_type":"","scores":[{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.8058","published_at":"2026-05-16T12:55:00Z"},{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.80577","published_at":"2026-05-15T12:55:00Z"},{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.80573","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.80532","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.80515","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.8052","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.80501","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.80478","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.80463","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.80446","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.80439","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.80413","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.8041","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.80408","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.80379","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.80335","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.80355","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.80343","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.80372","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.80386","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.80383","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.80402","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-24680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460"},{"reference_url":"https://docs.djangoproject.com/en/5.0/releases/security","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/5.0/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/5.0/releases/security/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:36Z/"}],"url":"https://docs.djangoproject.com/en/5.0/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/16a8fe18a3b81250f4fa57e3f93f0599dc4895bc","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/16a8fe18a3b81250f4fa57e3f93f0599dc4895bc"},{"reference_url":"https://github.com/django/django/commit/55519d6cf8998fe4c8f5c8abffc2b10a7c3d14e9","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/55519d6cf8998fe4c8f5c8abffc2b10a7c3d14e9"},{"reference_url":"https://github.com/django/django/commit/572ea07e84b38ea8de0551f4b4eda685d91d09d2","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/572ea07e84b38ea8de0551f4b4eda685d91d09d2"},{"reference_url":"https://github.com/django/django/commit/c1171ffbd570db90ca206c30f8e2b9f691243820","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/c1171ffbd570db90ca206c30f8e2b9f691243820"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-28.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-28.yaml"},{"reference_url":"https://groups.google.com/forum/#%21forum/django-announce","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:36Z/"}],"url":"https://groups.google.com/forum/#%21forum/django-announce"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-24680","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-24680"},{"reference_url":"https://www.djangoproject.com/weblog/2024/feb/06/security-releases","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2024/feb/06/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2024/feb/06/security-releases/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:36Z/"}],"url":"https://www.djangoproject.com/weblog/2024/feb/06/security-releases/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2261856","reference_id":"2261856","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2261856"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX/","reference_id":"D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:36Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX/"},{"reference_url":"https://github.com/advisories/GHSA-xxj9-f6rv-m3x4","reference_id":"GHSA-xxj9-f6rv-m3x4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xxj9-f6rv-m3x4"},{"reference_url":"https://security.gentoo.org/glsa/202509-03","reference_id":"GLSA-202509-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202509-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1057","reference_id":"RHSA-2024:1057","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1057"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1878","reference_id":"RHSA-2024:1878","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1878"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2731","reference_id":"RHSA-2024:2731","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2731"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5662","reference_id":"RHSA-2024:5662","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5662"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6/","reference_id":"SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:36Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6/"},{"reference_url":"https://usn.ubuntu.com/6623-1/","reference_id":"USN-6623-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6623-1/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/","reference_id":"ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:36Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049561?format=json","purl":"pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1"}],"aliases":["BIT-django-2024-24680","CVE-2024-24680","GHSA-xxj9-f6rv-m3x4","PYSEC-2024-28"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8xgs-8xjr-cber"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15000?format=json","vulnerability_id":"VCID-9abh-apwm-ebab","summary":"An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags().","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32873.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32873.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32873","reference_id":"","reference_type":"","scores":[{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.3721","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37188","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.3717","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37092","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.3712","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.372","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37181","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37114","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.3723","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.3732","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.3734","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37577","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37659","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37613","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37717","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37674","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37661","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37647","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37596","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37641","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37692","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:36:22Z/"}],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/9f3419b519799d69f2aba70b9d25abe2e70d03e0","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/9f3419b519799d69f2aba70b9d25abe2e70d03e0"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-37.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-37.yaml"},{"reference_url":"https://groups.google.com/g/django-announce","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:36:22Z/"}],"url":"https://groups.google.com/g/django-announce"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-32873","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-32873"},{"reference_url":"https://www.djangoproject.com/weblog/2025/may/07/security-releases","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2025/may/07/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2025/may/07/security-releases/","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:36:22Z/"}],"url":"https://www.djangoproject.com/weblog/2025/may/07/security-releases/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/05/07/1","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/05/07/1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104872","reference_id":"1104872","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104872"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2364980","reference_id":"2364980","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2364980"},{"reference_url":"https://security.archlinux.org/ASA-202505-10","reference_id":"ASA-202505-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202505-10"},{"reference_url":"https://security.archlinux.org/AVG-2876","reference_id":"AVG-2876","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2876"},{"reference_url":"https://github.com/advisories/GHSA-8j24-cjrq-gr2m","reference_id":"GHSA-8j24-cjrq-gr2m","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8j24-cjrq-gr2m"},{"reference_url":"https://security.gentoo.org/glsa/202509-03","reference_id":"GLSA-202509-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202509-03"},{"reference_url":"https://usn.ubuntu.com/7501-1/","reference_id":"USN-7501-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7501-1/"},{"reference_url":"https://usn.ubuntu.com/7501-2/","reference_id":"USN-7501-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7501-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049561?format=json","purl":"pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1"}],"aliases":["BIT-django-2025-32873","CVE-2025-32873","GHSA-8j24-cjrq-gr2m","PYSEC-2025-37"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9abh-apwm-ebab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6253?format=json","vulnerability_id":"VCID-9k9t-vp1a-z7bt","summary":"In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by \"startapp --template\" and \"startproject --template\") allows directory traversal via an archive with absolute paths or relative paths with dot segments.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3281.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3281.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3281","reference_id":"","reference_type":"","scores":[{"value":"0.36231","scoring_system":"epss","scoring_elements":"0.97076","published_at":"2026-04-01T12:55:00Z"},{"value":"0.36231","scoring_system":"epss","scoring_elements":"0.97115","published_at":"2026-04-18T12:55:00Z"},{"value":"0.36231","scoring_system":"epss","scoring_elements":"0.97112","published_at":"2026-04-16T12:55:00Z"},{"value":"0.36231","scoring_system":"epss","scoring_elements":"0.97104","published_at":"2026-04-13T12:55:00Z"},{"value":"0.36231","scoring_system":"epss","scoring_elements":"0.97102","published_at":"2026-04-12T12:55:00Z"},{"value":"0.36231","scoring_system":"epss","scoring_elements":"0.97098","published_at":"2026-04-09T12:55:00Z"},{"value":"0.36231","scoring_system":"epss","scoring_elements":"0.97088","published_at":"2026-04-07T12:55:00Z"},{"value":"0.36231","scoring_system":"epss","scoring_elements":"0.97083","published_at":"2026-04-02T12:55:00Z"},{"value":"0.41482","scoring_system":"epss","scoring_elements":"0.97428","published_at":"2026-05-07T12:55:00Z"},{"value":"0.41482","scoring_system":"epss","scoring_elements":"0.97425","published_at":"2026-05-05T12:55:00Z"},{"value":"0.41482","scoring_system":"epss","scoring_elements":"0.9742","published_at":"2026-04-29T12:55:00Z"},{"value":"0.41482","scoring_system":"epss","scoring_elements":"0.97418","published_at":"2026-04-26T12:55:00Z"},{"value":"0.41482","scoring_system":"epss","scoring_elements":"0.97416","published_at":"2026-04-24T12:55:00Z"},{"value":"0.41482","scoring_system":"epss","scoring_elements":"0.97415","published_at":"2026-04-21T12:55:00Z"},{"value":"0.41482","scoring_system":"epss","scoring_elements":"0.97432","published_at":"2026-05-09T12:55:00Z"},{"value":"0.41482","scoring_system":"epss","scoring_elements":"0.97435","published_at":"2026-05-11T12:55:00Z"},{"value":"0.41482","scoring_system":"epss","scoring_elements":"0.9744","published_at":"2026-05-12T12:55:00Z"},{"value":"0.41482","scoring_system":"epss","scoring_elements":"0.97449","published_at":"2026-05-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3281"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3281","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3281"},{"reference_url":"https://docs.djangoproject.com/en/3.1/releases/3.0.12","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/3.1/releases/3.0.12"},{"reference_url":"https://docs.djangoproject.com/en/3.1/releases/security","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/3.1/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/3.1/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/3.1/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-fvgf-6h6h-3322","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fvgf-6h6h-3322"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/02e6592835b4559909aa3aaaf67988fef435f624","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/02e6592835b4559909aa3aaaf67988fef435f624"},{"reference_url":"https://github.com/django/django/commit/05413afa8c18cdb978fcdf470e09f7a12b234a23","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/05413afa8c18cdb978fcdf470e09f7a12b234a23"},{"reference_url":"https://github.com/django/django/commit/21e7622dec1f8612c85c2fc37fe8efbfd3311e37","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/21e7622dec1f8612c85c2fc37fe8efbfd3311e37"},{"reference_url":"https://github.com/django/django/commit/52e409ed17287e9aabda847b6afe58be2fa9f86a","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/52e409ed17287e9aabda847b6afe58be2fa9f86a"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-9.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-9.yaml"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YF52FKEH5S2P5CM4X7IXSYG67YY2CDOO","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YF52FKEH5S2P5CM4X7IXSYG67YY2CDOO"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YF52FKEH5S2P5CM4X7IXSYG67YY2CDOO/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YF52FKEH5S2P5CM4X7IXSYG67YY2CDOO/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3281","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3281"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210226-0004","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210226-0004"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210226-0004/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20210226-0004/"},{"reference_url":"https://www.djangoproject.com/weblog/2021/feb/01/security-releases","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2021/feb/01/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2021/feb/01/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2021/feb/01/security-releases/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1919969","reference_id":"1919969","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1919969"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981562","reference_id":"981562","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981562"},{"reference_url":"https://security.archlinux.org/ASA-202102-18","reference_id":"ASA-202102-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202102-18"},{"reference_url":"https://security.archlinux.org/AVG-1518","reference_id":"AVG-1518","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1518"},{"reference_url":"https://security.gentoo.org/glsa/202509-03","reference_id":"GLSA-202509-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202509-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0780","reference_id":"RHSA-2021:0780","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0780"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0781","reference_id":"RHSA-2021:0781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3490","reference_id":"RHSA-2021:3490","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3490"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5070","reference_id":"RHSA-2021:5070","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5070"},{"reference_url":"https://usn.ubuntu.com/4715-1/","reference_id":"USN-4715-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4715-1/"},{"reference_url":"https://usn.ubuntu.com/4715-2/","reference_id":"USN-4715-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4715-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049560?format=json","purl":"pkg:deb/debian/python-django@2:2.2.28-1~deb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2"}],"aliases":["BIT-django-2021-3281","CVE-2021-3281","GHSA-fvgf-6h6h-3322","PYSEC-2021-9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9k9t-vp1a-z7bt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/22234?format=json","vulnerability_id":"VCID-9uzd-mmyv-mfh4","summary":"Django vulnerable to SQL injection via _connector keyword argument in QuerySet and Q objects.\nAn issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.\nThe methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank cyberstan for reporting this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64459.json","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64459.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64459","reference_id":"","reference_type":"","scores":[{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41087","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49059","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.4904","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48966","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48937","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.4899","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48963","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.489","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48981","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49025","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49031","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49016","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49066","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68724","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68747","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68774","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68804","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68818","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68795","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68776","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00642","scoring_system":"epss","scoring_elements":"0.70648","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00642","scoring_system":"epss","scoring_elements":"0.7064","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/06dd38324ac3d60d83d9f3adabf0dcdf423d2a85","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/06dd38324ac3d60d83d9f3adabf0dcdf423d2a85"},{"reference_url":"https://github.com/django/django/commit/59ae82e67053d281ff4562a24bbba21299f0a7d4","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/59ae82e67053d281ff4562a24bbba21299f0a7d4"},{"reference_url":"https://github.com/django/django/commit/6703f364d767e949c5b0e4016433ef75063b4f9b","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/6703f364d767e949c5b0e4016433ef75063b4f9b"},{"reference_url":"https://github.com/django/django/commit/72d2c87431f2ae0431d65d0ec792047f078c8241","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/72d2c87431f2ae0431d65d0ec792047f078c8241"},{"reference_url":"https://github.com/omarkurt/django-connector-CVE-2025-64459-testbed","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/omarkurt/django-connector-CVE-2025-64459-testbed"},{"reference_url":"https://groups.google.com/g/django-announce","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-11-06T04:55:36Z/"}],"url":"https://groups.google.com/g/django-announce"},{"reference_url":"https://shivasurya.me/security/django/2025/11/07/django-sql-injection-CVE-2025-64459.html","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://shivasurya.me/security/django/2025/11/07/django-sql-injection-CVE-2025-64459.html"},{"reference_url":"https://www.djangoproject.com/weblog/2025/nov/05/security-releases","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2025/nov/05/security-releases"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120139","reference_id":"1120139","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120139"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2412651","reference_id":"2412651","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2412651"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52456.py","reference_id":"CVE-2025-64459","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52456.py"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64459","reference_id":"CVE-2025-64459","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64459"},{"reference_url":"https://github.com/advisories/GHSA-frmv-pr5f-9mcr","reference_id":"GHSA-frmv-pr5f-9mcr","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-frmv-pr5f-9mcr"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23069","reference_id":"RHSA-2025:23069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23070","reference_id":"RHSA-2025:23070","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23070"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23130","reference_id":"RHSA-2025:23130","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23130"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23131","reference_id":"RHSA-2025:23131","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23131"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23133","reference_id":"RHSA-2025:23133","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23133"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23196","reference_id":"RHSA-2025:23196","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23196"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1596","reference_id":"RHSA-2026:1596","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1596"},{"reference_url":"https://www.djangoproject.com/weblog/2025/nov/05/security-releases/","reference_id":"security-releases","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-11-06T04:55:36Z/"}],"url":"https://www.djangoproject.com/weblog/2025/nov/05/security-releases/"},{"reference_url":"https://usn.ubuntu.com/7859-1/","reference_id":"USN-7859-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7859-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049561?format=json","purl":"pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1"}],"aliases":["CVE-2025-64459","GHSA-frmv-pr5f-9mcr"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9uzd-mmyv-mfh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5919?format=json","vulnerability_id":"VCID-a8zx-jamf-cfcm","summary":"An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of \"OR 1=1\" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14234.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14234.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14234","reference_id":"","reference_type":"","scores":[{"value":"0.19114","scoring_system":"epss","scoring_elements":"0.95417","published_at":"2026-05-16T12:55:00Z"},{"value":"0.19114","scoring_system":"epss","scoring_elements":"0.9541","published_at":"2026-05-14T12:55:00Z"},{"value":"0.19114","scoring_system":"epss","scoring_elements":"0.9536","published_at":"2026-04-24T12:55:00Z"},{"value":"0.19114","scoring_system":"epss","scoring_elements":"0.95359","published_at":"2026-04-21T12:55:00Z"},{"value":"0.19114","scoring_system":"epss","scoring_elements":"0.95357","published_at":"2026-04-18T12:55:00Z"},{"value":"0.19114","scoring_system":"epss","scoring_elements":"0.95354","published_at":"2026-04-16T12:55:00Z"},{"value":"0.19114","scoring_system":"epss","scoring_elements":"0.95346","published_at":"2026-04-13T12:55:00Z"},{"value":"0.19114","scoring_system":"epss","scoring_elements":"0.95344","published_at":"2026-04-12T12:55:00Z"},{"value":"0.19114","scoring_system":"epss","scoring_elements":"0.95339","published_at":"2026-04-09T12:55:00Z"},{"value":"0.19114","scoring_system":"epss","scoring_elements":"0.95335","published_at":"2026-04-08T12:55:00Z"},{"value":"0.19114","scoring_system":"epss","scoring_elements":"0.95328","published_at":"2026-04-07T12:55:00Z"},{"value":"0.19114","scoring_system":"epss","scoring_elements":"0.95413","published_at":"2026-05-15T12:55:00Z"},{"value":"0.19114","scoring_system":"epss","scoring_elements":"0.95364","published_at":"2026-04-29T12:55:00Z"},{"value":"0.19114","scoring_system":"epss","scoring_elements":"0.95363","published_at":"2026-04-26T12:55:00Z"},{"value":"0.1952","scoring_system":"epss","scoring_elements":"0.95454","published_at":"2026-05-12T12:55:00Z"},{"value":"0.1952","scoring_system":"epss","scoring_elements":"0.95444","published_at":"2026-05-09T12:55:00Z"},{"value":"0.1952","scoring_system":"epss","scoring_elements":"0.95436","published_at":"2026-05-07T12:55:00Z"},{"value":"0.1952","scoring_system":"epss","scoring_elements":"0.9543","published_at":"2026-05-05T12:55:00Z"},{"value":"0.1952","scoring_system":"epss","scoring_elements":"0.95382","published_at":"2026-04-04T12:55:00Z"},{"value":"0.1952","scoring_system":"epss","scoring_elements":"0.95376","published_at":"2026-04-02T12:55:00Z"},{"value":"0.1952","scoring_system":"epss","scoring_elements":"0.95367","published_at":"2026-04-01T12:55:00Z"},{"value":"0.1952","scoring_system":"epss","scoring_elements":"0.9545","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14234"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14233","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14233"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14234","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14234"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14235","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14235"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-6r97-cj55-9hrq","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6r97-cj55-9hrq"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/4f5b58f5cd3c57fee9972ab074f8dc6895d8f387","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/4f5b58f5cd3c57fee9972ab074f8dc6895d8f387"},{"reference_url":"https://github.com/django/django/commit/ed682a24fca774818542757651bfba576c3fc3ef","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/ed682a24fca774818542757651bfba576c3fc3ef"},{"reference_url":"https://github.com/django/django/commit/f74b3ae3628c26e1b4f8db3d13a91d52a833a975","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/f74b3ae3628c26e1b4f8db3d13a91d52a833a975"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-13.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-13.yaml"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14234","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14234"},{"reference_url":"https://seclists.org/bugtraq/2019/Aug/15","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/Aug/15"},{"reference_url":"https://security.gentoo.org/glsa/202004-17","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202004-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190828-0002","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20190828-0002"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190828-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190828-0002/"},{"reference_url":"https://www.debian.org/security/2019/dsa-4498","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4498"},{"reference_url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1734417","reference_id":"1734417","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1734417"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934026","reference_id":"934026","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934026"},{"reference_url":"https://security.archlinux.org/ASA-201908-2","reference_id":"ASA-201908-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-2"},{"reference_url":"https://security.archlinux.org/AVG-1015","reference_id":"AVG-1015","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1015"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1324","reference_id":"RHSA-2020:1324","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1324"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4390","reference_id":"RHSA-2020:4390","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4390"},{"reference_url":"https://usn.ubuntu.com/4084-1/","reference_id":"USN-4084-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4084-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049560?format=json","purl":"pkg:deb/debian/python-django@2:2.2.28-1~deb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2"}],"aliases":["CVE-2019-14234","GHSA-6r97-cj55-9hrq","PYSEC-2019-13"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a8zx-jamf-cfcm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5976?format=json","vulnerability_id":"VCID-c2kc-1jh1-j3ha","summary":"Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests, for updating the inline model. Directly editing the view-only parent model was not possible, but the parent model's save() method was called, triggering potential side effects, and causing pre and post-save signal handlers to be invoked. (To resolve this, the Django admin is adjusted to require edit permissions on the parent model in order for inline models to be editable.)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19118.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19118.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19118","reference_id":"","reference_type":"","scores":[{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57829","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57822","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57807","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57739","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.5771","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57658","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57703","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57725","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57705","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57746","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57769","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57628","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57709","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57735","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57713","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57772","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57743","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57762","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57783","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57767","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57764","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19118"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19118","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19118"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-hvmf-r92r-27hr","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hvmf-r92r-27hr"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/103ebe2b5ff1b2614b85a52c239f471904d26244","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/103ebe2b5ff1b2614b85a52c239f471904d26244"},{"reference_url":"https://github.com/django/django/commit/36f580a17f0b3cb087deadf3b65eea024f479c21","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/36f580a17f0b3cb087deadf3b65eea024f479c21"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-15.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-15.yaml"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/GjGqDvtNmWQ","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/django-announce/GjGqDvtNmWQ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6R4HD22PVEVQ45H2JA2NXH443AYJOPL5","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6R4HD22PVEVQ45H2JA2NXH443AYJOPL5"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6R4HD22PVEVQ45H2JA2NXH443AYJOPL5/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6R4HD22PVEVQ45H2JA2NXH443AYJOPL5/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19118","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19118"},{"reference_url":"https://security.gentoo.org/glsa/202004-17","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202004-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20191217-0003","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20191217-0003"},{"reference_url":"https://security.netapp.com/advisory/ntap-20191217-0003/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20191217-0003/"},{"reference_url":"https://www.djangoproject.com/weblog/2019/dec/02/security-releases","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2019/dec/02/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2019/dec/02/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2019/dec/02/security-releases/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/12/02/1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2019/12/02/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1781269","reference_id":"1781269","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1781269"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946011","reference_id":"946011","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946011"},{"reference_url":"https://security.archlinux.org/AVG-1070","reference_id":"AVG-1070","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1070"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049560?format=json","purl":"pkg:deb/debian/python-django@2:2.2.28-1~deb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2"}],"aliases":["CVE-2019-19118","GHSA-hvmf-r92r-27hr","PYSEC-2019-15"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c2kc-1jh1-j3ha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/21634?format=json","vulnerability_id":"VCID-c6xy-v4sf-u3hn","summary":"Django vulnerable to partial directory traversal via archives\nAn issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. The django.utils.archive.extract() function, used by the \"startapp --template\" and \"startproject --template\" commands, allows partial directory traversal via an archive with file paths sharing a common prefix with the target directory.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59682.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59682.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59682","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05258","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05433","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05391","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05353","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05198","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05196","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05251","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05204","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05265","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05279","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05314","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05234","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05294","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0619","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06176","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06174","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06165","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06163","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06147","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06081","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06247","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.0623","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59682"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/43d84aef04a9e71164c21a74885996981857e66e","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/43d84aef04a9e71164c21a74885996981857e66e"},{"reference_url":"https://github.com/django/django/commit/924a0c092e65fa2d0953fd1855d2dc8786d94de2","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/924a0c092e65fa2d0953fd1855d2dc8786d94de2"},{"reference_url":"https://groups.google.com/g/django-announce","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T19:10:29Z/"}],"url":"https://groups.google.com/g/django-announce"},{"reference_url":"https://www.djangoproject.com/weblog/2025/oct/01/security-releases","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2025/oct/01/security-releases"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/10/01/3","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/10/01/3"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116979","reference_id":"1116979","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116979"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2400450","reference_id":"2400450","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2400450"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59682","reference_id":"CVE-2025-59682","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59682"},{"reference_url":"https://github.com/advisories/GHSA-q95w-c7qg-hrff","reference_id":"GHSA-q95w-c7qg-hrff","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q95w-c7qg-hrff"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18979","reference_id":"RHSA-2025:18979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18984","reference_id":"RHSA-2025:18984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19201","reference_id":"RHSA-2025:19201","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19201"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19221","reference_id":"RHSA-2025:19221","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19221"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23196","reference_id":"RHSA-2025:23196","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23196"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0414","reference_id":"RHSA-2026:0414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0414"},{"reference_url":"https://www.djangoproject.com/weblog/2025/oct/01/security-releases/","reference_id":"security-releases","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T19:10:29Z/"}],"url":"https://www.djangoproject.com/weblog/2025/oct/01/security-releases/"},{"reference_url":"https://usn.ubuntu.com/7794-1/","reference_id":"USN-7794-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7794-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049561?format=json","purl":"pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1"}],"aliases":["CVE-2025-59682","GHSA-q95w-c7qg-hrff"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c6xy-v4sf-u3hn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6473?format=json","vulnerability_id":"VCID-c8s7-3g9m-d3cw","summary":"In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses. (validate_ipv4_address and validate_ipv46_address are unaffected with Python 3.9.5+..) .","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33571.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33571.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33571","reference_id":"","reference_type":"","scores":[{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10044","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10027","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10034","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09973","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09934","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09964","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09899","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09732","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09814","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09855","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09842","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09694","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09741","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09724","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09841","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09857","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09893","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09887","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09834","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09762","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09862","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09812","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33571"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33571","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33571"},{"reference_url":"https://docs.djangoproject.com/en/3.2/releases/security","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/3.2/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/3.2/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/3.2/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-p99v-5w3c-jqq9","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p99v-5w3c-jqq9"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/203d4ab9ebcd72fc4d6eb7398e66ed9e474e118e","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/203d4ab9ebcd72fc4d6eb7398e66ed9e474e118e"},{"reference_url":"https://github.com/django/django/commit/9f75e2e562fa0c0482f3dde6fc7399a9070b4a3d","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/9f75e2e562fa0c0482f3dde6fc7399a9070b4a3d"},{"reference_url":"https://github.com/django/django/commit/f27c38ab5d90f68c9dd60cabef248a570c0be8fc","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/f27c38ab5d90f68c9dd60cabef248a570c0be8fc"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-99.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-99.yaml"},{"reference_url":"https://groups.google.com/g/django-announce/c/sPyjSKMi8Eo","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/django-announce/c/sPyjSKMi8Eo"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33571","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33571"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210727-0004","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210727-0004"},{"reference_url":"https://www.djangoproject.com/weblog/2021/jun/02/security-releases","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2021/jun/02/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2021/jun/02/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2021/jun/02/security-releases/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966253","reference_id":"1966253","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966253"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989394","reference_id":"989394","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989394"},{"reference_url":"https://security.archlinux.org/ASA-202106-41","reference_id":"ASA-202106-41","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-41"},{"reference_url":"https://security.archlinux.org/AVG-2026","reference_id":"AVG-2026","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2026"},{"reference_url":"https://security.gentoo.org/glsa/202509-03","reference_id":"GLSA-202509-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202509-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3490","reference_id":"RHSA-2021:3490","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3490"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4702","reference_id":"RHSA-2021:4702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4702"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5070","reference_id":"RHSA-2021:5070","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5070"},{"reference_url":"https://usn.ubuntu.com/4975-1/","reference_id":"USN-4975-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4975-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049560?format=json","purl":"pkg:deb/debian/python-django@2:2.2.28-1~deb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2"}],"aliases":["BIT-django-2021-33571","CVE-2021-33571","GHSA-p99v-5w3c-jqq9","PYSEC-2021-99"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c8s7-3g9m-d3cw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12049?format=json","vulnerability_id":"VCID-e2jd-yd4j-kqgt","summary":"Django allows enumeration of user e-mail addresses\nAn issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45231.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45231.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45231","reference_id":"","reference_type":"","scores":[{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46356","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46339","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46267","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46235","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46294","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46273","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46207","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46302","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46354","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46342","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.4636","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46331","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46355","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46299","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46351","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46415","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46418","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46361","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.4635","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46379","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/3c733c78d6f8e50296d6e248968b6516c92a53ca","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/3c733c78d6f8e50296d6e248968b6516c92a53ca"},{"reference_url":"https://github.com/django/django/commit/96d84047715ea1715b4bd1594e46122b8a77b9e2","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/96d84047715ea1715b4bd1594e46122b8a77b9e2"},{"reference_url":"https://github.com/django/django/commit/bf4888d317ba4506d091eeac6e8b4f1fcc731199","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/bf4888d317ba4506d091eeac6e8b4f1fcc731199"},{"reference_url":"https://groups.google.com/forum/#%21forum/django-announce","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:35:34Z/"}],"url":"https://groups.google.com/forum/#%21forum/django-announce"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45231","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45231"},{"reference_url":"https://www.djangoproject.com/weblog/2024/sep/03/security-releases","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2024/sep/03/security-releases"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2314496","reference_id":"2314496","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2314496"},{"reference_url":"https://github.com/advisories/GHSA-rrqc-c2jx-6jgv","reference_id":"GHSA-rrqc-c2jx-6jgv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rrqc-c2jx-6jgv"},{"reference_url":"https://security.gentoo.org/glsa/202509-03","reference_id":"GLSA-202509-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202509-03"},{"reference_url":"https://usn.ubuntu.com/6987-1/","reference_id":"USN-6987-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6987-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049561?format=json","purl":"pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1"}],"aliases":["CVE-2024-45231","GHSA-rrqc-c2jx-6jgv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e2jd-yd4j-kqgt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14706?format=json","vulnerability_id":"VCID-e87q-1j8h-93hh","summary":"An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (The django.db.models.GenericIPAddressField model field is not affected.)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56374.json","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56374.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-56374","reference_id":"","reference_type":"","scores":[{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24475","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24496","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24443","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24457","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24512","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24537","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24545","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24532","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24586","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24629","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24612","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24686","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24724","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24567","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24481","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24451","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24372","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24353","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24417","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24355","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24276","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24401","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-56374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T19:40:35Z/"}],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/4806731e58f3e8700a3c802e77899d54ac6021fe","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/4806731e58f3e8700a3c802e77899d54ac6021fe"},{"reference_url":"https://github.com/django/django/commit/ad866a1ca3e7d60da888d25d27e46a8adb2ed36e","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/ad866a1ca3e7d60da888d25d27e46a8adb2ed36e"},{"reference_url":"https://github.com/django/django/commit/ca2be7724e1244a4cb723de40a070f873c6e94bf","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/ca2be7724e1244a4cb723de40a070f873c6e94bf"},{"reference_url":"https://github.com/django/django/commit/e8d4a2005955dcf962193600b53bf461b190b455","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/e8d4a2005955dcf962193600b53bf461b190b455"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-1.yaml"},{"reference_url":"https://groups.google.com/g/django-announce","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T19:40:35Z/"}],"url":"https://groups.google.com/g/django-announce"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00024.html","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00024.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-56374","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-56374"},{"reference_url":"https://www.djangoproject.com/weblog/2025/jan/14/security-releases","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2025/jan/14/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2025/jan/14/security-releases/","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T19:40:35Z/"}],"url":"https://www.djangoproject.com/weblog/2025/jan/14/security-releases/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/01/14/2","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/01/14/2"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093049","reference_id":"1093049","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093049"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2337996","reference_id":"2337996","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2337996"},{"reference_url":"https://github.com/advisories/GHSA-qcgg-j2x8-h9g8","reference_id":"GHSA-qcgg-j2x8-h9g8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qcgg-j2x8-h9g8"},{"reference_url":"https://security.gentoo.org/glsa/202509-03","reference_id":"GLSA-202509-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202509-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0722","reference_id":"RHSA-2025:0722","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0722"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0777","reference_id":"RHSA-2025:0777","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0777"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0782","reference_id":"RHSA-2025:0782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2399","reference_id":"RHSA-2025:2399","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:2399"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4576","reference_id":"RHSA-2025:4576","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4576"},{"reference_url":"https://usn.ubuntu.com/7205-1/","reference_id":"USN-7205-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7205-1/"},{"reference_url":"https://usn.ubuntu.com/7205-2/","reference_id":"USN-7205-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7205-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049561?format=json","purl":"pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1"}],"aliases":["BIT-django-2024-56374","CVE-2024-56374","GHSA-qcgg-j2x8-h9g8","PYSEC-2025-1"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e87q-1j8h-93hh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7754?format=json","vulnerability_id":"VCID-gp5e-nguh-5fdk","summary":"An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23833.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23833.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23833","reference_id":"","reference_type":"","scores":[{"value":"0.0142","scoring_system":"epss","scoring_elements":"0.80783","published_at":"2026-05-16T12:55:00Z"},{"value":"0.0142","scoring_system":"epss","scoring_elements":"0.8078","published_at":"2026-05-15T12:55:00Z"},{"value":"0.0142","scoring_system":"epss","scoring_elements":"0.80777","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0142","scoring_system":"epss","scoring_elements":"0.80734","published_at":"2026-05-12T12:55:00Z"},{"value":"0.03594","scoring_system":"epss","scoring_elements":"0.87793","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03594","scoring_system":"epss","scoring_elements":"0.87841","published_at":"2026-05-11T12:55:00Z"},{"value":"0.03594","scoring_system":"epss","scoring_elements":"0.87844","published_at":"2026-05-09T12:55:00Z"},{"value":"0.03594","scoring_system":"epss","scoring_elements":"0.8776","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03594","scoring_system":"epss","scoring_elements":"0.87754","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03594","scoring_system":"epss","scoring_elements":"0.87733","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03594","scoring_system":"epss","scoring_elements":"0.87731","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03594","scoring_system":"epss","scoring_elements":"0.87718","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03594","scoring_system":"epss","scoring_elements":"0.87826","published_at":"2026-05-07T12:55:00Z"},{"value":"0.03594","scoring_system":"epss","scoring_elements":"0.87812","published_at":"2026-05-05T12:55:00Z"},{"value":"0.03594","scoring_system":"epss","scoring_elements":"0.87797","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03594","scoring_system":"epss","scoring_elements":"0.878","published_at":"2026-04-26T12:55:00Z"},{"value":"0.03594","scoring_system":"epss","scoring_elements":"0.87776","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03594","scoring_system":"epss","scoring_elements":"0.87777","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03594","scoring_system":"epss","scoring_elements":"0.87778","published_at":"2026-04-16T12:55:00Z"},{"value":"0.03594","scoring_system":"epss","scoring_elements":"0.87764","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03594","scoring_system":"epss","scoring_elements":"0.87766","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03594","scoring_system":"epss","scoring_elements":"0.87771","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22818","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22818"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28346","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28346"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28347","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28347"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34265","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34265"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41323","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41323"},{"reference_url":"https://docs.djangoproject.com/en/4.0/releases/security","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/4.0/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/4.0/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.0/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-6cw3-g6wv-c2xv","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6cw3-g6wv-c2xv"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/c477b761804984c932704554ad35f78a2e230c6a","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/c477b761804984c932704554ad35f78a2e230c6a"},{"reference_url":"https://github.com/django/django/commit/d16133568ef9c9b42cb7a08bdf9ff3feec2e5468","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/d16133568ef9c9b42cb7a08bdf9ff3feec2e5468"},{"reference_url":"https://github.com/django/django/commit/f9c7d48fdd6f198a6494a9202f90242f176e4fc9","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/f9c7d48fdd6f198a6494a9202f90242f176e4fc9"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-20.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-20.yaml"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220221-0003","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220221-0003"},{"reference_url":"https://www.debian.org/security/2022/dsa-5254","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2022/dsa-5254"},{"reference_url":"https://www.djangoproject.com/weblog/2022/feb/01/security-releases","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2022/feb/01/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2022/feb/01/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2022/feb/01/security-releases/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004752","reference_id":"1004752","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004752"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2048778","reference_id":"2048778","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2048778"},{"reference_url":"https://security.archlinux.org/AVG-2808","reference_id":"AVG-2808","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2808"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23833","reference_id":"CVE-2022-23833","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23833"},{"reference_url":"https://security.gentoo.org/glsa/202509-03","reference_id":"GLSA-202509-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202509-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5498","reference_id":"RHSA-2022:5498","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5498"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8853","reference_id":"RHSA-2022:8853","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8853"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8872","reference_id":"RHSA-2022:8872","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8872"},{"reference_url":"https://usn.ubuntu.com/5269-1/","reference_id":"USN-5269-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5269-1/"},{"reference_url":"https://usn.ubuntu.com/5269-2/","reference_id":"USN-5269-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5269-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049560?format=json","purl":"pkg:deb/debian/python-django@2:2.2.28-1~deb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2"}],"aliases":["BIT-django-2022-23833","CVE-2022-23833","GHSA-6cw3-g6wv-c2xv","PYSEC-2022-20"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gp5e-nguh-5fdk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7507?format=json","vulnerability_id":"VCID-hwa2-n7a2-pyg1","summary":"An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45116.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45116.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-45116","reference_id":"","reference_type":"","scores":[{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.5704","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57044","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57093","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57112","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57092","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57161","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57182","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57186","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57158","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57178","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57199","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57187","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57185","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57133","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57157","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57135","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57209","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57204","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57188","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57125","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.571","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57152","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57089","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-45116"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45116","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45116"},{"reference_url":"https://docs.djangoproject.com/en/4.0/releases/security","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/4.0/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/4.0/releases/security/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-22T15:36:53Z/"}],"url":"https://docs.djangoproject.com/en/4.0/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-8c5j-9r9f-c6w8","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8c5j-9r9f-c6w8"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/2a8ec7f546d6d5806e221ec948c5146b55bd7489","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/2a8ec7f546d6d5806e221ec948c5146b55bd7489"},{"reference_url":"https://github.com/django/django/commit/c7fe895bca06daf12cc1670b56eaf72a1ef27a16","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/c7fe895bca06daf12cc1670b56eaf72a1ef27a16"},{"reference_url":"https://github.com/django/django/commit/c9f648ccfac5ab90fb2829a66da4f77e68c7f93a","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/c9f648ccfac5ab90fb2829a66da4f77e68c7f93a"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-2.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-2.yaml"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220121-0005","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220121-0005"},{"reference_url":"https://www.djangoproject.com/weblog/2022/jan/04/security-releases","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2022/jan/04/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2022/jan/04/security-releases/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-22T15:36:53Z/"}],"url":"https://www.djangoproject.com/weblog/2022/jan/04/security-releases/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003113","reference_id":"1003113","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003113"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2037025","reference_id":"2037025","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2037025"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV/","reference_id":"B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-22T15:36:53Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-45116","reference_id":"CVE-2021-45116","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-45116"},{"reference_url":"https://security.gentoo.org/glsa/202509-03","reference_id":"GLSA-202509-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202509-03"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220121-0005/","reference_id":"ntap-20220121-0005","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-22T15:36:53Z/"}],"url":"https://security.netapp.com/advisory/ntap-20220121-0005/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5498","reference_id":"RHSA-2022:5498","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5498"},{"reference_url":"https://usn.ubuntu.com/5204-1/","reference_id":"USN-5204-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5204-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049560?format=json","purl":"pkg:deb/debian/python-django@2:2.2.28-1~deb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2"}],"aliases":["BIT-django-2021-45116","CVE-2021-45116","GHSA-8c5j-9r9f-c6w8","PYSEC-2022-2"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hwa2-n7a2-pyg1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6093?format=json","vulnerability_id":"VCID-j4br-4y39-s3gs","summary":"An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13596.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13596.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13596","reference_id":"","reference_type":"","scores":[{"value":"0.00812","scoring_system":"epss","scoring_elements":"0.74415","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00812","scoring_system":"epss","scoring_elements":"0.7443","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00812","scoring_system":"epss","scoring_elements":"0.74421","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.7701","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.7698","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.7699","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.76978","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.7697","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.76872","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.77032","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.77016","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.77029","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.76903","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.76923","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.76896","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.76885","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.76854","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.76836","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.76843","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.76936","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.76945","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.7694","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.76898","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13596"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13254","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13254"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13596","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13596"},{"reference_url":"https://docs.djangoproject.com/en/3.0/releases/security","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/3.0/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/3.0/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/3.0/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-2m34-jcjv-45xf","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2m34-jcjv-45xf"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/1f2dd37f6fcefdd10ed44cb233b2e62b520afb38","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/1f2dd37f6fcefdd10ed44cb233b2e62b520afb38"},{"reference_url":"https://github.com/django/django/commit/6d61860b22875f358fac83d903dc629897934815","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/6d61860b22875f358fac83d903dc629897934815"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-32.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-32.yaml"},{"reference_url":"https://groups.google.com/forum/#!msg/django-announce/pPEmb2ot4Fo/X-SMalYSBAAJ","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!msg/django-announce/pPEmb2ot4Fo/X-SMalYSBAAJ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13596","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13596"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200611-0002","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200611-0002"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200611-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20200611-0002/"},{"reference_url":"https://usn.ubuntu.com/4381-1","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4381-1"},{"reference_url":"https://usn.ubuntu.com/4381-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4381-1/"},{"reference_url":"https://usn.ubuntu.com/4381-2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4381-2"},{"reference_url":"https://usn.ubuntu.com/4381-2/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4381-2/"},{"reference_url":"https://www.debian.org/security/2020/dsa-4705","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2020/dsa-4705"},{"reference_url":"https://www.djangoproject.com/weblog/2020/jun/03/security-releases","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2020/jun/03/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2020/jun/03/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2020/jun/03/security-releases/"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2021.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1843625","reference_id":"1843625","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1843625"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962323","reference_id":"962323","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962323"},{"reference_url":"https://security.archlinux.org/ASA-202006-8","reference_id":"ASA-202006-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202006-8"},{"reference_url":"https://security.archlinux.org/AVG-1176","reference_id":"AVG-1176","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1176"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049560?format=json","purl":"pkg:deb/debian/python-django@2:2.2.28-1~deb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2"}],"aliases":["BIT-django-2020-13596","CVE-2020-13596","GHSA-2m34-jcjv-45xf","PYSEC-2020-32"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j4br-4y39-s3gs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12636?format=json","vulnerability_id":"VCID-jh1e-72hp-fuf4","summary":"In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27351.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27351.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27351","reference_id":"","reference_type":"","scores":[{"value":"0.01855","scoring_system":"epss","scoring_elements":"0.82977","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02611","scoring_system":"epss","scoring_elements":"0.85808","published_at":"2026-05-15T12:55:00Z"},{"value":"0.02611","scoring_system":"epss","scoring_elements":"0.85799","published_at":"2026-05-14T12:55:00Z"},{"value":"0.02611","scoring_system":"epss","scoring_elements":"0.85599","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02611","scoring_system":"epss","scoring_elements":"0.85604","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02611","scoring_system":"epss","scoring_elements":"0.85624","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02611","scoring_system":"epss","scoring_elements":"0.85763","published_at":"2026-05-12T12:55:00Z"},{"value":"0.02611","scoring_system":"epss","scoring_elements":"0.85646","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02611","scoring_system":"epss","scoring_elements":"0.85809","published_at":"2026-05-16T12:55:00Z"},{"value":"0.02611","scoring_system":"epss","scoring_elements":"0.85642","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02611","scoring_system":"epss","scoring_elements":"0.8565","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02611","scoring_system":"epss","scoring_elements":"0.85635","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02611","scoring_system":"epss","scoring_elements":"0.85751","published_at":"2026-05-11T12:55:00Z"},{"value":"0.02611","scoring_system":"epss","scoring_elements":"0.85755","published_at":"2026-05-09T12:55:00Z"},{"value":"0.02611","scoring_system":"epss","scoring_elements":"0.85738","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02611","scoring_system":"epss","scoring_elements":"0.85717","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02611","scoring_system":"epss","scoring_elements":"0.85701","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02611","scoring_system":"epss","scoring_elements":"0.85698","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02611","scoring_system":"epss","scoring_elements":"0.85687","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02611","scoring_system":"epss","scoring_elements":"0.8567","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02611","scoring_system":"epss","scoring_elements":"0.85665","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460"},{"reference_url":"https://docs.djangoproject.com/en/5.0/releases/security","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/5.0/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/5.0/releases/security/","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T19:41:21Z/"}],"url":"https://docs.djangoproject.com/en/5.0/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/072963e4c4d0b3a7a8c5412bc0c7d27d1a9c3521","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/072963e4c4d0b3a7a8c5412bc0c7d27d1a9c3521"},{"reference_url":"https://github.com/django/django/commit/3394fc6132436eca89e997083bae9985fb7e761e","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/3394fc6132436eca89e997083bae9985fb7e761e"},{"reference_url":"https://github.com/django/django/commit/3c9a2771cc80821e041b16eb36c1c37af5349d4a","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/3c9a2771cc80821e041b16eb36c1c37af5349d4a"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-47.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-47.yaml"},{"reference_url":"https://groups.google.com/forum/#%21forum/django-announce","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T19:41:21Z/"}],"url":"https://groups.google.com/forum/#%21forum/django-announce"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27351","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27351"},{"reference_url":"https://www.djangoproject.com/weblog/2024/mar/04/security-releases","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2024/mar/04/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2024/mar/04/security-releases/","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T19:41:21Z/"}],"url":"https://www.djangoproject.com/weblog/2024/mar/04/security-releases/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/03/04/1","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T19:41:21Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/03/04/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2266045","reference_id":"2266045","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2266045"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX/","reference_id":"D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T19:41:21Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX/"},{"reference_url":"https://github.com/advisories/GHSA-vm8q-m57g-pff3","reference_id":"GHSA-vm8q-m57g-pff3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vm8q-m57g-pff3"},{"reference_url":"https://security.gentoo.org/glsa/202509-03","reference_id":"GLSA-202509-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202509-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1878","reference_id":"RHSA-2024:1878","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1878"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3781","reference_id":"RHSA-2024:3781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5662","reference_id":"RHSA-2024:5662","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5662"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4187","reference_id":"RHSA-2025:4187","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4187"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6/","reference_id":"SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T19:41:21Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6/"},{"reference_url":"https://usn.ubuntu.com/6674-1/","reference_id":"USN-6674-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6674-1/"},{"reference_url":"https://usn.ubuntu.com/6674-2/","reference_id":"USN-6674-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6674-2/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/","reference_id":"ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T19:41:21Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049561?format=json","purl":"pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1"}],"aliases":["BIT-django-2024-27351","CVE-2024-27351","GHSA-vm8q-m57g-pff3","PYSEC-2024-47"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jh1e-72hp-fuf4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5916?format=json","vulnerability_id":"VCID-jtru-9jmz-kkek","summary":"An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.strip_tags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14233.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14233.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14233","reference_id":"","reference_type":"","scores":[{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89145","published_at":"2026-04-12T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.8925","published_at":"2026-05-16T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.8924","published_at":"2026-05-14T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89221","published_at":"2026-05-12T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89211","published_at":"2026-05-11T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89187","published_at":"2026-05-05T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89179","published_at":"2026-04-29T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89175","published_at":"2026-04-26T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89169","published_at":"2026-04-24T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89153","published_at":"2026-04-21T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89156","published_at":"2026-04-18T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89143","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89148","published_at":"2026-04-11T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89138","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89132","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89115","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89112","published_at":"2026-04-04T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89098","published_at":"2026-04-02T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89089","published_at":"2026-04-01T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89215","published_at":"2026-05-09T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89204","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14233"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14233","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14233"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14234","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14234"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14235","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14235"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-h5jv-4p7w-64jg","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h5jv-4p7w-64jg"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-12.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-12.yaml"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14233","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14233"},{"reference_url":"https://seclists.org/bugtraq/2019/Aug/15","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/Aug/15"},{"reference_url":"https://security.gentoo.org/glsa/202004-17","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202004-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190828-0002","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20190828-0002"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190828-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190828-0002/"},{"reference_url":"https://www.debian.org/security/2019/dsa-4498","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4498"},{"reference_url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1734410","reference_id":"1734410","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1734410"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934026","reference_id":"934026","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934026"},{"reference_url":"https://security.archlinux.org/ASA-201908-2","reference_id":"ASA-201908-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-2"},{"reference_url":"https://security.archlinux.org/AVG-1015","reference_id":"AVG-1015","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1015"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1324","reference_id":"RHSA-2020:1324","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1324"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4390","reference_id":"RHSA-2020:4390","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4390"},{"reference_url":"https://usn.ubuntu.com/4084-1/","reference_id":"USN-4084-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4084-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049560?format=json","purl":"pkg:deb/debian/python-django@2:2.2.28-1~deb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2"}],"aliases":["CVE-2019-14233","GHSA-h5jv-4p7w-64jg","PYSEC-2019-12"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jtru-9jmz-kkek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6328?format=json","vulnerability_id":"VCID-kypj-ptb9-8qhz","summary":"In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31542.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31542.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31542","reference_id":"","reference_type":"","scores":[{"value":"0.06886","scoring_system":"epss","scoring_elements":"0.91476","published_at":"2026-05-16T12:55:00Z"},{"value":"0.06886","scoring_system":"epss","scoring_elements":"0.91371","published_at":"2026-04-09T12:55:00Z"},{"value":"0.06886","scoring_system":"epss","scoring_elements":"0.9138","published_at":"2026-04-13T12:55:00Z"},{"value":"0.06886","scoring_system":"epss","scoring_elements":"0.91381","published_at":"2026-04-12T12:55:00Z"},{"value":"0.06886","scoring_system":"epss","scoring_elements":"0.91378","published_at":"2026-04-11T12:55:00Z"},{"value":"0.06886","scoring_system":"epss","scoring_elements":"0.91364","published_at":"2026-04-08T12:55:00Z"},{"value":"0.06886","scoring_system":"epss","scoring_elements":"0.91469","published_at":"2026-05-14T12:55:00Z"},{"value":"0.06886","scoring_system":"epss","scoring_elements":"0.9146","published_at":"2026-05-12T12:55:00Z"},{"value":"0.06886","scoring_system":"epss","scoring_elements":"0.9145","published_at":"2026-05-11T12:55:00Z"},{"value":"0.06886","scoring_system":"epss","scoring_elements":"0.91452","published_at":"2026-05-09T12:55:00Z"},{"value":"0.06886","scoring_system":"epss","scoring_elements":"0.91442","published_at":"2026-05-07T12:55:00Z"},{"value":"0.06886","scoring_system":"epss","scoring_elements":"0.91427","published_at":"2026-05-05T12:55:00Z"},{"value":"0.06886","scoring_system":"epss","scoring_elements":"0.91412","published_at":"2026-04-29T12:55:00Z"},{"value":"0.06886","scoring_system":"epss","scoring_elements":"0.91413","published_at":"2026-04-26T12:55:00Z"},{"value":"0.06886","scoring_system":"epss","scoring_elements":"0.9133","published_at":"2026-04-01T12:55:00Z"},{"value":"0.06886","scoring_system":"epss","scoring_elements":"0.91334","published_at":"2026-04-02T12:55:00Z"},{"value":"0.06886","scoring_system":"epss","scoring_elements":"0.91344","published_at":"2026-04-04T12:55:00Z"},{"value":"0.06886","scoring_system":"epss","scoring_elements":"0.91352","published_at":"2026-04-07T12:55:00Z"},{"value":"0.06886","scoring_system":"epss","scoring_elements":"0.91415","published_at":"2026-04-24T12:55:00Z"},{"value":"0.06886","scoring_system":"epss","scoring_elements":"0.91403","published_at":"2026-04-18T12:55:00Z"},{"value":"0.06886","scoring_system":"epss","scoring_elements":"0.91405","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31542"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31542","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31542"},{"reference_url":"https://docs.djangoproject.com/en/3.2/releases/security","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/3.2/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/3.2/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/3.2/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-rxjp-mfm9-w4wr","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rxjp-mfm9-w4wr"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/04ac1624bdc2fa737188401757cf95ced122d26d","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/04ac1624bdc2fa737188401757cf95ced122d26d"},{"reference_url":"https://github.com/django/django/commit/25d84d64122c15050a0ee739e859f22ddab5ac48","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/25d84d64122c15050a0ee739e859f22ddab5ac48"},{"reference_url":"https://github.com/django/django/commit/c98f446c188596d4ba6de71d1b77b4a6c5c2a007","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/c98f446c188596d4ba6de71d1b77b4a6c5c2a007"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-7.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-7.yaml"},{"reference_url":"https://groups.google.com/forum/#%21forum/django-announce","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#%21forum/django-announce"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/05/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/05/msg00005.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-31542","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-31542"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210618-0001","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210618-0001"},{"reference_url":"https://www.djangoproject.com/weblog/2021/may/04/security-releases","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2021/may/04/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2021/may/04/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2021/may/04/security-releases/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/05/04/3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2021/05/04/3"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1954294","reference_id":"1954294","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1954294"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988053","reference_id":"988053","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988053"},{"reference_url":"https://security.archlinux.org/AVG-1910","reference_id":"AVG-1910","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1910"},{"reference_url":"https://security.gentoo.org/glsa/202509-03","reference_id":"GLSA-202509-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202509-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4702","reference_id":"RHSA-2021:4702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4702"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5070","reference_id":"RHSA-2021:5070","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5070"},{"reference_url":"https://usn.ubuntu.com/4932-1/","reference_id":"USN-4932-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4932-1/"},{"reference_url":"https://usn.ubuntu.com/4932-2/","reference_id":"USN-4932-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4932-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049560?format=json","purl":"pkg:deb/debian/python-django@2:2.2.28-1~deb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2"}],"aliases":["BIT-django-2021-31542","CVE-2021-31542","GHSA-rxjp-mfm9-w4wr","PYSEC-2021-7"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kypj-ptb9-8qhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13433?format=json","vulnerability_id":"VCID-m91a-6235-nye9","summary":"An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42005.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42005.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42005","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55877","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55859","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55799","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55772","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55818","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55761","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55713","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55768","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55848","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55873","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55863","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.5586","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55809","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55829","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55807","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55793","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55775","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55874","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.5587","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55834","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55852","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-16T20:19:17Z/"}],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/32ebcbf2e1fe3e5ba79a6554a167efce81f7422d","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/32ebcbf2e1fe3e5ba79a6554a167efce81f7422d"},{"reference_url":"https://github.com/django/django/commit/f4af67b9b41e0f4c117a8741da3abbd1c869ab28","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/f4af67b9b41e0f4c117a8741da3abbd1c869ab28"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-70.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-70.yaml"},{"reference_url":"https://groups.google.com/forum/#%21forum/django-announce","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-16T20:19:17Z/"}],"url":"https://groups.google.com/forum/#%21forum/django-announce"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-42005","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-42005"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240905-0007","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240905-0007"},{"reference_url":"https://www.djangoproject.com/weblog/2024/aug/06/security-releases","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2024/aug/06/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2024/aug/06/security-releases/","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-16T20:19:17Z/"}],"url":"https://www.djangoproject.com/weblog/2024/aug/06/security-releases/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074","reference_id":"1078074","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2302436","reference_id":"2302436","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2302436"},{"reference_url":"https://github.com/advisories/GHSA-pv4p-cwwg-4rph","reference_id":"GHSA-pv4p-cwwg-4rph","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pv4p-cwwg-4rph"},{"reference_url":"https://security.gentoo.org/glsa/202509-03","reference_id":"GLSA-202509-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202509-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6428","reference_id":"RHSA-2024:6428","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6428"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8906","reference_id":"RHSA-2024:8906","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8906"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1335","reference_id":"RHSA-2025:1335","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1335"},{"reference_url":"https://usn.ubuntu.com/6946-1/","reference_id":"USN-6946-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6946-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049561?format=json","purl":"pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1"}],"aliases":["BIT-django-2024-42005","CVE-2024-42005","GHSA-pv4p-cwwg-4rph","PYSEC-2024-70"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m91a-6235-nye9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6136?format=json","vulnerability_id":"VCID-mmay-juu6-5ua9","summary":"An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24584.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24584.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-24584","reference_id":"","reference_type":"","scores":[{"value":"0.0329","scoring_system":"epss","scoring_elements":"0.87158","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0329","scoring_system":"epss","scoring_elements":"0.87199","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0329","scoring_system":"epss","scoring_elements":"0.87192","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0329","scoring_system":"epss","scoring_elements":"0.87172","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0329","scoring_system":"epss","scoring_elements":"0.87175","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0329","scoring_system":"epss","scoring_elements":"0.87346","published_at":"2026-05-16T12:55:00Z"},{"value":"0.0329","scoring_system":"epss","scoring_elements":"0.87345","published_at":"2026-05-15T12:55:00Z"},{"value":"0.0329","scoring_system":"epss","scoring_elements":"0.87336","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0329","scoring_system":"epss","scoring_elements":"0.87302","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0329","scoring_system":"epss","scoring_elements":"0.87287","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0329","scoring_system":"epss","scoring_elements":"0.87147","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0329","scoring_system":"epss","scoring_elements":"0.87293","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0329","scoring_system":"epss","scoring_elements":"0.87273","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0329","scoring_system":"epss","scoring_elements":"0.87262","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0329","scoring_system":"epss","scoring_elements":"0.87242","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0329","scoring_system":"epss","scoring_elements":"0.87239","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0329","scoring_system":"epss","scoring_elements":"0.87233","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0329","scoring_system":"epss","scoring_elements":"0.87215","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0329","scoring_system":"epss","scoring_elements":"0.87221","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0329","scoring_system":"epss","scoring_elements":"0.87216","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0329","scoring_system":"epss","scoring_elements":"0.87201","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0329","scoring_system":"epss","scoring_elements":"0.87205","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0329","scoring_system":"epss","scoring_elements":"0.87211","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-24584"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24584","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24584"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-fr28-569j-53c4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fr28-569j-53c4"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/1853724acaf17ed7414d54c7d2b5563a25025a71","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/1853724acaf17ed7414d54c7d2b5563a25025a71"},{"reference_url":"https://github.com/django/django/commit/2b099caa5923afa8cfb5f1e8c0d56b6e0e81915b","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/2b099caa5923afa8cfb5f1e8c0d56b6e0e81915b"},{"reference_url":"https://github.com/django/django/commit/a3aebfdc8153dc230686b6d2454ccd32ed4c9e6f","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/a3aebfdc8153dc230686b6d2454ccd32ed4c9e6f"},{"reference_url":"https://github.com/django/django/commit/cdb367c92a0ba72ddc0cbd13ff42b0e6df709554","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/cdb367c92a0ba72ddc0cbd13ff42b0e6df709554"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-34.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-34.yaml"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/Gdqn58RqIDM","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/django-announce/Gdqn58RqIDM"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/zFCMdgUnutU","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/django-announce/zFCMdgUnutU"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2ZHO3GZCJMP3DDTXCNVFV6ED3W64NAU","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2ZHO3GZCJMP3DDTXCNVFV6ED3W64NAU"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2ZHO3GZCJMP3DDTXCNVFV6ED3W64NAU/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2ZHO3GZCJMP3DDTXCNVFV6ED3W64NAU/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLGFFLMF3X6USMJD7V5F5P4K2WVUTO3T","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLGFFLMF3X6USMJD7V5F5P4K2WVUTO3T"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLGFFLMF3X6USMJD7V5F5P4K2WVUTO3T/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLGFFLMF3X6USMJD7V5F5P4K2WVUTO3T/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCRPQCBTV3RZHKVZ6K6QOAANPRZQD3GI","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCRPQCBTV3RZHKVZ6K6QOAANPRZQD3GI"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCRPQCBTV3RZHKVZ6K6QOAANPRZQD3GI/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCRPQCBTV3RZHKVZ6K6QOAANPRZQD3GI/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-24584","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-24584"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200918-0004","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200918-0004"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200918-0004/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20200918-0004/"},{"reference_url":"https://usn.ubuntu.com/4479-1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4479-1"},{"reference_url":"https://usn.ubuntu.com/4479-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4479-1/"},{"reference_url":"https://www.djangoproject.com/weblog/2020/sep/01/security-releases","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2020/sep/01/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2020/sep/01/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2020/sep/01/security-releases/"},{"reference_url":"https://www.openwall.com/lists/oss-security/2020/09/01/2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2020/09/01/2"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2021.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1874492","reference_id":"1874492","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1874492"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969367","reference_id":"969367","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969367"},{"reference_url":"https://security.archlinux.org/ASA-202009-4","reference_id":"ASA-202009-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202009-4"},{"reference_url":"https://security.archlinux.org/AVG-1217","reference_id":"AVG-1217","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1217"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049560?format=json","purl":"pkg:deb/debian/python-django@2:2.2.28-1~deb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2"}],"aliases":["BIT-django-2020-24584","CVE-2020-24584","GHSA-fr28-569j-53c4","PYSEC-2020-34"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mmay-juu6-5ua9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/22292?format=json","vulnerability_id":"VCID-msge-1mfu-7qfa","summary":"Django has an SQL Injection issue\nAn issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.\n\n`.QuerySet.order_by()` is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in `FilteredRelation`. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\n\nDjango would like to thank Solomon Kebede for reporting this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1312.json","reference_id":"","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1312.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1312","reference_id":"","reference_type":"","scores":[{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01083","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01069","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01067","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01072","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01079","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01084","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01536","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01549","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01517","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01521","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01523","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.0153","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01539","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01541","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01534","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01446","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01527","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01433","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01443","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01444","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01529","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1312"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1312","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1312"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/005d60d97c4dfb117503bdb6f2facfcaf9315d84","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/005d60d97c4dfb117503bdb6f2facfcaf9315d84"},{"reference_url":"https://github.com/django/django/commit/69065ca869b0970dff8fdd8fafb390bf8b3bf222","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/69065ca869b0970dff8fdd8fafb390bf8b3bf222"},{"reference_url":"https://groups.google.com/g/django-announce","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:56:09Z/"}],"url":"https://groups.google.com/g/django-announce"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1312","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1312"},{"reference_url":"https://www.djangoproject.com/weblog/2026/feb/03/security-releases","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2026/feb/03/security-releases"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914","reference_id":"1126914","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436342","reference_id":"2436342","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436342"},{"reference_url":"https://github.com/advisories/GHSA-6426-9fv3-65x8","reference_id":"GHSA-6426-9fv3-65x8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6426-9fv3-65x8"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14835","reference_id":"RHSA-2026:14835","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14835"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2694","reference_id":"RHSA-2026:2694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3958","reference_id":"RHSA-2026:3958","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3958"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3959","reference_id":"RHSA-2026:3959","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3959"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3960","reference_id":"RHSA-2026:3960","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3960"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3962","reference_id":"RHSA-2026:3962","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3962"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6291","reference_id":"RHSA-2026:6291","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6291"},{"reference_url":"https://www.djangoproject.com/weblog/2026/feb/03/security-releases/","reference_id":"security-releases","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:56:09Z/"}],"url":"https://www.djangoproject.com/weblog/2026/feb/03/security-releases/"},{"reference_url":"https://usn.ubuntu.com/8009-1/","reference_id":"USN-8009-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8009-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049561?format=json","purl":"pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1"}],"aliases":["CVE-2026-1312","GHSA-6426-9fv3-65x8"],"risk_score":3.9,"exploitability":"0.5","weighted_severity":"7.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-msge-1mfu-7qfa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/21625?format=json","vulnerability_id":"VCID-mux4-uv98-hbbw","summary":"Django vulnerable to SQL injection in column aliases\nAn issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate(), and QuerySet.extra() are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to these methods (on MySQL and MariaDB).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59681.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59681.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59681","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02004","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02008","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02022","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.01937","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.01935","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.01955","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.01959","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.01991","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.01974","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.01975","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.01962","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02702","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02617","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02654","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02653","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.0268","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.0269","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02923","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02947","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/41b43c74bda19753c757036673ea9db74acf494a","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/41b43c74bda19753c757036673ea9db74acf494a"},{"reference_url":"https://github.com/django/django/commit/43d84aef04a9e71164c21a74885996981857e66e","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/43d84aef04a9e71164c21a74885996981857e66e"},{"reference_url":"https://groups.google.com/g/django-announce","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T19:12:04Z/"}],"url":"https://groups.google.com/g/django-announce"},{"reference_url":"https://www.djangoproject.com/weblog/2025/oct/01/security-releases","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2025/oct/01/security-releases"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/10/01/3","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/10/01/3"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116979","reference_id":"1116979","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116979"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2400449","reference_id":"2400449","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2400449"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59681","reference_id":"CVE-2025-59681","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59681"},{"reference_url":"https://github.com/advisories/GHSA-hpr9-3m2g-3j9p","reference_id":"GHSA-hpr9-3m2g-3j9p","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hpr9-3m2g-3j9p"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18984","reference_id":"RHSA-2025:18984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23196","reference_id":"RHSA-2025:23196","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23196"},{"reference_url":"https://www.djangoproject.com/weblog/2025/oct/01/security-releases/","reference_id":"security-releases","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T19:12:04Z/"}],"url":"https://www.djangoproject.com/weblog/2025/oct/01/security-releases/"},{"reference_url":"https://usn.ubuntu.com/7794-1/","reference_id":"USN-7794-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7794-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049561?format=json","purl":"pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1"}],"aliases":["CVE-2025-59681","GHSA-hpr9-3m2g-3j9p"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mux4-uv98-hbbw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7369?format=json","vulnerability_id":"VCID-mzdk-m12w-q3fc","summary":"In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44420.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44420.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44420","reference_id":"","reference_type":"","scores":[{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30501","published_at":"2026-05-16T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.305","published_at":"2026-05-15T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30487","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30421","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30398","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30473","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30464","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30535","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.3095","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30919","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30964","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.31007","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.31002","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30973","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30915","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.31097","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.3105","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30921","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30394","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30618","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30735","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30895","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30929","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44420"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44420","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44420"},{"reference_url":"https://docs.djangoproject.com/en/3.2/releases/security","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/3.2/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/3.2/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/3.2/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-v6rh-hp5x-86rv","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v6rh-hp5x-86rv"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/d4dcd5b9dd9e462fec8220e33e3e6c822b7e88a6","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/d4dcd5b9dd9e462fec8220e33e3e6c822b7e88a6"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-439.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-439.yaml"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV"},{"reference_url":"https://security.netapp.com/advisory/ntap-20211229-0006","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20211229-0006"},{"reference_url":"https://www.djangoproject.com/weblog/2021/dec/07/security-releases","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2021/dec/07/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2021/dec/07/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2021/dec/07/security-releases/"},{"reference_url":"https://www.openwall.com/lists/oss-security/2021/12/07/1","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2021/12/07/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2028178","reference_id":"2028178","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2028178"},{"reference_url":"https://security.archlinux.org/AVG-2605","reference_id":"AVG-2605","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2605"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-44420","reference_id":"CVE-2021-44420","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-44420"},{"reference_url":"https://security.gentoo.org/glsa/202509-03","reference_id":"GLSA-202509-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202509-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5498","reference_id":"RHSA-2022:5498","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5498"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0742","reference_id":"RHSA-2023:0742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0742"},{"reference_url":"https://usn.ubuntu.com/5178-1/","reference_id":"USN-5178-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5178-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049560?format=json","purl":"pkg:deb/debian/python-django@2:2.2.28-1~deb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2"}],"aliases":["BIT-django-2021-44420","CVE-2021-44420","GHSA-v6rh-hp5x-86rv","PYSEC-2021-439"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mzdk-m12w-q3fc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9946?format=json","vulnerability_id":"VCID-nese-5485-hkbs","summary":"In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23969.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23969.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-23969","reference_id":"","reference_type":"","scores":[{"value":"0.06091","scoring_system":"epss","scoring_elements":"0.90732","published_at":"2026-04-02T12:55:00Z"},{"value":"0.06091","scoring_system":"epss","scoring_elements":"0.90869","published_at":"2026-05-16T12:55:00Z"},{"value":"0.06091","scoring_system":"epss","scoring_elements":"0.9087","published_at":"2026-05-15T12:55:00Z"},{"value":"0.06091","scoring_system":"epss","scoring_elements":"0.90864","published_at":"2026-05-14T12:55:00Z"},{"value":"0.06091","scoring_system":"epss","scoring_elements":"0.90853","published_at":"2026-05-12T12:55:00Z"},{"value":"0.06091","scoring_system":"epss","scoring_elements":"0.90843","published_at":"2026-05-11T12:55:00Z"},{"value":"0.06091","scoring_system":"epss","scoring_elements":"0.90846","published_at":"2026-05-09T12:55:00Z"},{"value":"0.06091","scoring_system":"epss","scoring_elements":"0.90836","published_at":"2026-05-07T12:55:00Z"},{"value":"0.06091","scoring_system":"epss","scoring_elements":"0.90817","published_at":"2026-05-05T12:55:00Z"},{"value":"0.06091","scoring_system":"epss","scoring_elements":"0.908","published_at":"2026-04-29T12:55:00Z"},{"value":"0.06091","scoring_system":"epss","scoring_elements":"0.90805","published_at":"2026-04-26T12:55:00Z"},{"value":"0.06091","scoring_system":"epss","scoring_elements":"0.90777","published_at":"2026-04-13T12:55:00Z"},{"value":"0.06091","scoring_system":"epss","scoring_elements":"0.90743","published_at":"2026-04-04T12:55:00Z"},{"value":"0.06091","scoring_system":"epss","scoring_elements":"0.90754","published_at":"2026-04-07T12:55:00Z"},{"value":"0.06091","scoring_system":"epss","scoring_elements":"0.90765","published_at":"2026-04-08T12:55:00Z"},{"value":"0.06091","scoring_system":"epss","scoring_elements":"0.90771","published_at":"2026-04-09T12:55:00Z"},{"value":"0.06091","scoring_system":"epss","scoring_elements":"0.9078","published_at":"2026-04-12T12:55:00Z"},{"value":"0.06091","scoring_system":"epss","scoring_elements":"0.90804","published_at":"2026-04-24T12:55:00Z"},{"value":"0.06091","scoring_system":"epss","scoring_elements":"0.90793","published_at":"2026-04-21T12:55:00Z"},{"value":"0.06091","scoring_system":"epss","scoring_elements":"0.90796","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-23969"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23969","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23969"},{"reference_url":"https://docs.djangoproject.com/en/4.1/releases/security","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/4.1/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/4.1/releases/security/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-27T14:17:12Z/"}],"url":"https://docs.djangoproject.com/en/4.1/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/4452642f193533e288a52c02efb5bbc766a68f95","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/4452642f193533e288a52c02efb5bbc766a68f95"},{"reference_url":"https://github.com/django/django/commit/9d7bd5a56b1ce0576e8e07a8001373576d277942","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/9d7bd5a56b1ce0576e8e07a8001373576d277942"},{"reference_url":"https://github.com/django/django/commit/c7e0151fdf33e1b11d488b6f67b94fdf3a30614a","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/c7e0151fdf33e1b11d488b6f67b94fdf3a30614a"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-12.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-12.yaml"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00000.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-27T14:17:12Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00000.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230302-0007","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20230302-0007"},{"reference_url":"https://www.djangoproject.com/weblog/2023/feb/01/security-releases","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2023/feb/01/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2023/feb/01/security-releases/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-27T14:17:12Z/"}],"url":"https://www.djangoproject.com/weblog/2023/feb/01/security-releases/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030251","reference_id":"1030251","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030251"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2166457","reference_id":"2166457","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2166457"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-23969","reference_id":"CVE-2023-23969","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-23969"},{"reference_url":"https://github.com/advisories/GHSA-q2jf-h9jm-m7p4","reference_id":"GHSA-q2jf-h9jm-m7p4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q2jf-h9jm-m7p4"},{"reference_url":"https://security.gentoo.org/glsa/202509-03","reference_id":"GLSA-202509-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202509-03"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/","reference_id":"HWY6DQWRVBALV73BPUVBXC3QIYUM24IK","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-27T14:17:12Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/","reference_id":"LTZVAKU5ALQWOKFTPISE257VCVIYGFQI","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-27T14:17:12Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230302-0007/","reference_id":"ntap-20230302-0007","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-27T14:17:12Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230302-0007/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2097","reference_id":"RHSA-2023:2097","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2097"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2101","reference_id":"RHSA-2023:2101","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2101"},{"reference_url":"https://usn.ubuntu.com/5837-1/","reference_id":"USN-5837-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5837-1/"},{"reference_url":"https://usn.ubuntu.com/5837-2/","reference_id":"USN-5837-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5837-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049560?format=json","purl":"pkg:deb/debian/python-django@2:2.2.28-1~deb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2"}],"aliases":["BIT-django-2023-23969","CVE-2023-23969","GHSA-q2jf-h9jm-m7p4","PYSEC-2023-12"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nese-5485-hkbs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8796?format=json","vulnerability_id":"VCID-pa75-6avj-duf7","summary":"An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28346.json","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28346.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28346","reference_id":"","reference_type":"","scores":[{"value":"0.01971","scoring_system":"epss","scoring_elements":"0.83571","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01971","scoring_system":"epss","scoring_elements":"0.83609","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01971","scoring_system":"epss","scoring_elements":"0.83604","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01971","scoring_system":"epss","scoring_elements":"0.83597","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01971","scoring_system":"epss","scoring_elements":"0.83572","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01971","scoring_system":"epss","scoring_elements":"0.83536","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01971","scoring_system":"epss","scoring_elements":"0.83541","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01971","scoring_system":"epss","scoring_elements":"0.83547","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01971","scoring_system":"epss","scoring_elements":"0.83532","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01971","scoring_system":"epss","scoring_elements":"0.83522","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01971","scoring_system":"epss","scoring_elements":"0.83498","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01971","scoring_system":"epss","scoring_elements":"0.83484","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01971","scoring_system":"epss","scoring_elements":"0.83736","published_at":"2026-05-16T12:55:00Z"},{"value":"0.01971","scoring_system":"epss","scoring_elements":"0.83734","published_at":"2026-05-15T12:55:00Z"},{"value":"0.01971","scoring_system":"epss","scoring_elements":"0.83723","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01971","scoring_system":"epss","scoring_elements":"0.83688","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01971","scoring_system":"epss","scoring_elements":"0.83672","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01971","scoring_system":"epss","scoring_elements":"0.83654","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01971","scoring_system":"epss","scoring_elements":"0.83633","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28346"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22818","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22818"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28346","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28346"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28347","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28347"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34265","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34265"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41323","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41323"},{"reference_url":"https://docs.djangoproject.com/en/4.0/releases/security","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/4.0/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/4.0/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.0/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-2gwj-7jmv-h26r","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2gwj-7jmv-h26r"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/2044dac5c6968441be6f534c4139bcf48c5c7e48","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/2044dac5c6968441be6f534c4139bcf48c5c7e48"},{"reference_url":"https://github.com/django/django/commit/2c09e68ec911919360d5f8502cefc312f9e03c5d","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/2c09e68ec911919360d5f8502cefc312f9e03c5d"},{"reference_url":"https://github.com/django/django/commit/800828887a0509ad1162d6d407e94d8de7eafc60","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/800828887a0509ad1162d6d407e94d8de7eafc60"},{"reference_url":"https://github.com/django/django/commit/93cae5cb2f9a4ef1514cf1a41f714fef08005200","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/93cae5cb2f9a4ef1514cf1a41f714fef08005200"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-190.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-190.yaml"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/04/msg00013.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2022/04/msg00013.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220609-0002","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220609-0002"},{"reference_url":"https://www.debian.org/security/2022/dsa-5254","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2022/dsa-5254"},{"reference_url":"https://www.djangoproject.com/weblog/2022/apr/11/security-releases","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2022/apr/11/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2022/apr/11/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2022/apr/11/security-releases/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/04/11/1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/04/11/1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009677","reference_id":"1009677","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009677"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2072447","reference_id":"2072447","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2072447"},{"reference_url":"https://security.archlinux.org/ASA-202204-9","reference_id":"ASA-202204-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202204-9"},{"reference_url":"https://security.archlinux.org/AVG-2667","reference_id":"AVG-2667","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2667"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-28346","reference_id":"CVE-2022-28346","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-28346"},{"reference_url":"https://security.gentoo.org/glsa/202509-03","reference_id":"GLSA-202509-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202509-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5115","reference_id":"RHSA-2022:5115","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5115"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5498","reference_id":"RHSA-2022:5498","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5498"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5602","reference_id":"RHSA-2022:5602","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5602"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5702","reference_id":"RHSA-2022:5702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5702"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5703","reference_id":"RHSA-2022:5703","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5703"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8872","reference_id":"RHSA-2022:8872","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8872"},{"reference_url":"https://usn.ubuntu.com/5373-1/","reference_id":"USN-5373-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5373-1/"},{"reference_url":"https://usn.ubuntu.com/5373-2/","reference_id":"USN-5373-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5373-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049560?format=json","purl":"pkg:deb/debian/python-django@2:2.2.28-1~deb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2"}],"aliases":["BIT-django-2022-28346","CVE-2022-28346","GHSA-2gwj-7jmv-h26r","PYSEC-2022-190"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pa75-6avj-duf7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13212?format=json","vulnerability_id":"VCID-q12d-kv8p-8ff7","summary":"An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate() method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39329.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39329.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39329","reference_id":"","reference_type":"","scores":[{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37652","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37533","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37596","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37615","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37571","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37599","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37632","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37619","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37607","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37555","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37676","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37386","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37276","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37365","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37255","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37234","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37214","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37137","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37165","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37245","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37226","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37158","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-10T16:17:00Z/"}],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/07cefdee4a9d1fcd9a3a631cbd07c78defd1923b","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/07cefdee4a9d1fcd9a3a631cbd07c78defd1923b"},{"reference_url":"https://github.com/django/django/commit/156d3186c96e3ec2ca73b8b25dc2ef366e38df14","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/156d3186c96e3ec2ca73b8b25dc2ef366e38df14"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-57.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-57.yaml"},{"reference_url":"https://groups.google.com/forum/#%21forum/django-announce","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-10T16:17:00Z/"}],"url":"https://groups.google.com/forum/#%21forum/django-announce"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39329","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39329"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240808-0005","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240808-0005"},{"reference_url":"https://www.djangoproject.com/weblog/2024/jul/09/security-releases","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2024/jul/09/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2024/jul/09/security-releases/","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-10T16:17:00Z/"}],"url":"https://www.djangoproject.com/weblog/2024/jul/09/security-releases/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076069","reference_id":"1076069","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076069"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2295936","reference_id":"2295936","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2295936"},{"reference_url":"https://github.com/advisories/GHSA-x7q2-wr7g-xqmf","reference_id":"GHSA-x7q2-wr7g-xqmf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x7q2-wr7g-xqmf"},{"reference_url":"https://security.gentoo.org/glsa/202509-03","reference_id":"GLSA-202509-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202509-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6428","reference_id":"RHSA-2024:6428","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6428"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8906","reference_id":"RHSA-2024:8906","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8906"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:9481","reference_id":"RHSA-2024:9481","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:9481"},{"reference_url":"https://usn.ubuntu.com/6888-1/","reference_id":"USN-6888-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6888-1/"},{"reference_url":"https://usn.ubuntu.com/6888-2/","reference_id":"USN-6888-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6888-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049561?format=json","purl":"pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1"}],"aliases":["BIT-django-2024-39329","CVE-2024-39329","GHSA-x7q2-wr7g-xqmf","PYSEC-2024-57"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q12d-kv8p-8ff7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6472?format=json","vulnerability_id":"VCID-qm34-ec8s-tfd7","summary":"Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and only if) the default admindocs templates have been customized by application developers to also show file contents, then not only the existence but also the file contents would have been exposed. In other words, there is directory traversal outside of the template root directories.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33203.json","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33203.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33203","reference_id":"","reference_type":"","scores":[{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55678","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55679","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55664","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55605","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55579","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55489","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.5565","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55671","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55667","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55629","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55646","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55666","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55657","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55654","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55603","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55625","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.556","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55621","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55563","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55516","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55569","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55594","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55577","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33203"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33203","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33203"},{"reference_url":"https://docs.djangoproject.com/en/3.2/releases/security","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/3.2/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/3.2/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/3.2/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-68w8-qjq3-2gfm","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-68w8-qjq3-2gfm"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/053cc9534d174dc89daba36724ed2dcb36755b90","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/053cc9534d174dc89daba36724ed2dcb36755b90"},{"reference_url":"https://github.com/django/django/commit/20c67a0693c4ede2b09af02574823485e82e4c8f","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/20c67a0693c4ede2b09af02574823485e82e4c8f"},{"reference_url":"https://github.com/django/django/commit/dfaba12cda060b8b292ae1d271b44bf810b1c5b9","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/dfaba12cda060b8b292ae1d271b44bf810b1c5b9"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-98.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-98.yaml"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33203","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33203"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210727-0004","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210727-0004"},{"reference_url":"https://www.djangoproject.com/weblog/2021/jun/02/security-releases","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2021/jun/02/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2021/jun/02/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2021/jun/02/security-releases/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966251","reference_id":"1966251","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966251"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989394","reference_id":"989394","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989394"},{"reference_url":"https://security.archlinux.org/ASA-202106-41","reference_id":"ASA-202106-41","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-41"},{"reference_url":"https://security.archlinux.org/AVG-2026","reference_id":"AVG-2026","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2026"},{"reference_url":"https://security.gentoo.org/glsa/202509-03","reference_id":"GLSA-202509-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202509-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3490","reference_id":"RHSA-2021:3490","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3490"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4702","reference_id":"RHSA-2021:4702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4702"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5070","reference_id":"RHSA-2021:5070","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5070"},{"reference_url":"https://usn.ubuntu.com/4975-1/","reference_id":"USN-4975-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4975-1/"},{"reference_url":"https://usn.ubuntu.com/4975-2/","reference_id":"USN-4975-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4975-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049560?format=json","purl":"pkg:deb/debian/python-django@2:2.2.28-1~deb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2"}],"aliases":["BIT-django-2021-33203","CVE-2021-33203","GHSA-68w8-qjq3-2gfm","PYSEC-2021-98"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qm34-ec8s-tfd7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9022?format=json","vulnerability_id":"VCID-t6uc-dfrd-jyfg","summary":"An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34265.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34265.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34265","reference_id":"","reference_type":"","scores":[{"value":"0.92834","scoring_system":"epss","scoring_elements":"0.99769","published_at":"2026-05-16T12:55:00Z"},{"value":"0.92834","scoring_system":"epss","scoring_elements":"0.99768","published_at":"2026-05-12T12:55:00Z"},{"value":"0.92834","scoring_system":"epss","scoring_elements":"0.99767","published_at":"2026-05-07T12:55:00Z"},{"value":"0.92834","scoring_system":"epss","scoring_elements":"0.99766","published_at":"2026-04-24T12:55:00Z"},{"value":"0.92834","scoring_system":"epss","scoring_elements":"0.99765","published_at":"2026-04-21T12:55:00Z"},{"value":"0.92834","scoring_system":"epss","scoring_elements":"0.99762","published_at":"2026-04-02T12:55:00Z"},{"value":"0.92834","scoring_system":"epss","scoring_elements":"0.99764","published_at":"2026-04-18T12:55:00Z"},{"value":"0.92834","scoring_system":"epss","scoring_elements":"0.99763","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34265"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22818","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22818"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28346","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28346"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28347","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28347"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34265","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34265"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41323","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41323"},{"reference_url":"https://docs.djangoproject.com/en/4.0/releases/security","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/4.0/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/4.0/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.0/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-p64x-8rxx-wf6q","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p64x-8rxx-wf6q"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/0dc9c016fadb71a067e5a42be30164e3f96c0492","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/0dc9c016fadb71a067e5a42be30164e3f96c0492"},{"reference_url":"https://github.com/django/django/commit/5e2f4ddf2940704a26a4ac782b851989668d74db","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/5e2f4ddf2940704a26a4ac782b851989668d74db"},{"reference_url":"https://github.com/django/django/commit/877c800f255ccaa7abde1fb944de45d1616f5cc9","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/877c800f255ccaa7abde1fb944de45d1616f5cc9"},{"reference_url":"https://github.com/django/django/commit/a9010fe5555e6086a9d9ae50069579400ef0685e","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/a9010fe5555e6086a9d9ae50069579400ef0685e"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-213.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-213.yaml"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-34265","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-34265"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220818-0006","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220818-0006"},{"reference_url":"https://www.debian.org/security/2022/dsa-5254","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2022/dsa-5254"},{"reference_url":"https://www.djangoproject.com/weblog/2022/jul/04/security-releases","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2022/jul/04/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2022/jul/04/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2022/jul/04/security-releases/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014541","reference_id":"1014541","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014541"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2102896","reference_id":"2102896","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2102896"},{"reference_url":"https://security.archlinux.org/AVG-2788","reference_id":"AVG-2788","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2788"},{"reference_url":"https://security.gentoo.org/glsa/202509-03","reference_id":"GLSA-202509-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202509-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5738","reference_id":"RHSA-2022:5738","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5738"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8506","reference_id":"RHSA-2022:8506","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8506"},{"reference_url":"https://usn.ubuntu.com/5501-1/","reference_id":"USN-5501-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5501-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049560?format=json","purl":"pkg:deb/debian/python-django@2:2.2.28-1~deb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2"}],"aliases":["BIT-django-2022-34265","CVE-2022-34265","GHSA-p64x-8rxx-wf6q","PYSEC-2022-213"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t6uc-dfrd-jyfg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8807?format=json","vulnerability_id":"VCID-th9v-dk98-3kea","summary":"A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28347.json","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28347.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28347","reference_id":"","reference_type":"","scores":[{"value":"0.00668","scoring_system":"epss","scoring_elements":"0.71492","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00668","scoring_system":"epss","scoring_elements":"0.7148","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00668","scoring_system":"epss","scoring_elements":"0.71471","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00668","scoring_system":"epss","scoring_elements":"0.71415","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00668","scoring_system":"epss","scoring_elements":"0.71387","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00668","scoring_system":"epss","scoring_elements":"0.71363","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00668","scoring_system":"epss","scoring_elements":"0.71424","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00668","scoring_system":"epss","scoring_elements":"0.71389","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00668","scoring_system":"epss","scoring_elements":"0.71352","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00668","scoring_system":"epss","scoring_elements":"0.71366","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00668","scoring_system":"epss","scoring_elements":"0.71356","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01101","scoring_system":"epss","scoring_elements":"0.78034","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01101","scoring_system":"epss","scoring_elements":"0.78048","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01101","scoring_system":"epss","scoring_elements":"0.78043","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01101","scoring_system":"epss","scoring_elements":"0.78017","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01101","scoring_system":"epss","scoring_elements":"0.78005","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01101","scoring_system":"epss","scoring_elements":"0.78081","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01101","scoring_system":"epss","scoring_elements":"0.78088","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01101","scoring_system":"epss","scoring_elements":"0.78089","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01101","scoring_system":"epss","scoring_elements":"0.78054","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01101","scoring_system":"epss","scoring_elements":"0.78057","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01101","scoring_system":"epss","scoring_elements":"0.78075","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28347"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22818","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22818"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28346","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28346"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28347","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28347"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34265","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34265"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41323","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41323"},{"reference_url":"https://docs.djangoproject.com/en/4.0/releases/security","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/4.0/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/4.0/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.0/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-w24h-v9qh-8gxj","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w24h-v9qh-8gxj"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/00b0fc50e1738c7174c495464a5ef069408a4402","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/00b0fc50e1738c7174c495464a5ef069408a4402"},{"reference_url":"https://github.com/django/django/commit/29a6c98b4c13af82064f993f0acc6e8fafa4d3f5","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/29a6c98b4c13af82064f993f0acc6e8fafa4d3f5"},{"reference_url":"https://github.com/django/django/commit/6723a26e59b0b5429a0c5873941e01a2e1bdbb81","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/6723a26e59b0b5429a0c5873941e01a2e1bdbb81"},{"reference_url":"https://github.com/django/django/commit/9e19accb6e0a00ba77d5a95a91675bf18877c72d","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/9e19accb6e0a00ba77d5a95a91675bf18877c72d"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-191.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-191.yaml"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI"},{"reference_url":"https://www.debian.org/security/2022/dsa-5254","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2022/dsa-5254"},{"reference_url":"https://www.djangoproject.com/weblog/2022/apr/11/security-releases","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2022/apr/11/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2022/apr/11/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2022/apr/11/security-releases/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/04/11/1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/04/11/1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009677","reference_id":"1009677","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009677"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2072459","reference_id":"2072459","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2072459"},{"reference_url":"https://security.archlinux.org/ASA-202204-9","reference_id":"ASA-202204-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202204-9"},{"reference_url":"https://security.archlinux.org/AVG-2667","reference_id":"AVG-2667","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2667"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-28347","reference_id":"CVE-2022-28347","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-28347"},{"reference_url":"https://security.gentoo.org/glsa/202509-03","reference_id":"GLSA-202509-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202509-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5498","reference_id":"RHSA-2022:5498","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5498"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5602","reference_id":"RHSA-2022:5602","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5602"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5702","reference_id":"RHSA-2022:5702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5702"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5703","reference_id":"RHSA-2022:5703","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5703"},{"reference_url":"https://usn.ubuntu.com/5373-1/","reference_id":"USN-5373-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5373-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049560?format=json","purl":"pkg:deb/debian/python-django@2:2.2.28-1~deb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2"}],"aliases":["BIT-django-2022-28347","CVE-2022-28347","GHSA-w24h-v9qh-8gxj","PYSEC-2022-191"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-th9v-dk98-3kea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13196?format=json","vulnerability_id":"VCID-u3zk-tff2-aua9","summary":"An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39614.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39614.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39614","reference_id":"","reference_type":"","scores":[{"value":"0.06838","scoring_system":"epss","scoring_elements":"0.91304","published_at":"2026-04-02T12:55:00Z"},{"value":"0.06838","scoring_system":"epss","scoring_elements":"0.91334","published_at":"2026-04-08T12:55:00Z"},{"value":"0.06838","scoring_system":"epss","scoring_elements":"0.91348","published_at":"2026-04-13T12:55:00Z"},{"value":"0.06838","scoring_system":"epss","scoring_elements":"0.91349","published_at":"2026-04-12T12:55:00Z"},{"value":"0.06838","scoring_system":"epss","scoring_elements":"0.91346","published_at":"2026-04-11T12:55:00Z"},{"value":"0.06838","scoring_system":"epss","scoring_elements":"0.91339","published_at":"2026-04-09T12:55:00Z"},{"value":"0.06838","scoring_system":"epss","scoring_elements":"0.91444","published_at":"2026-05-16T12:55:00Z"},{"value":"0.06838","scoring_system":"epss","scoring_elements":"0.91437","published_at":"2026-05-14T12:55:00Z"},{"value":"0.06838","scoring_system":"epss","scoring_elements":"0.91428","published_at":"2026-05-12T12:55:00Z"},{"value":"0.06838","scoring_system":"epss","scoring_elements":"0.91418","published_at":"2026-05-11T12:55:00Z"},{"value":"0.06838","scoring_system":"epss","scoring_elements":"0.9142","published_at":"2026-05-09T12:55:00Z"},{"value":"0.06838","scoring_system":"epss","scoring_elements":"0.91411","published_at":"2026-05-07T12:55:00Z"},{"value":"0.06838","scoring_system":"epss","scoring_elements":"0.91314","published_at":"2026-04-04T12:55:00Z"},{"value":"0.06838","scoring_system":"epss","scoring_elements":"0.91395","published_at":"2026-05-05T12:55:00Z"},{"value":"0.06838","scoring_system":"epss","scoring_elements":"0.91381","published_at":"2026-04-29T12:55:00Z"},{"value":"0.06838","scoring_system":"epss","scoring_elements":"0.91382","published_at":"2026-04-24T12:55:00Z"},{"value":"0.06838","scoring_system":"epss","scoring_elements":"0.91321","published_at":"2026-04-07T12:55:00Z"},{"value":"0.06838","scoring_system":"epss","scoring_elements":"0.91371","published_at":"2026-04-18T12:55:00Z"},{"value":"0.06838","scoring_system":"epss","scoring_elements":"0.91373","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-10T13:29:40Z/"}],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/17358fb35fb7217423d4c4877ccb6d1a3a40b1c3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/17358fb35fb7217423d4c4877ccb6d1a3a40b1c3"},{"reference_url":"https://github.com/django/django/commit/8e7a44e4bec0f11474699c3111a5e0a45afe7f49","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/8e7a44e4bec0f11474699c3111a5e0a45afe7f49"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-59.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-59.yaml"},{"reference_url":"https://groups.google.com/forum/#%21forum/django-announce","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-10T13:29:40Z/"}],"url":"https://groups.google.com/forum/#%21forum/django-announce"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39614","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39614"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240808-0005","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240808-0005"},{"reference_url":"https://www.djangoproject.com/weblog/2024/jul/09/security-releases","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2024/jul/09/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2024/jul/09/security-releases/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-10T13:29:40Z/"}],"url":"https://www.djangoproject.com/weblog/2024/jul/09/security-releases/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076069","reference_id":"1076069","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076069"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2295938","reference_id":"2295938","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2295938"},{"reference_url":"https://github.com/advisories/GHSA-f6f8-9mx6-9mx2","reference_id":"GHSA-f6f8-9mx6-9mx2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f6f8-9mx6-9mx2"},{"reference_url":"https://security.gentoo.org/glsa/202509-03","reference_id":"GLSA-202509-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202509-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6428","reference_id":"RHSA-2024:6428","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6428"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8906","reference_id":"RHSA-2024:8906","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8906"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:9481","reference_id":"RHSA-2024:9481","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:9481"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1335","reference_id":"RHSA-2025:1335","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1335"},{"reference_url":"https://usn.ubuntu.com/6888-1/","reference_id":"USN-6888-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6888-1/"},{"reference_url":"https://usn.ubuntu.com/6888-2/","reference_id":"USN-6888-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6888-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049561?format=json","purl":"pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1"}],"aliases":["BIT-django-2024-39614","CVE-2024-39614","GHSA-f6f8-9mx6-9mx2","PYSEC-2024-59"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u3zk-tff2-aua9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6307?format=json","vulnerability_id":"VCID-u7m5-tzv2-c7hn","summary":"In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28658.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28658.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28658","reference_id":"","reference_type":"","scores":[{"value":"0.01505","scoring_system":"epss","scoring_elements":"0.81237","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01505","scoring_system":"epss","scoring_elements":"0.81203","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01505","scoring_system":"epss","scoring_elements":"0.81202","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01505","scoring_system":"epss","scoring_elements":"0.81165","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01505","scoring_system":"epss","scoring_elements":"0.81172","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01505","scoring_system":"epss","scoring_elements":"0.81185","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01505","scoring_system":"epss","scoring_elements":"0.81166","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01505","scoring_system":"epss","scoring_elements":"0.8116","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01505","scoring_system":"epss","scoring_elements":"0.81133","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01505","scoring_system":"epss","scoring_elements":"0.81134","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01505","scoring_system":"epss","scoring_elements":"0.81109","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01505","scoring_system":"epss","scoring_elements":"0.81355","published_at":"2026-05-16T12:55:00Z"},{"value":"0.01505","scoring_system":"epss","scoring_elements":"0.81352","published_at":"2026-05-15T12:55:00Z"},{"value":"0.01505","scoring_system":"epss","scoring_elements":"0.81348","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01505","scoring_system":"epss","scoring_elements":"0.81307","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01505","scoring_system":"epss","scoring_elements":"0.8129","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01505","scoring_system":"epss","scoring_elements":"0.81293","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01505","scoring_system":"epss","scoring_elements":"0.81272","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01505","scoring_system":"epss","scoring_elements":"0.81253","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01505","scoring_system":"epss","scoring_elements":"0.81101","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01505","scoring_system":"epss","scoring_elements":"0.81231","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01505","scoring_system":"epss","scoring_elements":"0.81224","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01505","scoring_system":"epss","scoring_elements":"0.81201","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28658"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28658","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28658"},{"reference_url":"https://docs.djangoproject.com/en/3.1/releases/security","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/3.1/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/3.1/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/3.1/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-xgxc-v2qg-chmh","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xgxc-v2qg-chmh"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-6.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-6.yaml"},{"reference_url":"https://groups.google.com/g/django-announce/c/ePr5j-ngdPU","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/django-announce/c/ePr5j-ngdPU"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00008.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00008.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28658","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28658"},{"reference_url":"https://pypi.org/project/Django","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pypi.org/project/Django"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210528-0001","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210528-0001"},{"reference_url":"https://www.djangoproject.com/weblog/2021/apr/06/security-releases","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2021/apr/06/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2021/apr/06/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2021/apr/06/security-releases/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986447","reference_id":"986447","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986447"},{"reference_url":"https://security.archlinux.org/AVG-1776","reference_id":"AVG-1776","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1776"},{"reference_url":"https://security.gentoo.org/glsa/202509-03","reference_id":"GLSA-202509-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202509-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4702","reference_id":"RHSA-2021:4702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4702"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5070","reference_id":"RHSA-2021:5070","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5070"},{"reference_url":"https://usn.ubuntu.com/4902-1/","reference_id":"USN-4902-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4902-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049560?format=json","purl":"pkg:deb/debian/python-django@2:2.2.28-1~deb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2"}],"aliases":["BIT-django-2021-28658","CVE-2021-28658","GHSA-xgxc-v2qg-chmh","PYSEC-2021-6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u7m5-tzv2-c7hn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/23671?format=json","vulnerability_id":"VCID-ukkt-wgau-t3et","summary":"Django is vulnerable to DoS via XML serializer text extraction\nAn issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27.\nAlgorithmic complexity in `django.core.serializers.xml_serializer.getInnerText()` allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML input processed by the XML `Deserializer`.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank Seokchan Yoon for reporting this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64460.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64460.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64460","reference_id":"","reference_type":"","scores":[{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17447","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17602","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17638","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17539","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19807","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20708","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20622","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20713","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20704","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22425","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22288","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.2214","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22147","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22158","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22308","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.2236","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22365","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22349","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22405","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22447","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.2237","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.225","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64460"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/0db9ea4669312f1f4973e09f4bca06ab9c1ec74b","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/0db9ea4669312f1f4973e09f4bca06ab9c1ec74b"},{"reference_url":"https://github.com/django/django/commit/1dbd07a608e495a0c229edaaf84d58d8976313b5","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/1dbd07a608e495a0c229edaaf84d58d8976313b5"},{"reference_url":"https://github.com/django/django/commit/4d2b8803bebcdefd2b76e9e8fc528d5fddea93f0","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/4d2b8803bebcdefd2b76e9e8fc528d5fddea93f0"},{"reference_url":"https://github.com/django/django/commit/99e7d22f55497278d0bcb2e15e72ef532e62a31d","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/99e7d22f55497278d0bcb2e15e72ef532e62a31d"},{"reference_url":"https://groups.google.com/g/django-announce","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:53:53Z/"}],"url":"https://groups.google.com/g/django-announce"},{"reference_url":"https://www.djangoproject.com/weblog/2025/dec/02/security-releases","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2025/dec/02/security-releases"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121788","reference_id":"1121788","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121788"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2418366","reference_id":"2418366","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2418366"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64460","reference_id":"CVE-2025-64460","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64460"},{"reference_url":"https://github.com/advisories/GHSA-vrcr-9hj9-jcg6","reference_id":"GHSA-vrcr-9hj9-jcg6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vrcr-9hj9-jcg6"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0414","reference_id":"RHSA-2026:0414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1249","reference_id":"RHSA-2026:1249","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1249"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1497","reference_id":"RHSA-2026:1497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1506","reference_id":"RHSA-2026:1506","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1506"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1599","reference_id":"RHSA-2026:1599","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1599"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1609","reference_id":"RHSA-2026:1609","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1609"},{"reference_url":"https://www.djangoproject.com/weblog/2025/dec/02/security-releases/","reference_id":"security-releases","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:53:53Z/"}],"url":"https://www.djangoproject.com/weblog/2025/dec/02/security-releases/"},{"reference_url":"https://usn.ubuntu.com/7903-1/","reference_id":"USN-7903-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7903-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049561?format=json","purl":"pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1"}],"aliases":["CVE-2025-64460","GHSA-vrcr-9hj9-jcg6"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ukkt-wgau-t3et"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7735?format=json","vulnerability_id":"VCID-ume2-wt6y-jye7","summary":"The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22818.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22818.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22818","reference_id":"","reference_type":"","scores":[{"value":"0.00601","scoring_system":"epss","scoring_elements":"0.69478","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00601","scoring_system":"epss","scoring_elements":"0.69492","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00601","scoring_system":"epss","scoring_elements":"0.69507","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00601","scoring_system":"epss","scoring_elements":"0.69486","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00601","scoring_system":"epss","scoring_elements":"0.6944","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00601","scoring_system":"epss","scoring_elements":"0.6942","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00601","scoring_system":"epss","scoring_elements":"0.69424","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00601","scoring_system":"epss","scoring_elements":"0.6947","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01009","scoring_system":"epss","scoring_elements":"0.77172","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01009","scoring_system":"epss","scoring_elements":"0.77158","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01009","scoring_system":"epss","scoring_elements":"0.77151","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01009","scoring_system":"epss","scoring_elements":"0.77117","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01009","scoring_system":"epss","scoring_elements":"0.77126","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01009","scoring_system":"epss","scoring_elements":"0.77125","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01009","scoring_system":"epss","scoring_elements":"0.77301","published_at":"2026-05-16T12:55:00Z"},{"value":"0.01009","scoring_system":"epss","scoring_elements":"0.77296","published_at":"2026-05-15T12:55:00Z"},{"value":"0.01009","scoring_system":"epss","scoring_elements":"0.77281","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01009","scoring_system":"epss","scoring_elements":"0.77234","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01009","scoring_system":"epss","scoring_elements":"0.77217","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01009","scoring_system":"epss","scoring_elements":"0.77229","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01009","scoring_system":"epss","scoring_elements":"0.77209","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01009","scoring_system":"epss","scoring_elements":"0.77179","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22818"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22818","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22818"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28346","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28346"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28347","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28347"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34265","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34265"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41323","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41323"},{"reference_url":"https://docs.djangoproject.com/en/4.0/releases/security","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/4.0/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/4.0/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.0/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-95rw-fx8r-36v6","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-95rw-fx8r-36v6"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/01422046065d2b51f8f613409cad2c81b39487e5","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/01422046065d2b51f8f613409cad2c81b39487e5"},{"reference_url":"https://github.com/django/django/commit/1a1e8278c46418bde24c86a65443b0674bae65e2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/1a1e8278c46418bde24c86a65443b0674bae65e2"},{"reference_url":"https://github.com/django/django/commit/c27a7eb9f40b64990398978152e62b6ff839c2e6","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/c27a7eb9f40b64990398978152e62b6ff839c2e6"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-19.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-19.yaml"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220221-0003","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220221-0003"},{"reference_url":"https://www.debian.org/security/2022/dsa-5254","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2022/dsa-5254"},{"reference_url":"https://www.djangoproject.com/weblog/2022/feb/01/security-releases","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2022/feb/01/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2022/feb/01/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2022/feb/01/security-releases/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004752","reference_id":"1004752","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004752"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2048775","reference_id":"2048775","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2048775"},{"reference_url":"https://security.archlinux.org/AVG-2808","reference_id":"AVG-2808","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2808"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-22818","reference_id":"CVE-2022-22818","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-22818"},{"reference_url":"https://security.gentoo.org/glsa/202509-03","reference_id":"GLSA-202509-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202509-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5498","reference_id":"RHSA-2022:5498","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5498"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8506","reference_id":"RHSA-2022:8506","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8506"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8853","reference_id":"RHSA-2022:8853","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8853"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8872","reference_id":"RHSA-2022:8872","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8872"},{"reference_url":"https://usn.ubuntu.com/5269-1/","reference_id":"USN-5269-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5269-1/"},{"reference_url":"https://usn.ubuntu.com/5269-2/","reference_id":"USN-5269-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5269-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049560?format=json","purl":"pkg:deb/debian/python-django@2:2.2.28-1~deb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2"}],"aliases":["BIT-django-2022-22818","CVE-2022-22818","GHSA-95rw-fx8r-36v6","PYSEC-2022-19"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ume2-wt6y-jye7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6137?format=json","vulnerability_id":"VCID-upy5-adtx-n7hg","summary":"An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24583.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24583.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-24583","reference_id":"","reference_type":"","scores":[{"value":"0.03426","scoring_system":"epss","scoring_elements":"0.87433","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03426","scoring_system":"epss","scoring_elements":"0.87594","published_at":"2026-05-16T12:55:00Z"},{"value":"0.03426","scoring_system":"epss","scoring_elements":"0.87595","published_at":"2026-05-15T12:55:00Z"},{"value":"0.03426","scoring_system":"epss","scoring_elements":"0.87587","published_at":"2026-05-14T12:55:00Z"},{"value":"0.03426","scoring_system":"epss","scoring_elements":"0.87554","published_at":"2026-05-12T12:55:00Z"},{"value":"0.03426","scoring_system":"epss","scoring_elements":"0.8754","published_at":"2026-05-11T12:55:00Z"},{"value":"0.03426","scoring_system":"epss","scoring_elements":"0.87545","published_at":"2026-05-09T12:55:00Z"},{"value":"0.03426","scoring_system":"epss","scoring_elements":"0.87527","published_at":"2026-05-07T12:55:00Z"},{"value":"0.03426","scoring_system":"epss","scoring_elements":"0.87513","published_at":"2026-05-05T12:55:00Z"},{"value":"0.03426","scoring_system":"epss","scoring_elements":"0.875","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03426","scoring_system":"epss","scoring_elements":"0.87501","published_at":"2026-04-26T12:55:00Z"},{"value":"0.03426","scoring_system":"epss","scoring_elements":"0.87494","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03426","scoring_system":"epss","scoring_elements":"0.87478","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03426","scoring_system":"epss","scoring_elements":"0.8748","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03426","scoring_system":"epss","scoring_elements":"0.87477","published_at":"2026-04-16T12:55:00Z"},{"value":"0.03426","scoring_system":"epss","scoring_elements":"0.87463","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03426","scoring_system":"epss","scoring_elements":"0.87466","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03426","scoring_system":"epss","scoring_elements":"0.87471","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03426","scoring_system":"epss","scoring_elements":"0.87459","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03426","scoring_system":"epss","scoring_elements":"0.87453","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03426","scoring_system":"epss","scoring_elements":"0.87409","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03426","scoring_system":"epss","scoring_elements":"0.87434","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03426","scoring_system":"epss","scoring_elements":"0.87419","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-24583"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24583","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24583"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-m6gj-h9gm-gw44","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m6gj-h9gm-gw44"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/8d7271578d7b153435b40fe40236ebec43cbf1b9","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/8d7271578d7b153435b40fe40236ebec43cbf1b9"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-33.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-33.yaml"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/Gdqn58RqIDM","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/django-announce/Gdqn58RqIDM"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/zFCMdgUnutU","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/django-announce/zFCMdgUnutU"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2ZHO3GZCJMP3DDTXCNVFV6ED3W64NAU","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2ZHO3GZCJMP3DDTXCNVFV6ED3W64NAU"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2ZHO3GZCJMP3DDTXCNVFV6ED3W64NAU/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2ZHO3GZCJMP3DDTXCNVFV6ED3W64NAU/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLGFFLMF3X6USMJD7V5F5P4K2WVUTO3T","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLGFFLMF3X6USMJD7V5F5P4K2WVUTO3T"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLGFFLMF3X6USMJD7V5F5P4K2WVUTO3T/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLGFFLMF3X6USMJD7V5F5P4K2WVUTO3T/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCRPQCBTV3RZHKVZ6K6QOAANPRZQD3GI","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCRPQCBTV3RZHKVZ6K6QOAANPRZQD3GI"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCRPQCBTV3RZHKVZ6K6QOAANPRZQD3GI/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCRPQCBTV3RZHKVZ6K6QOAANPRZQD3GI/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-24583","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-24583"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200918-0004","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200918-0004"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200918-0004/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20200918-0004/"},{"reference_url":"https://usn.ubuntu.com/4479-1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4479-1"},{"reference_url":"https://usn.ubuntu.com/4479-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4479-1/"},{"reference_url":"https://www.djangoproject.com/weblog/2020/sep/01/security-releases","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2020/sep/01/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2020/sep/01/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2020/sep/01/security-releases/"},{"reference_url":"https://www.openwall.com/lists/oss-security/2020/09/01/2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2020/09/01/2"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2021.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1874485","reference_id":"1874485","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1874485"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969367","reference_id":"969367","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969367"},{"reference_url":"https://security.archlinux.org/ASA-202009-4","reference_id":"ASA-202009-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202009-4"},{"reference_url":"https://security.archlinux.org/AVG-1217","reference_id":"AVG-1217","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1217"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049560?format=json","purl":"pkg:deb/debian/python-django@2:2.2.28-1~deb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2"}],"aliases":["BIT-django-2020-24583","CVE-2020-24583","GHSA-m6gj-h9gm-gw44","PYSEC-2020-33"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-upy5-adtx-n7hg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13427?format=json","vulnerability_id":"VCID-v1xr-z4zu-yfb4","summary":"An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41989.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41989.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-41989","reference_id":"","reference_type":"","scores":[{"value":"0.01386","scoring_system":"epss","scoring_elements":"0.80529","published_at":"2026-05-16T12:55:00Z"},{"value":"0.01386","scoring_system":"epss","scoring_elements":"0.80526","published_at":"2026-05-15T12:55:00Z"},{"value":"0.01386","scoring_system":"epss","scoring_elements":"0.80361","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01386","scoring_system":"epss","scoring_elements":"0.80346","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01386","scoring_system":"epss","scoring_elements":"0.80327","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01386","scoring_system":"epss","scoring_elements":"0.80316","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01386","scoring_system":"epss","scoring_elements":"0.80288","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01386","scoring_system":"epss","scoring_elements":"0.803","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01386","scoring_system":"epss","scoring_elements":"0.80279","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01386","scoring_system":"epss","scoring_elements":"0.80521","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01386","scoring_system":"epss","scoring_elements":"0.8048","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01386","scoring_system":"epss","scoring_elements":"0.80463","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01386","scoring_system":"epss","scoring_elements":"0.80468","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01386","scoring_system":"epss","scoring_elements":"0.80449","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01386","scoring_system":"epss","scoring_elements":"0.80427","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01386","scoring_system":"epss","scoring_elements":"0.80411","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01386","scoring_system":"epss","scoring_elements":"0.80394","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01386","scoring_system":"epss","scoring_elements":"0.80387","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01386","scoring_system":"epss","scoring_elements":"0.80356","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01386","scoring_system":"epss","scoring_elements":"0.80354","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01386","scoring_system":"epss","scoring_elements":"0.80324","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01386","scoring_system":"epss","scoring_elements":"0.80331","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-41989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T19:34:43Z/"}],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/27900fe56f3d3cabb4aeb6ccb82f92bab29073a8","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/27900fe56f3d3cabb4aeb6ccb82f92bab29073a8"},{"reference_url":"https://github.com/django/django/commit/fc76660f589ac07e45e9cd34ccb8087aeb11904b","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/fc76660f589ac07e45e9cd34ccb8087aeb11904b"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-67.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-67.yaml"},{"reference_url":"https://groups.google.com/forum/#%21forum/django-announce","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T19:34:43Z/"}],"url":"https://groups.google.com/forum/#%21forum/django-announce"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41989","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41989"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240905-0007","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240905-0007"},{"reference_url":"https://www.djangoproject.com/weblog/2024/aug/06/security-releases","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2024/aug/06/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2024/aug/06/security-releases/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T19:34:43Z/"}],"url":"https://www.djangoproject.com/weblog/2024/aug/06/security-releases/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074","reference_id":"1078074","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2302433","reference_id":"2302433","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2302433"},{"reference_url":"https://github.com/advisories/GHSA-jh75-99hh-qvx9","reference_id":"GHSA-jh75-99hh-qvx9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jh75-99hh-qvx9"},{"reference_url":"https://security.gentoo.org/glsa/202509-03","reference_id":"GLSA-202509-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202509-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6428","reference_id":"RHSA-2024:6428","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6428"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8534","reference_id":"RHSA-2024:8534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8534"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1335","reference_id":"RHSA-2025:1335","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1335"},{"reference_url":"https://usn.ubuntu.com/6946-1/","reference_id":"USN-6946-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6946-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049561?format=json","purl":"pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1"}],"aliases":["BIT-django-2024-41989","CVE-2024-41989","GHSA-jh75-99hh-qvx9","PYSEC-2024-67"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v1xr-z4zu-yfb4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6329?format=json","vulnerability_id":"VCID-v4ad-xxy8-wfc9","summary":"In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffected because HttpResponse prohibits newlines in HTTP headers.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-32052.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-32052.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32052","reference_id":"","reference_type":"","scores":[{"value":"0.01859","scoring_system":"epss","scoring_elements":"0.83252","published_at":"2026-05-16T12:55:00Z"},{"value":"0.01859","scoring_system":"epss","scoring_elements":"0.83144","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01859","scoring_system":"epss","scoring_elements":"0.83251","published_at":"2026-05-15T12:55:00Z"},{"value":"0.01859","scoring_system":"epss","scoring_elements":"0.83166","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01859","scoring_system":"epss","scoring_elements":"0.83239","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01859","scoring_system":"epss","scoring_elements":"0.83187","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01859","scoring_system":"epss","scoring_elements":"0.83204","published_at":"2026-05-12T12:55:00Z"},{"value":"0.02571","scoring_system":"epss","scoring_elements":"0.85473","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02571","scoring_system":"epss","scoring_elements":"0.85601","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02571","scoring_system":"epss","scoring_elements":"0.8559","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02571","scoring_system":"epss","scoring_elements":"0.85569","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02571","scoring_system":"epss","scoring_elements":"0.85573","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02571","scoring_system":"epss","scoring_elements":"0.85568","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02571","scoring_system":"epss","scoring_elements":"0.85544","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02571","scoring_system":"epss","scoring_elements":"0.85548","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02571","scoring_system":"epss","scoring_elements":"0.8555","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02571","scoring_system":"epss","scoring_elements":"0.85535","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02571","scoring_system":"epss","scoring_elements":"0.85526","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02571","scoring_system":"epss","scoring_elements":"0.85506","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02571","scoring_system":"epss","scoring_elements":"0.85502","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02571","scoring_system":"epss","scoring_elements":"0.85486","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02571","scoring_system":"epss","scoring_elements":"0.85602","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32052"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1944801","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1944801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32052","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32052"},{"reference_url":"https://docs.djangoproject.com/en/3.2/releases/security","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/3.2/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/3.2/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/3.2/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-qm57-vhq3-3fwf","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qm57-vhq3-3fwf"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/e1e81aa1c4427411e3c68facdd761229ffea6f6f","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/e1e81aa1c4427411e3c68facdd761229ffea6f6f"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-8.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-8.yaml"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32052","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32052"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210611-0002","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210611-0002"},{"reference_url":"https://www.djangoproject.com/weblog/2021/may/06/security-releases","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2021/may/06/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2021/may/06/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2021/may/06/security-releases/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/05/06/1","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2021/05/06/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1957455","reference_id":"1957455","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1957455"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988136","reference_id":"988136","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988136"},{"reference_url":"https://security.archlinux.org/AVG-1924","reference_id":"AVG-1924","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1924"},{"reference_url":"https://security.gentoo.org/glsa/202509-03","reference_id":"GLSA-202509-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202509-03"},{"reference_url":"https://usn.ubuntu.com/4975-1/","reference_id":"USN-4975-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4975-1/"},{"reference_url":"https://usn.ubuntu.com/5373-1/","reference_id":"USN-5373-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5373-1/"},{"reference_url":"https://usn.ubuntu.com/5373-2/","reference_id":"USN-5373-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5373-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049560?format=json","purl":"pkg:deb/debian/python-django@2:2.2.28-1~deb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2"}],"aliases":["BIT-django-2021-32052","CVE-2021-32052","GHSA-qm57-vhq3-3fwf","PYSEC-2021-8"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v4ad-xxy8-wfc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6028?format=json","vulnerability_id":"VCID-w2dv-u8h6-sbgs","summary":"Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7471.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7471.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7471","reference_id":"","reference_type":"","scores":[{"value":"0.09442","scoring_system":"epss","scoring_elements":"0.92778","published_at":"2026-04-01T12:55:00Z"},{"value":"0.09442","scoring_system":"epss","scoring_elements":"0.92796","published_at":"2026-04-08T12:55:00Z"},{"value":"0.09442","scoring_system":"epss","scoring_elements":"0.92786","published_at":"2026-04-07T12:55:00Z"},{"value":"0.09442","scoring_system":"epss","scoring_elements":"0.9279","published_at":"2026-04-04T12:55:00Z"},{"value":"0.09442","scoring_system":"epss","scoring_elements":"0.92785","published_at":"2026-04-02T12:55:00Z"},{"value":"0.09442","scoring_system":"epss","scoring_elements":"0.929","published_at":"2026-05-15T12:55:00Z"},{"value":"0.09442","scoring_system":"epss","scoring_elements":"0.92894","published_at":"2026-05-16T12:55:00Z"},{"value":"0.09442","scoring_system":"epss","scoring_elements":"0.92868","published_at":"2026-05-12T12:55:00Z"},{"value":"0.09442","scoring_system":"epss","scoring_elements":"0.92862","published_at":"2026-05-11T12:55:00Z"},{"value":"0.09442","scoring_system":"epss","scoring_elements":"0.92858","published_at":"2026-05-09T12:55:00Z"},{"value":"0.09442","scoring_system":"epss","scoring_elements":"0.92846","published_at":"2026-05-07T12:55:00Z"},{"value":"0.09442","scoring_system":"epss","scoring_elements":"0.92832","published_at":"2026-05-05T12:55:00Z"},{"value":"0.09442","scoring_system":"epss","scoring_elements":"0.92823","published_at":"2026-04-29T12:55:00Z"},{"value":"0.09442","scoring_system":"epss","scoring_elements":"0.92827","published_at":"2026-04-26T12:55:00Z"},{"value":"0.09442","scoring_system":"epss","scoring_elements":"0.92826","published_at":"2026-04-24T12:55:00Z"},{"value":"0.09442","scoring_system":"epss","scoring_elements":"0.92819","published_at":"2026-04-21T12:55:00Z"},{"value":"0.09442","scoring_system":"epss","scoring_elements":"0.92815","published_at":"2026-04-18T12:55:00Z"},{"value":"0.09442","scoring_system":"epss","scoring_elements":"0.92814","published_at":"2026-04-16T12:55:00Z"},{"value":"0.09442","scoring_system":"epss","scoring_elements":"0.92804","published_at":"2026-04-13T12:55:00Z"},{"value":"0.09442","scoring_system":"epss","scoring_elements":"0.92805","published_at":"2026-04-11T12:55:00Z"},{"value":"0.09442","scoring_system":"epss","scoring_elements":"0.928","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7471"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7471","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7471"},{"reference_url":"https://docs.djangoproject.com/en/3.0/releases/security","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/3.0/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/3.0/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/3.0/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-hmr4-m2h5-33qx","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hmr4-m2h5-33qx"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/001b0634cd309e372edb6d7d95d083d02b8e37bd","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/001b0634cd309e372edb6d7d95d083d02b8e37bd"},{"reference_url":"https://github.com/django/django/commit/505826b469b16ab36693360da9e11fd13213421b","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/505826b469b16ab36693360da9e11fd13213421b"},{"reference_url":"https://github.com/django/django/commit/c67a368c16e4680b324b4f385398d638db4d8147","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/c67a368c16e4680b324b4f385398d638db4d8147"},{"reference_url":"https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-35.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-35.yaml"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/X45S86X5bZI","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/django-announce/X45S86X5bZI"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7471","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7471"},{"reference_url":"https://seclists.org/bugtraq/2020/Feb/30","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2020/Feb/30"},{"reference_url":"https://security.gentoo.org/glsa/202004-17","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202004-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200221-0006","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200221-0006"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200221-0006/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20200221-0006/"},{"reference_url":"https://usn.ubuntu.com/4264-1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4264-1"},{"reference_url":"https://usn.ubuntu.com/4264-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4264-1/"},{"reference_url":"https://www.debian.org/security/2020/dsa-4629","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2020/dsa-4629"},{"reference_url":"https://www.djangoproject.com/weblog/2020/feb/03/security-releases","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2020/feb/03/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2020/feb/03/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2020/feb/03/security-releases/"},{"reference_url":"https://www.openwall.com/lists/oss-security/2020/02/03/1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2020/02/03/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/02/03/1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2020/02/03/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1798515","reference_id":"1798515","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1798515"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950581","reference_id":"950581","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950581"},{"reference_url":"https://security.archlinux.org/ASA-202002-1","reference_id":"ASA-202002-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202002-1"},{"reference_url":"https://security.archlinux.org/AVG-1091","reference_id":"AVG-1091","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1091"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049560?format=json","purl":"pkg:deb/debian/python-django@2:2.2.28-1~deb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2"}],"aliases":["BIT-django-2020-7471","CVE-2020-7471","GHSA-hmr4-m2h5-33qx","PYSEC-2020-35"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w2dv-u8h6-sbgs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25634?format=json","vulnerability_id":"VCID-w4pr-k5nj-ckgy","summary":"Django is subject to SQL injection through its column aliases\nAn issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed QuerySet.annotate() or QuerySet.alias().","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-57833.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-57833.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-57833","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05631","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05603","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05593","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05586","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05535","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05549","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05867","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0579","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05784","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05777","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05706","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0574","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05834","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05868","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05828","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05798","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06527","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06549","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.0656","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06504","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06514","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06544","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-57833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/102965ea93072fe3c39a30be437c683ec1106ef5","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/102965ea93072fe3c39a30be437c683ec1106ef5"},{"reference_url":"https://github.com/django/django/commit/31334e6965ad136a5e369993b01721499c5d1a92","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/31334e6965ad136a5e369993b01721499c5d1a92"},{"reference_url":"https://github.com/django/django/commit/4c044fcc866ec226f612c475950b690b0139d243","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/4c044fcc866ec226f612c475950b690b0139d243"},{"reference_url":"https://groups.google.com/g/django-announce","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-08T17:33:03Z/"}],"url":"https://groups.google.com/g/django-announce"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/09/msg00017.html","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/09/msg00017.html"},{"reference_url":"https://medium.com/@EyalSec/django-unauthenticated-0-click-rce-and-sql-injection-using-default-configuration-059964f3f898","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-08T17:33:03Z/"}],"url":"https://medium.com/@EyalSec/django-unauthenticated-0-click-rce-and-sql-injection-using-default-configuration-059964f3f898"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-57833","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-57833"},{"reference_url":"https://www.djangoproject.com/weblog/2025/sep/03/security-releases","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2025/sep/03/security-releases"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/09/03/3","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/09/03/3"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1113865","reference_id":"1113865","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1113865"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2392990","reference_id":"2392990","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2392990"},{"reference_url":"https://github.com/advisories/GHSA-6w2r-r2m5-xq5w","reference_id":"GHSA-6w2r-r2m5-xq5w","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6w2r-r2m5-xq5w"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16403","reference_id":"RHSA-2025:16403","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16403"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16404","reference_id":"RHSA-2025:16404","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16404"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16487","reference_id":"RHSA-2025:16487","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16487"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16514","reference_id":"RHSA-2025:16514","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16514"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17498","reference_id":"RHSA-2025:17498","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17498"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17499","reference_id":"RHSA-2025:17499","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17499"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17500","reference_id":"RHSA-2025:17500","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17500"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17606","reference_id":"RHSA-2025:17606","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17606"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17613","reference_id":"RHSA-2025:17613","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17613"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17614","reference_id":"RHSA-2025:17614","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17614"},{"reference_url":"https://www.djangoproject.com/weblog/2025/sep/03/security-releases/","reference_id":"security-releases","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-08T17:33:03Z/"}],"url":"https://www.djangoproject.com/weblog/2025/sep/03/security-releases/"},{"reference_url":"https://usn.ubuntu.com/7736-1/","reference_id":"USN-7736-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7736-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049561?format=json","purl":"pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1"}],"aliases":["CVE-2025-57833","GHSA-6w2r-r2m5-xq5w"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w4pr-k5nj-ckgy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36442?format=json","vulnerability_id":"VCID-w6k8-js68-87g4","summary":"Multiple vulnerabilities have been found in Python, the worst of\n    which might allow attackers to access sensitive information.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23336.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23336.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23336","reference_id":"","reference_type":"","scores":[{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53446","published_at":"2026-05-16T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53442","published_at":"2026-05-15T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53276","published_at":"2026-04-07T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53375","published_at":"2026-05-09T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53322","published_at":"2026-05-07T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53273","published_at":"2026-05-05T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53385","published_at":"2026-04-18T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53379","published_at":"2026-04-16T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53342","published_at":"2026-04-13T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53358","published_at":"2026-04-12T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53374","published_at":"2026-04-11T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53323","published_at":"2026-04-09T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53329","published_at":"2026-04-08T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53431","published_at":"2026-05-14T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53361","published_at":"2026-05-12T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53336","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00311","scoring_system":"epss","scoring_elements":"0.54358","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00311","scoring_system":"epss","scoring_elements":"0.54271","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00311","scoring_system":"epss","scoring_elements":"0.54311","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00311","scoring_system":"epss","scoring_elements":"0.54336","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00311","scoring_system":"epss","scoring_elements":"0.54301","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00311","scoring_system":"epss","scoring_elements":"0.54251","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00311","scoring_system":"epss","scoring_elements":"0.54321","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23336"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23336","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23336"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1928904","reference_id":"1928904","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1928904"},{"reference_url":"https://github.com/python/cpython/pull/24297","reference_id":"24297","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/"}],"url":"https://github.com/python/cpython/pull/24297"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3EPYWWFDV22CJ5AOH5VCE72DOASZZ255/","reference_id":"3EPYWWFDV22CJ5AOH5VCE72DOASZZ255","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3EPYWWFDV22CJ5AOH5VCE72DOASZZ255/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YKKDLXL3UEZ3J426C2XTBS63AHE46SM/","reference_id":"3YKKDLXL3UEZ3J426C2XTBS63AHE46SM","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YKKDLXL3UEZ3J426C2XTBS63AHE46SM/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/02/19/4","reference_id":"4","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/02/19/4"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/46N6A52EGSXHJYCZWVMBJJIH4NWIV2B5/","reference_id":"46N6A52EGSXHJYCZWVMBJJIH4NWIV2B5","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/46N6A52EGSXHJYCZWVMBJJIH4NWIV2B5/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983090","reference_id":"983090","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983090"},{"reference_url":"https://security.archlinux.org/ASA-202102-28","reference_id":"ASA-202102-28","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202102-28"},{"reference_url":"https://security.archlinux.org/ASA-202102-37","reference_id":"ASA-202102-37","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202102-37"},{"reference_url":"https://security.archlinux.org/AVG-1465","reference_id":"AVG-1465","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1465"},{"reference_url":"https://security.archlinux.org/AVG-1593","reference_id":"AVG-1593","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1593"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23336","reference_id":"CVE-2021-23336","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23336"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/","reference_id":"FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/"},{"reference_url":"https://security.gentoo.org/glsa/202104-04","reference_id":"GLSA-202104-04","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/"}],"url":"https://security.gentoo.org/glsa/202104-04"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HCQTCSP6SCVIYNIRUJC5X7YBVUHPLSC4/","reference_id":"HCQTCSP6SCVIYNIRUJC5X7YBVUHPLSC4","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HCQTCSP6SCVIYNIRUJC5X7YBVUHPLSC4/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HZTM7KLHFCE3LWSEVO2NAFLUHMGYMCRY/","reference_id":"HZTM7KLHFCE3LWSEVO2NAFLUHMGYMCRY","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HZTM7KLHFCE3LWSEVO2NAFLUHMGYMCRY/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IHQDU7NXA7EWAE4W7VO6MURVJIULEPPR/","reference_id":"IHQDU7NXA7EWAE4W7VO6MURVJIULEPPR","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IHQDU7NXA7EWAE4W7VO6MURVJIULEPPR/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJXCMHLY7H3FIYLE4OKDYUILU2CCRUCZ/","reference_id":"KJXCMHLY7H3FIYLE4OKDYUILU2CCRUCZ","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJXCMHLY7H3FIYLE4OKDYUILU2CCRUCZ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LVNH6Z24IG3E67ZCQGGJ46FZB4XFLQNZ/","reference_id":"LVNH6Z24IG3E67ZCQGGJ46FZB4XFLQNZ","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LVNH6Z24IG3E67ZCQGGJ46FZB4XFLQNZ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MNUN5SOMFL2BBKP6ZAICIIUPQKZDMGYO/","reference_id":"MNUN5SOMFL2BBKP6ZAICIIUPQKZDMGYO","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MNUN5SOMFL2BBKP6ZAICIIUPQKZDMGYO/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MP572OLHMS7MZO4KUPSCIMSZIA5IZZ62/","reference_id":"MP572OLHMS7MZO4KUPSCIMSZIA5IZZ62","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MP572OLHMS7MZO4KUPSCIMSZIA5IZZ62/"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html","reference_id":"msg00005.html","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html","reference_id":"msg00022.html","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/02/msg00030.html","reference_id":"msg00030.html","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2021/02/msg00030.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/","reference_id":"N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJSCSN722JO2E2AGPWD4NTGVELVRPB4R/","reference_id":"NJSCSN722JO2E2AGPWD4NTGVELVRPB4R","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJSCSN722JO2E2AGPWD4NTGVELVRPB4R/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NODWHDIFBQE5RU5PUWUVE47JOT5VCMJ2/","reference_id":"NODWHDIFBQE5RU5PUWUVE47JOT5VCMJ2","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NODWHDIFBQE5RU5PUWUVE47JOT5VCMJ2/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210326-0004/","reference_id":"ntap-20210326-0004","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/"}],"url":"https://security.netapp.com/advisory/ntap-20210326-0004/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OAGSWNGZJ6HQ5ISA67SNMK3CJRKICET7/","reference_id":"OAGSWNGZJ6HQ5ISA67SNMK3CJRKICET7","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OAGSWNGZJ6HQ5ISA67SNMK3CJRKICET7/"},{"reference_url":"https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432%40%3Cannounce.apache.org%3E","reference_id":"rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432%40%3Cannounce.apache.org%3E","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/"}],"url":"https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432%40%3Cannounce.apache.org%3E"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1633","reference_id":"RHSA-2021:1633","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1633"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3252","reference_id":"RHSA-2021:3252","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3252"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4151","reference_id":"RHSA-2021:4151","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4151"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4162","reference_id":"RHSA-2021:4162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4162"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RSLQD5CCM75IZGAMBDGUZEATYU5YSGJ7/","reference_id":"RSLQD5CCM75IZGAMBDGUZEATYU5YSGJ7","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RSLQD5CCM75IZGAMBDGUZEATYU5YSGJ7/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGIY6I4YS3WOXAK4SXKIEOC2G4VZKIR7/","reference_id":"SGIY6I4YS3WOXAK4SXKIEOC2G4VZKIR7","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGIY6I4YS3WOXAK4SXKIEOC2G4VZKIR7/"},{"reference_url":"https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933","reference_id":"SNYK-UPSTREAM-PYTHONCPYTHON-1074933","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/"}],"url":"https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFTELUMWZE3KV3JB2H5EE6VFRZFRD5MV/","reference_id":"TFTELUMWZE3KV3JB2H5EE6VFRZFRD5MV","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFTELUMWZE3KV3JB2H5EE6VFRZFRD5MV/"},{"reference_url":"https://usn.ubuntu.com/4742-1/","reference_id":"USN-4742-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4742-1/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W2LSKBEFI5SYEY5FM6ICZVZM5WRQUCS4/","reference_id":"W2LSKBEFI5SYEY5FM6ICZVZM5WRQUCS4","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W2LSKBEFI5SYEY5FM6ICZVZM5WRQUCS4/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049560?format=json","purl":"pkg:deb/debian/python-django@2:2.2.28-1~deb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2"}],"aliases":["CVE-2021-23336"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w6k8-js68-87g4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6041?format=json","vulnerability_id":"VCID-wb34-g6xq-rkfx","summary":"Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was possible to break escaping and inject malicious SQL.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9402.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9402.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9402","reference_id":"","reference_type":"","scores":[{"value":"0.85514","scoring_system":"epss","scoring_elements":"0.99381","published_at":"2026-05-16T12:55:00Z"},{"value":"0.85514","scoring_system":"epss","scoring_elements":"0.9938","published_at":"2026-05-12T12:55:00Z"},{"value":"0.85514","scoring_system":"epss","scoring_elements":"0.99378","published_at":"2026-05-11T12:55:00Z"},{"value":"0.85514","scoring_system":"epss","scoring_elements":"0.99376","published_at":"2026-05-07T12:55:00Z"},{"value":"0.85514","scoring_system":"epss","scoring_elements":"0.99375","published_at":"2026-05-05T12:55:00Z"},{"value":"0.85514","scoring_system":"epss","scoring_elements":"0.99374","published_at":"2026-04-29T12:55:00Z"},{"value":"0.85514","scoring_system":"epss","scoring_elements":"0.99372","published_at":"2026-04-21T12:55:00Z"},{"value":"0.85514","scoring_system":"epss","scoring_elements":"0.99373","published_at":"2026-04-18T12:55:00Z"},{"value":"0.85514","scoring_system":"epss","scoring_elements":"0.99366","published_at":"2026-04-04T12:55:00Z"},{"value":"0.85514","scoring_system":"epss","scoring_elements":"0.99364","published_at":"2026-04-02T12:55:00Z"},{"value":"0.85514","scoring_system":"epss","scoring_elements":"0.99371","published_at":"2026-04-13T12:55:00Z"},{"value":"0.85514","scoring_system":"epss","scoring_elements":"0.9937","published_at":"2026-04-11T12:55:00Z"},{"value":"0.85514","scoring_system":"epss","scoring_elements":"0.99369","published_at":"2026-04-08T12:55:00Z"},{"value":"0.85514","scoring_system":"epss","scoring_elements":"0.99368","published_at":"2026-04-07T12:55:00Z"},{"value":"0.85514","scoring_system":"epss","scoring_elements":"0.99363","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9402"},{"reference_url":"https://docs.djangoproject.com/en/3.0/releases/security","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/3.0/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/3.0/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/3.0/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-3gh2-xw74-jmcw","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3gh2-xw74-jmcw"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/6695d29b1c1ce979725816295a26ecc64ae0e927","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/6695d29b1c1ce979725816295a26ecc64ae0e927"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-36.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-36.yaml"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/fLUh_pOaKrY","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/django-announce/fLUh_pOaKrY"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00035.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00035.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZMN2NKAGTFE3YKMNM2JVJG7R2W7LLHY","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZMN2NKAGTFE3YKMNM2JVJG7R2W7LLHY"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9402","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9402"},{"reference_url":"https://security.gentoo.org/glsa/202004-17","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202004-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200327-0004","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200327-0004"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200327-0004/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20200327-0004/"},{"reference_url":"https://usn.ubuntu.com/4296-1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4296-1"},{"reference_url":"https://usn.ubuntu.com/4296-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4296-1/"},{"reference_url":"https://www.debian.org/security/2020/dsa-4705","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2020/dsa-4705"},{"reference_url":"https://www.djangoproject.com/weblog/2020/mar/04/security-releases","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2020/mar/04/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2020/mar/04/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2020/mar/04/security-releases/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1810088","reference_id":"1810088","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1810088"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953102","reference_id":"953102","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953102"},{"reference_url":"https://security.archlinux.org/ASA-202003-5","reference_id":"ASA-202003-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202003-5"},{"reference_url":"https://security.archlinux.org/AVG-1111","reference_id":"AVG-1111","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1111"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1313","reference_id":"RHSA-2021:1313","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1313"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049560?format=json","purl":"pkg:deb/debian/python-django@2:2.2.28-1~deb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2"}],"aliases":["BIT-django-2020-9402","CVE-2020-9402","GHSA-3gh2-xw74-jmcw","PYSEC-2020-36"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wb34-g6xq-rkfx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6094?format=json","vulnerability_id":"VCID-wkrc-62bd-bbgx","summary":"An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13254.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13254.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13254","reference_id":"","reference_type":"","scores":[{"value":"0.08673","scoring_system":"epss","scoring_elements":"0.92542","published_at":"2026-05-16T12:55:00Z"},{"value":"0.08673","scoring_system":"epss","scoring_elements":"0.92548","published_at":"2026-05-15T12:55:00Z"},{"value":"0.08673","scoring_system":"epss","scoring_elements":"0.92541","published_at":"2026-05-14T12:55:00Z"},{"value":"0.08673","scoring_system":"epss","scoring_elements":"0.92516","published_at":"2026-05-12T12:55:00Z"},{"value":"0.08673","scoring_system":"epss","scoring_elements":"0.9251","published_at":"2026-05-11T12:55:00Z"},{"value":"0.08673","scoring_system":"epss","scoring_elements":"0.92506","published_at":"2026-05-09T12:55:00Z"},{"value":"0.08673","scoring_system":"epss","scoring_elements":"0.92495","published_at":"2026-05-07T12:55:00Z"},{"value":"0.08673","scoring_system":"epss","scoring_elements":"0.92485","published_at":"2026-05-05T12:55:00Z"},{"value":"0.08673","scoring_system":"epss","scoring_elements":"0.92479","published_at":"2026-04-26T12:55:00Z"},{"value":"0.08673","scoring_system":"epss","scoring_elements":"0.92478","published_at":"2026-04-24T12:55:00Z"},{"value":"0.08673","scoring_system":"epss","scoring_elements":"0.92438","published_at":"2026-04-07T12:55:00Z"},{"value":"0.08673","scoring_system":"epss","scoring_elements":"0.92463","published_at":"2026-04-12T12:55:00Z"},{"value":"0.08673","scoring_system":"epss","scoring_elements":"0.92461","published_at":"2026-04-11T12:55:00Z"},{"value":"0.08673","scoring_system":"epss","scoring_elements":"0.92455","published_at":"2026-04-09T12:55:00Z"},{"value":"0.08673","scoring_system":"epss","scoring_elements":"0.9245","published_at":"2026-04-08T12:55:00Z"},{"value":"0.08673","scoring_system":"epss","scoring_elements":"0.92421","published_at":"2026-04-01T12:55:00Z"},{"value":"0.08673","scoring_system":"epss","scoring_elements":"0.92427","published_at":"2026-04-02T12:55:00Z"},{"value":"0.08673","scoring_system":"epss","scoring_elements":"0.92436","published_at":"2026-04-04T12:55:00Z"},{"value":"0.08673","scoring_system":"epss","scoring_elements":"0.92475","published_at":"2026-04-29T12:55:00Z"},{"value":"0.08673","scoring_system":"epss","scoring_elements":"0.92472","published_at":"2026-04-18T12:55:00Z"},{"value":"0.08673","scoring_system":"epss","scoring_elements":"0.92462","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13254"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13254","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13254"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13596","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13596"},{"reference_url":"https://docs.djangoproject.com/en/3.0/releases/security","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/3.0/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/3.0/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/3.0/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-wpjr-j57x-wxfw","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wpjr-j57x-wxfw"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/07e59caa02831c4569bbebb9eb773bdd9cb4b206","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/07e59caa02831c4569bbebb9eb773bdd9cb4b206"},{"reference_url":"https://github.com/django/django/commit/84b2da5552e100ae3294f564f6c862fef8d0e693","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/84b2da5552e100ae3294f564f6c862fef8d0e693"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-31.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-31.yaml"},{"reference_url":"https://groups.google.com/d/msg/django-announce/pPEmb2ot4Fo/X-SMalYSBAAJ","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/d/msg/django-announce/pPEmb2ot4Fo/X-SMalYSBAAJ"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/06/msg00016.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/06/msg00016.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13254","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13254"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200611-0002","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200611-0002"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200611-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20200611-0002/"},{"reference_url":"https://usn.ubuntu.com/4381-1","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4381-1"},{"reference_url":"https://usn.ubuntu.com/4381-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4381-1/"},{"reference_url":"https://usn.ubuntu.com/4381-2","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4381-2"},{"reference_url":"https://usn.ubuntu.com/4381-2/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4381-2/"},{"reference_url":"https://www.debian.org/security/2020/dsa-4705","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2020/dsa-4705"},{"reference_url":"https://www.djangoproject.com/weblog/2020/jun/03/security-releases","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2020/jun/03/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2020/jun/03/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2020/jun/03/security-releases/"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2021.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1843614","reference_id":"1843614","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1843614"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962323","reference_id":"962323","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962323"},{"reference_url":"https://security.archlinux.org/ASA-202006-8","reference_id":"ASA-202006-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202006-8"},{"reference_url":"https://security.archlinux.org/AVG-1176","reference_id":"AVG-1176","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1176"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0915","reference_id":"RHSA-2021:0915","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0915"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0933","reference_id":"RHSA-2021:0933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0933"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049560?format=json","purl":"pkg:deb/debian/python-django@2:2.2.28-1~deb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2"}],"aliases":["BIT-django-2020-13254","CVE-2020-13254","GHSA-wpjr-j57x-wxfw","PYSEC-2020-31"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wkrc-62bd-bbgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14665?format=json","vulnerability_id":"VCID-wwa5-mhgu-9khz","summary":"Django denial-of-service in django.utils.html.strip_tags()\nAn issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53907.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53907.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-53907","reference_id":"","reference_type":"","scores":[{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.77628","published_at":"2026-05-16T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.77622","published_at":"2026-05-15T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.77608","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.7756","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.77483","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.77371","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.7739","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.77541","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.77553","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.7753","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.77503","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.77496","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.77364","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.77477","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.77442","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.7745","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.77452","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.77412","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.77416","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.77436","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.7741","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.774","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-53907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-156.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-156.yaml"},{"reference_url":"https://groups.google.com/g/django-announce","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T16:22:53Z/"}],"url":"https://groups.google.com/g/django-announce"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/12/msg00028.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2024/12/msg00028.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53907","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53907"},{"reference_url":"https://www.djangoproject.com/weblog/2024/dec/04/security-releases","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2024/dec/04/security-releases"},{"reference_url":"https://www.openwall.com/lists/oss-security/2024/12/04/3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T16:22:53Z/"}],"url":"https://www.openwall.com/lists/oss-security/2024/12/04/3"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2329288","reference_id":"2329288","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2329288"},{"reference_url":"https://github.com/advisories/GHSA-8498-2h75-472j","reference_id":"GHSA-8498-2h75-472j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8498-2h75-472j"},{"reference_url":"https://security.gentoo.org/glsa/202509-03","reference_id":"GLSA-202509-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202509-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11144","reference_id":"RHSA-2024:11144","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11144"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11146","reference_id":"RHSA-2024:11146","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11146"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0340","reference_id":"RHSA-2025:0340","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0340"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0777","reference_id":"RHSA-2025:0777","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0777"},{"reference_url":"https://usn.ubuntu.com/7136-1/","reference_id":"USN-7136-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7136-1/"},{"reference_url":"https://usn.ubuntu.com/7136-2/","reference_id":"USN-7136-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7136-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049561?format=json","purl":"pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1"}],"aliases":["CVE-2024-53907","GHSA-8498-2h75-472j"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wwa5-mhgu-9khz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10557?format=json","vulnerability_id":"VCID-wz1q-1tjp-4qhw","summary":"In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36053.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36053.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-36053","reference_id":"","reference_type":"","scores":[{"value":"0.09595","scoring_system":"epss","scoring_elements":"0.92891","published_at":"2026-04-21T12:55:00Z"},{"value":"0.09595","scoring_system":"epss","scoring_elements":"0.92886","published_at":"2026-04-18T12:55:00Z"},{"value":"0.09595","scoring_system":"epss","scoring_elements":"0.92884","published_at":"2026-04-16T12:55:00Z"},{"value":"0.09595","scoring_system":"epss","scoring_elements":"0.92875","published_at":"2026-04-13T12:55:00Z"},{"value":"0.09595","scoring_system":"epss","scoring_elements":"0.92936","published_at":"2026-05-12T12:55:00Z"},{"value":"0.09595","scoring_system":"epss","scoring_elements":"0.92928","published_at":"2026-05-11T12:55:00Z"},{"value":"0.09595","scoring_system":"epss","scoring_elements":"0.9287","published_at":"2026-04-09T12:55:00Z"},{"value":"0.09595","scoring_system":"epss","scoring_elements":"0.92856","published_at":"2026-04-02T12:55:00Z"},{"value":"0.09595","scoring_system":"epss","scoring_elements":"0.92965","published_at":"2026-05-15T12:55:00Z"},{"value":"0.09595","scoring_system":"epss","scoring_elements":"0.92857","published_at":"2026-04-07T12:55:00Z"},{"value":"0.09595","scoring_system":"epss","scoring_elements":"0.92866","published_at":"2026-04-08T12:55:00Z"},{"value":"0.09595","scoring_system":"epss","scoring_elements":"0.92959","published_at":"2026-05-16T12:55:00Z"},{"value":"0.09595","scoring_system":"epss","scoring_elements":"0.92859","published_at":"2026-04-04T12:55:00Z"},{"value":"0.09595","scoring_system":"epss","scoring_elements":"0.92925","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0983","scoring_system":"epss","scoring_elements":"0.93","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0983","scoring_system":"epss","scoring_elements":"0.93018","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0983","scoring_system":"epss","scoring_elements":"0.93002","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0983","scoring_system":"epss","scoring_elements":"0.92996","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0983","scoring_system":"epss","scoring_elements":"0.93001","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-36053"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36053","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36053"},{"reference_url":"https://docs.djangoproject.com/en/4.2/releases/security","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/4.2/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/4.2/releases/security/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:03:28Z/"}],"url":"https://docs.djangoproject.com/en/4.2/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/454f2fb93437f98917283336201b4048293f7582","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/454f2fb93437f98917283336201b4048293f7582"},{"reference_url":"https://github.com/django/django/commit/ad0410ec4f458aa39803e5f6b9a3736527062dcd","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/ad0410ec4f458aa39803e5f6b9a3736527062dcd"},{"reference_url":"https://github.com/django/django/commit/b7c5feb35a31799de6e582ad6a5a91a9de74e0f9","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/b7c5feb35a31799de6e582ad6a5a91a9de74e0f9"},{"reference_url":"https://github.com/django/django/commit/beb3f3d55940d9aa7198bf9d424ab74e873aec3d","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/beb3f3d55940d9aa7198bf9d424ab74e873aec3d"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-100.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-100.yaml"},{"reference_url":"https://groups.google.com/forum/#%21forum/django-announce","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:03:28Z/"}],"url":"https://groups.google.com/forum/#%21forum/django-announce"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00022.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:03:28Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00022.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D"},{"reference_url":"https://www.debian.org/security/2023/dsa-5465","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:03:28Z/"}],"url":"https://www.debian.org/security/2023/dsa-5465"},{"reference_url":"https://www.djangoproject.com/weblog/2023/jul/03/security-releases","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2023/jul/03/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2023/jul/03/security-releases/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:03:28Z/"}],"url":"https://www.djangoproject.com/weblog/2023/jul/03/security-releases/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040225","reference_id":"1040225","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040225"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2218004","reference_id":"2218004","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2218004"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-36053","reference_id":"CVE-2023-36053","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-36053"},{"reference_url":"https://github.com/advisories/GHSA-jh3w-4vvf-mjgr","reference_id":"GHSA-jh3w-4vvf-mjgr","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jh3w-4vvf-mjgr"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A/","reference_id":"NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:03:28Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4692","reference_id":"RHSA-2023:4692","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4692"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4693","reference_id":"RHSA-2023:4693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4693"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5931","reference_id":"RHSA-2023:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6818","reference_id":"RHSA-2023:6818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6818"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0212","reference_id":"RHSA-2024:0212","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0212"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1878","reference_id":"RHSA-2024:1878","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1878"},{"reference_url":"https://usn.ubuntu.com/6203-1/","reference_id":"USN-6203-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6203-1/"},{"reference_url":"https://usn.ubuntu.com/6203-2/","reference_id":"USN-6203-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6203-2/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS/","reference_id":"XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:03:28Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/","reference_id":"ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:03:28Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049560?format=json","purl":"pkg:deb/debian/python-django@2:2.2.28-1~deb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2"}],"aliases":["BIT-django-2023-36053","CVE-2023-36053","GHSA-jh3w-4vvf-mjgr","PYSEC-2023-100"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wz1q-1tjp-4qhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14834?format=json","vulnerability_id":"VCID-xgv1-s2ek-q3dp","summary":"An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap() method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26699.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26699.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-26699","reference_id":"","reference_type":"","scores":[{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52216","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52212","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52205","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52125","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.521","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.5214","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52098","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52047","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52102","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52138","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52132","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52185","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52203","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52199","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01596","scoring_system":"epss","scoring_elements":"0.81624","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01596","scoring_system":"epss","scoring_elements":"0.81646","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01596","scoring_system":"epss","scoring_elements":"0.81643","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01596","scoring_system":"epss","scoring_elements":"0.8167","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01596","scoring_system":"epss","scoring_elements":"0.81675","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01596","scoring_system":"epss","scoring_elements":"0.81695","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01596","scoring_system":"epss","scoring_elements":"0.81682","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01596","scoring_system":"epss","scoring_elements":"0.81676","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-26699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T20:30:28Z/"}],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-13.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-13.yaml"},{"reference_url":"https://groups.google.com/g/django-announce","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T20:30:28Z/"}],"url":"https://groups.google.com/g/django-announce"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00012.html","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00012.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-26699","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-26699"},{"reference_url":"https://www.djangoproject.com/weblog/2025/mar/06/security-releases","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2025/mar/06/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2025/mar/06/security-releases/","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T20:30:28Z/"}],"url":"https://www.djangoproject.com/weblog/2025/mar/06/security-releases/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/03/06/12","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/03/06/12"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099682","reference_id":"1099682","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099682"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2348993","reference_id":"2348993","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2348993"},{"reference_url":"https://github.com/advisories/GHSA-p3fp-8748-vqfq","reference_id":"GHSA-p3fp-8748-vqfq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p3fp-8748-vqfq"},{"reference_url":"https://security.gentoo.org/glsa/202509-03","reference_id":"GLSA-202509-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202509-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3160","reference_id":"RHSA-2025:3160","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3160"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3162","reference_id":"RHSA-2025:3162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3162"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3709","reference_id":"RHSA-2025:3709","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3709"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4553","reference_id":"RHSA-2025:4553","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4553"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8609","reference_id":"RHSA-2025:8609","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8609"},{"reference_url":"https://usn.ubuntu.com/7335-1/","reference_id":"USN-7335-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7335-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049561?format=json","purl":"pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1"}],"aliases":["BIT-django-2025-26699","CVE-2025-26699","GHSA-p3fp-8748-vqfq","PYSEC-2025-13"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xgv1-s2ek-q3dp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9963?format=json","vulnerability_id":"VCID-ypub-ukuh-p3aw","summary":"An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-24580.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-24580.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-24580","reference_id":"","reference_type":"","scores":[{"value":"0.22718","scoring_system":"epss","scoring_elements":"0.95913","published_at":"2026-05-12T12:55:00Z"},{"value":"0.22718","scoring_system":"epss","scoring_elements":"0.95908","published_at":"2026-05-11T12:55:00Z"},{"value":"0.22718","scoring_system":"epss","scoring_elements":"0.959","published_at":"2026-05-07T12:55:00Z"},{"value":"0.22718","scoring_system":"epss","scoring_elements":"0.95898","published_at":"2026-05-05T12:55:00Z"},{"value":"0.22718","scoring_system":"epss","scoring_elements":"0.95886","published_at":"2026-04-29T12:55:00Z"},{"value":"0.22718","scoring_system":"epss","scoring_elements":"0.95905","published_at":"2026-05-09T12:55:00Z"},{"value":"0.22718","scoring_system":"epss","scoring_elements":"0.95929","published_at":"2026-05-16T12:55:00Z"},{"value":"0.22718","scoring_system":"epss","scoring_elements":"0.95926","published_at":"2026-05-14T12:55:00Z"},{"value":"0.22718","scoring_system":"epss","scoring_elements":"0.95927","published_at":"2026-05-15T12:55:00Z"},{"value":"0.25408","scoring_system":"epss","scoring_elements":"0.96226","published_at":"2026-04-21T12:55:00Z"},{"value":"0.25408","scoring_system":"epss","scoring_elements":"0.96213","published_at":"2026-04-13T12:55:00Z"},{"value":"0.25408","scoring_system":"epss","scoring_elements":"0.96222","published_at":"2026-04-16T12:55:00Z"},{"value":"0.25408","scoring_system":"epss","scoring_elements":"0.96184","published_at":"2026-04-02T12:55:00Z"},{"value":"0.25408","scoring_system":"epss","scoring_elements":"0.96191","published_at":"2026-04-04T12:55:00Z"},{"value":"0.25408","scoring_system":"epss","scoring_elements":"0.96195","published_at":"2026-04-07T12:55:00Z"},{"value":"0.25408","scoring_system":"epss","scoring_elements":"0.96205","published_at":"2026-04-08T12:55:00Z"},{"value":"0.25408","scoring_system":"epss","scoring_elements":"0.96208","published_at":"2026-04-09T12:55:00Z"},{"value":"0.25408","scoring_system":"epss","scoring_elements":"0.96212","published_at":"2026-04-11T12:55:00Z"},{"value":"0.25408","scoring_system":"epss","scoring_elements":"0.96211","published_at":"2026-04-12T12:55:00Z"},{"value":"0.25408","scoring_system":"epss","scoring_elements":"0.96228","published_at":"2026-04-26T12:55:00Z"},{"value":"0.25408","scoring_system":"epss","scoring_elements":"0.96227","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-24580"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24580","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24580"},{"reference_url":"https://docs.djangoproject.com/en/4.1/releases/security","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/4.1/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/4.1/releases/security/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T19:24:08Z/"}],"url":"https://docs.djangoproject.com/en/4.1/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/628b33a854a9c68ec8a0c51f382f304a0044ec92","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/628b33a854a9c68ec8a0c51f382f304a0044ec92"},{"reference_url":"https://github.com/django/django/commit/83f1ea83e4553e211c1c5a0dfc197b66d4e50432","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/83f1ea83e4553e211c1c5a0dfc197b66d4e50432"},{"reference_url":"https://github.com/django/django/commit/a665ed5179f5bbd3db95ce67286d0192eff041d8","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/a665ed5179f5bbd3db95ce67286d0192eff041d8"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-13.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-13.yaml"},{"reference_url":"https://groups.google.com/forum/#%21forum/django-announce","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T19:24:08Z/"}],"url":"https://groups.google.com/forum/#%21forum/django-announce"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00023.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T19:24:08Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00023.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230316-0006","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20230316-0006"},{"reference_url":"https://www.djangoproject.com/weblog/2023/feb/14/security-releases","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2023/feb/14/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2023/feb/14/security-releases/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T19:24:08Z/"}],"url":"https://www.djangoproject.com/weblog/2023/feb/14/security-releases/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/02/14/1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T19:24:08Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/02/14/1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031290","reference_id":"1031290","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031290"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2169402","reference_id":"2169402","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2169402"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-24580","reference_id":"CVE-2023-24580","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-24580"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B/","reference_id":"FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T19:24:08Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B/"},{"reference_url":"https://github.com/advisories/GHSA-2hrw-hx67-34x6","reference_id":"GHSA-2hrw-hx67-34x6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2hrw-hx67-34x6"},{"reference_url":"https://security.gentoo.org/glsa/202509-03","reference_id":"GLSA-202509-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202509-03"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/","reference_id":"HWY6DQWRVBALV73BPUVBXC3QIYUM24IK","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T19:24:08Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/","reference_id":"LTZVAKU5ALQWOKFTPISE257VCVIYGFQI","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T19:24:08Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230316-0006/","reference_id":"ntap-20230316-0006","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T19:24:08Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230316-0006/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2097","reference_id":"RHSA-2023:2097","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2097"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2101","reference_id":"RHSA-2023:2101","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2101"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4692","reference_id":"RHSA-2023:4692","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4692"},{"reference_url":"https://usn.ubuntu.com/5868-1/","reference_id":"USN-5868-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5868-1/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77/","reference_id":"VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T19:24:08Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP/","reference_id":"YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T19:24:08Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049560?format=json","purl":"pkg:deb/debian/python-django@2:2.2.28-1~deb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2"}],"aliases":["BIT-django-2023-24580","CVE-2023-24580","GHSA-2hrw-hx67-34x6","PYSEC-2023-13"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ypub-ukuh-p3aw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20914?format=json","vulnerability_id":"VCID-ysyp-h7ja-yff3","summary":"Django has an SQL Injection issue\nAn issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.\n\nRaster lookups on ``RasterField`` (only implemented on PostGIS) allows remote attackers to inject SQL via the band index parameter. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\n\nDjango would like to thank Tarek Nakkouch for reporting this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1207.json","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1207.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1207","reference_id":"","reference_type":"","scores":[{"value":"0.03841","scoring_system":"epss","scoring_elements":"0.88188","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03841","scoring_system":"epss","scoring_elements":"0.88178","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03841","scoring_system":"epss","scoring_elements":"0.88172","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03841","scoring_system":"epss","scoring_elements":"0.88153","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03841","scoring_system":"epss","scoring_elements":"0.88146","published_at":"2026-04-04T12:55:00Z"},{"value":"0.04424","scoring_system":"epss","scoring_elements":"0.89035","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04424","scoring_system":"epss","scoring_elements":"0.89037","published_at":"2026-04-12T12:55:00Z"},{"value":"0.04424","scoring_system":"epss","scoring_elements":"0.8907","published_at":"2026-04-29T12:55:00Z"},{"value":"0.04424","scoring_system":"epss","scoring_elements":"0.89068","published_at":"2026-04-26T12:55:00Z"},{"value":"0.04424","scoring_system":"epss","scoring_elements":"0.89061","published_at":"2026-04-24T12:55:00Z"},{"value":"0.04424","scoring_system":"epss","scoring_elements":"0.89043","published_at":"2026-04-21T12:55:00Z"},{"value":"0.04424","scoring_system":"epss","scoring_elements":"0.89048","published_at":"2026-04-18T12:55:00Z"},{"value":"0.05126","scoring_system":"epss","scoring_elements":"0.8982","published_at":"2026-04-02T12:55:00Z"},{"value":"0.05295","scoring_system":"epss","scoring_elements":"0.90118","published_at":"2026-05-16T12:55:00Z"},{"value":"0.05295","scoring_system":"epss","scoring_elements":"0.90061","published_at":"2026-05-05T12:55:00Z"},{"value":"0.05295","scoring_system":"epss","scoring_elements":"0.90076","published_at":"2026-05-07T12:55:00Z"},{"value":"0.05295","scoring_system":"epss","scoring_elements":"0.90088","published_at":"2026-05-09T12:55:00Z"},{"value":"0.05295","scoring_system":"epss","scoring_elements":"0.90084","published_at":"2026-05-11T12:55:00Z"},{"value":"0.05295","scoring_system":"epss","scoring_elements":"0.90093","published_at":"2026-05-12T12:55:00Z"},{"value":"0.05295","scoring_system":"epss","scoring_elements":"0.90107","published_at":"2026-05-14T12:55:00Z"},{"value":"0.05295","scoring_system":"epss","scoring_elements":"0.90115","published_at":"2026-05-15T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1207"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1207","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1207"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/81aa5292967cd09319c45fe2c1a525ce7b6684d8","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/81aa5292967cd09319c45fe2c1a525ce7b6684d8"},{"reference_url":"https://groups.google.com/g/django-announce","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"8.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:21:06Z/"}],"url":"https://groups.google.com/g/django-announce"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1207","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1207"},{"reference_url":"https://www.djangoproject.com/weblog/2026/feb/03/security-releases","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2026/feb/03/security-releases"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914","reference_id":"1126914","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436338","reference_id":"2436338","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436338"},{"reference_url":"https://github.com/advisories/GHSA-mwm9-4648-f68q","reference_id":"GHSA-mwm9-4648-f68q","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mwm9-4648-f68q"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14835","reference_id":"RHSA-2026:14835","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14835"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2694","reference_id":"RHSA-2026:2694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3958","reference_id":"RHSA-2026:3958","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3958"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3959","reference_id":"RHSA-2026:3959","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3959"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3960","reference_id":"RHSA-2026:3960","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3960"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3962","reference_id":"RHSA-2026:3962","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3962"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6291","reference_id":"RHSA-2026:6291","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6291"},{"reference_url":"https://www.djangoproject.com/weblog/2026/feb/03/security-releases/","reference_id":"security-releases","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:21:06Z/"}],"url":"https://www.djangoproject.com/weblog/2026/feb/03/security-releases/"},{"reference_url":"https://usn.ubuntu.com/8009-1/","reference_id":"USN-8009-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8009-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049561?format=json","purl":"pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1"}],"aliases":["CVE-2026-1207","GHSA-mwm9-4648-f68q"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ysyp-h7ja-yff3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13205?format=json","vulnerability_id":"VCID-z27q-zfpz-ckby","summary":"An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations from the parent class, potentially allow directory traversal via certain inputs during a save() call. (Built-in Storage sub-classes are unaffected.)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39330.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39330.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39330","reference_id":"","reference_type":"","scores":[{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40145","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.4012","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40108","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40041","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40017","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40113","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40096","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40028","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40168","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40248","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40261","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.4037","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40448","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40486","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40465","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40402","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.4048","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40454","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40445","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40476","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40429","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-10T13:59:56Z/"}],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/2b00edc0151a660d1eb86da4059904a0fc4e095e","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/2b00edc0151a660d1eb86da4059904a0fc4e095e"},{"reference_url":"https://github.com/django/django/commit/9f4f63e9ebb7bf6cb9547ee4e2526b9b96703270","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/9f4f63e9ebb7bf6cb9547ee4e2526b9b96703270"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-58.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-58.yaml"},{"reference_url":"https://groups.google.com/forum/#%21forum/django-announce","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-10T13:59:56Z/"}],"url":"https://groups.google.com/forum/#%21forum/django-announce"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39330","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39330"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240808-0005","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240808-0005"},{"reference_url":"https://www.djangoproject.com/weblog/2024/jul/09/security-releases","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2024/jul/09/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2024/jul/09/security-releases/","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-10T13:59:56Z/"}],"url":"https://www.djangoproject.com/weblog/2024/jul/09/security-releases/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076069","reference_id":"1076069","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076069"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2295937","reference_id":"2295937","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2295937"},{"reference_url":"https://github.com/advisories/GHSA-9jmf-237g-qf46","reference_id":"GHSA-9jmf-237g-qf46","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9jmf-237g-qf46"},{"reference_url":"https://security.gentoo.org/glsa/202509-03","reference_id":"GLSA-202509-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202509-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6428","reference_id":"RHSA-2024:6428","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6428"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8906","reference_id":"RHSA-2024:8906","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8906"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:9481","reference_id":"RHSA-2024:9481","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:9481"},{"reference_url":"https://usn.ubuntu.com/6888-1/","reference_id":"USN-6888-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6888-1/"},{"reference_url":"https://usn.ubuntu.com/6888-2/","reference_id":"USN-6888-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6888-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049561?format=json","purl":"pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1"}],"aliases":["BIT-django-2024-39330","CVE-2024-39330","GHSA-9jmf-237g-qf46","PYSEC-2024-58"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z27q-zfpz-ckby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7526?format=json","vulnerability_id":"VCID-z8z1-cjee-kfeg","summary":"An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where access to user registration was unrestricted, this provided a potential vector for a denial-of-service attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45115.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45115.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-45115","reference_id":"","reference_type":"","scores":[{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62629","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62614","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62604","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62551","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62525","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62572","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62495","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62475","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62459","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62411","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62444","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62413","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62355","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62516","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62468","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62519","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62522","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62512","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62506","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62461","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62483","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62494","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-45115"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45115","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45115"},{"reference_url":"https://docs.djangoproject.com/en/4.0/releases/security","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/4.0/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/4.0/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.0/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-53qw-q765-4fww","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-53qw-q765-4fww"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/2135637fdd5ce994de110affef9e67dffdf77277","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/2135637fdd5ce994de110affef9e67dffdf77277"},{"reference_url":"https://github.com/django/django/commit/a8b32fe13bcaed1c0b772fdc53de84abc224fb20","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/a8b32fe13bcaed1c0b772fdc53de84abc224fb20"},{"reference_url":"https://github.com/django/django/commit/df79ef03ac867c93caaa6be56bc69e66abfeef8f","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/df79ef03ac867c93caaa6be56bc69e66abfeef8f"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-1.yaml"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220121-0005","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220121-0005"},{"reference_url":"https://www.djangoproject.com/weblog/2022/jan/04/security-releases","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2022/jan/04/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2022/jan/04/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2022/jan/04/security-releases/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003113","reference_id":"1003113","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003113"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2037024","reference_id":"2037024","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2037024"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-45115","reference_id":"CVE-2021-45115","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-45115"},{"reference_url":"https://security.gentoo.org/glsa/202509-03","reference_id":"GLSA-202509-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202509-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5498","reference_id":"RHSA-2022:5498","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5498"},{"reference_url":"https://usn.ubuntu.com/5204-1/","reference_id":"USN-5204-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5204-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049560?format=json","purl":"pkg:deb/debian/python-django@2:2.2.28-1~deb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2"}],"aliases":["BIT-django-2021-45115","CVE-2021-45115","GHSA-53qw-q765-4fww","PYSEC-2022-1"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z8z1-cjee-kfeg"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5767?format=json","vulnerability_id":"VCID-1fs3-2msx-9kev","summary":"django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0265","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:0265"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14574.json","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14574.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14574","reference_id":"","reference_type":"","scores":[{"value":"0.07477","scoring_system":"epss","scoring_elements":"0.91782","published_at":"2026-04-09T12:55:00Z"},{"value":"0.07477","scoring_system":"epss","scoring_elements":"0.91855","published_at":"2026-05-16T12:55:00Z"},{"value":"0.07477","scoring_system":"epss","scoring_elements":"0.91741","published_at":"2026-04-01T12:55:00Z"},{"value":"0.07477","scoring_system":"epss","scoring_elements":"0.9175","published_at":"2026-04-02T12:55:00Z"},{"value":"0.07477","scoring_system":"epss","scoring_elements":"0.91755","published_at":"2026-04-04T12:55:00Z"},{"value":"0.07477","scoring_system":"epss","scoring_elements":"0.91763","published_at":"2026-04-07T12:55:00Z"},{"value":"0.07477","scoring_system":"epss","scoring_elements":"0.91796","published_at":"2026-04-18T12:55:00Z"},{"value":"0.07477","scoring_system":"epss","scoring_elements":"0.91803","published_at":"2026-04-16T12:55:00Z"},{"value":"0.07477","scoring_system":"epss","scoring_elements":"0.91783","published_at":"2026-04-13T12:55:00Z"},{"value":"0.07477","scoring_system":"epss","scoring_elements":"0.91788","published_at":"2026-04-12T12:55:00Z"},{"value":"0.07477","scoring_system":"epss","scoring_elements":"0.91785","published_at":"2026-04-11T12:55:00Z"},{"value":"0.07477","scoring_system":"epss","scoring_elements":"0.91775","published_at":"2026-04-08T12:55:00Z"},{"value":"0.08578","scoring_system":"epss","scoring_elements":"0.92428","published_at":"2026-04-26T12:55:00Z"},{"value":"0.08578","scoring_system":"epss","scoring_elements":"0.92425","published_at":"2026-04-21T12:55:00Z"},{"value":"0.08578","scoring_system":"epss","scoring_elements":"0.92433","published_at":"2026-05-05T12:55:00Z"},{"value":"0.08578","scoring_system":"epss","scoring_elements":"0.92423","published_at":"2026-04-29T12:55:00Z"},{"value":"0.08578","scoring_system":"epss","scoring_elements":"0.92463","published_at":"2026-05-12T12:55:00Z"},{"value":"0.08578","scoring_system":"epss","scoring_elements":"0.92457","published_at":"2026-05-11T12:55:00Z"},{"value":"0.08578","scoring_system":"epss","scoring_elements":"0.92453","published_at":"2026-05-09T12:55:00Z"},{"value":"0.08578","scoring_system":"epss","scoring_elements":"0.92443","published_at":"2026-05-07T12:55:00Z"},{"value":"0.08578","scoring_system":"epss","scoring_elements":"0.92484","published_at":"2026-05-14T12:55:00Z"},{"value":"0.08578","scoring_system":"epss","scoring_elements":"0.92491","published_at":"2026-05-15T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14574"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14574","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14574"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-5hg3-6c2f-f3wr","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5hg3-6c2f-f3wr"},{"reference_url":"https://github.com/django/django/commit/6fffc3c6d420e44f4029d5643f38d00a39b08525","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/6fffc3c6d420e44f4029d5643f38d00a39b08525"},{"reference_url":"https://github.com/django/django/commit/c4e5ff7fdb5fce447675e90291fd33fddd052b3c","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/c4e5ff7fdb5fce447675e90291fd33fddd052b3c"},{"reference_url":"https://github.com/django/django/commit/d6eaee092709aad477a9894598496c6deec532ff","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/d6eaee092709aad477a9894598496c6deec532ff"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-2.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-2.yaml"},{"reference_url":"https://usn.ubuntu.com/3726-1","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3726-1"},{"reference_url":"https://usn.ubuntu.com/3726-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3726-1/"},{"reference_url":"https://web.archive.org/web/20190901075632/http://www.securitytracker.com/id/1041403","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20190901075632/http://www.securitytracker.com/id/1041403"},{"reference_url":"https://web.archive.org/web/20200227115315/http://www.securityfocus.com/bid/104970","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227115315/http://www.securityfocus.com/bid/104970"},{"reference_url":"https://www.debian.org/security/2018/dsa-4264","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4264"},{"reference_url":"https://www.djangoproject.com/weblog/2018/aug/01/security-releases","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2018/aug/01/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2018/aug/01/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2018/aug/01/security-releases/"},{"reference_url":"http://www.securityfocus.com/bid/104970","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/104970"},{"reference_url":"http://www.securitytracker.com/id/1041403","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1041403"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1609031","reference_id":"1609031","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1609031"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905216","reference_id":"905216","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905216"},{"reference_url":"https://security.archlinux.org/ASA-201808-1","reference_id":"ASA-201808-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201808-1"},{"reference_url":"https://security.archlinux.org/AVG-743","reference_id":"AVG-743","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-743"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14574","reference_id":"CVE-2018-14574","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14574"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036926?format=json","purl":"pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fs3-2msx-9kev"},{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-27wt-wmzc-1bc2"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-438j-ce4y-zkan"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-56na-n4w5-8fak"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jae8-w85w-cyfu"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mv1p-yxvp-pbh6"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qjez-qe32-e3b6"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-vwt9-q3dt-vbfg"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-x664-bfna-6qdv"},{"vulnerability":"VCID-xaqg-mhqa-7keg"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1037783?format=json","purl":"pkg:deb/debian/python-django@1:1.11.29-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1"}],"aliases":["CVE-2018-14574","GHSA-5hg3-6c2f-f3wr","PYSEC-2018-2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1fs3-2msx-9kev"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5917?format=json","vulnerability_id":"VCID-1v22-g646-wbay","summary":"An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14235.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14235.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14235","reference_id":"","reference_type":"","scores":[{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89187","published_at":"2026-05-05T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89179","published_at":"2026-04-29T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89175","published_at":"2026-04-26T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89169","published_at":"2026-04-24T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89153","published_at":"2026-04-21T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89156","published_at":"2026-04-18T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89143","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89145","published_at":"2026-04-12T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89148","published_at":"2026-04-11T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89138","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89132","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89115","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89112","published_at":"2026-04-04T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.8925","published_at":"2026-05-16T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.8924","published_at":"2026-05-14T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89221","published_at":"2026-05-12T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89211","published_at":"2026-05-11T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89215","published_at":"2026-05-09T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89204","published_at":"2026-05-07T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89098","published_at":"2026-04-02T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89089","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14235"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14233","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14233"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14234","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14234"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14235","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14235"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-v9qg-3j8p-r63v","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v9qg-3j8p-r63v"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-14.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-14.yaml"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14235","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14235"},{"reference_url":"https://seclists.org/bugtraq/2019/Aug/15","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/Aug/15"},{"reference_url":"https://security.gentoo.org/glsa/202004-17","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202004-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190828-0002","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20190828-0002"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190828-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190828-0002/"},{"reference_url":"https://www.debian.org/security/2019/dsa-4498","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4498"},{"reference_url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1734422","reference_id":"1734422","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1734422"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934026","reference_id":"934026","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934026"},{"reference_url":"https://security.archlinux.org/ASA-201908-2","reference_id":"ASA-201908-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-2"},{"reference_url":"https://security.archlinux.org/AVG-1015","reference_id":"AVG-1015","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1015"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1324","reference_id":"RHSA-2020:1324","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1324"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4390","reference_id":"RHSA-2020:4390","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4390"},{"reference_url":"https://usn.ubuntu.com/4084-1/","reference_id":"USN-4084-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4084-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036926?format=json","purl":"pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fs3-2msx-9kev"},{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-27wt-wmzc-1bc2"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-438j-ce4y-zkan"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-56na-n4w5-8fak"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jae8-w85w-cyfu"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mv1p-yxvp-pbh6"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qjez-qe32-e3b6"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-vwt9-q3dt-vbfg"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-x664-bfna-6qdv"},{"vulnerability":"VCID-xaqg-mhqa-7keg"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1037783?format=json","purl":"pkg:deb/debian/python-django@1:1.11.29-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1049560?format=json","purl":"pkg:deb/debian/python-django@2:2.2.28-1~deb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2"}],"aliases":["CVE-2019-14235","GHSA-v9qg-3j8p-r63v","PYSEC-2019-14"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1v22-g646-wbay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5687?format=json","vulnerability_id":"VCID-27wt-wmzc-1bc2","summary":"django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6188.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6188.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-6188","reference_id":"","reference_type":"","scores":[{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76578","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.7657","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76555","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76505","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.7649","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76502","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76482","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76454","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76467","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76324","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.7641","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76384","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76371","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76338","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76358","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76327","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76453","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76447","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76413","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76429","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76423","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76383","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76388","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-6188"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6188","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6188"},{"reference_url":"https://github.com/advisories/GHSA-rf4j-j272-fj86","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rf4j-j272-fj86"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/57b95fedad5e0b83fc9c81466b7d1751c6427aae","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/57b95fedad5e0b83fc9c81466b7d1751c6427aae"},{"reference_url":"https://github.com/django/django/commit/c37bb28677295f6edda61d8ac461014ef0d3aeb2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/c37bb28677295f6edda61d8ac461014ef0d3aeb2"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-4.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-4.yaml"},{"reference_url":"https://usn.ubuntu.com/3559-1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3559-1"},{"reference_url":"https://usn.ubuntu.com/3559-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3559-1/"},{"reference_url":"https://web.archive.org/web/20200517143909/http://www.securitytracker.com/id/1040422","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200517143909/http://www.securitytracker.com/id/1040422"},{"reference_url":"https://www.djangoproject.com/weblog/2018/feb/01/security-releases","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2018/feb/01/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2018/feb/01/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2018/feb/01/security-releases/"},{"reference_url":"http://www.securitytracker.com/id/1040422","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1040422"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1538793","reference_id":"1538793","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1538793"},{"reference_url":"https://security.archlinux.org/AVG-624","reference_id":"AVG-624","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-624"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-6188","reference_id":"CVE-2018-6188","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-6188"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037783?format=json","purl":"pkg:deb/debian/python-django@1:1.11.29-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1"}],"aliases":["CVE-2018-6188","GHSA-rf4j-j272-fj86","PYSEC-2018-4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-27wt-wmzc-1bc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5915?format=json","vulnerability_id":"VCID-2zb9-27sm-3kgh","summary":"An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14232.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14232.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14232","reference_id":"","reference_type":"","scores":[{"value":"0.03026","scoring_system":"epss","scoring_elements":"0.86685","published_at":"2026-04-26T12:55:00Z"},{"value":"0.03026","scoring_system":"epss","scoring_elements":"0.86677","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03026","scoring_system":"epss","scoring_elements":"0.86665","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03026","scoring_system":"epss","scoring_elements":"0.86659","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03026","scoring_system":"epss","scoring_elements":"0.86646","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03026","scoring_system":"epss","scoring_elements":"0.86653","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03026","scoring_system":"epss","scoring_elements":"0.86655","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03026","scoring_system":"epss","scoring_elements":"0.86725","published_at":"2026-05-07T12:55:00Z"},{"value":"0.03026","scoring_system":"epss","scoring_elements":"0.8679","published_at":"2026-05-16T12:55:00Z"},{"value":"0.03026","scoring_system":"epss","scoring_elements":"0.86789","published_at":"2026-05-15T12:55:00Z"},{"value":"0.03026","scoring_system":"epss","scoring_elements":"0.8678","published_at":"2026-05-14T12:55:00Z"},{"value":"0.03026","scoring_system":"epss","scoring_elements":"0.86748","published_at":"2026-05-12T12:55:00Z"},{"value":"0.03026","scoring_system":"epss","scoring_elements":"0.86737","published_at":"2026-05-11T12:55:00Z"},{"value":"0.03026","scoring_system":"epss","scoring_elements":"0.86742","published_at":"2026-05-09T12:55:00Z"},{"value":"0.03026","scoring_system":"epss","scoring_elements":"0.86707","published_at":"2026-05-05T12:55:00Z"},{"value":"0.03026","scoring_system":"epss","scoring_elements":"0.86684","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03026","scoring_system":"epss","scoring_elements":"0.86642","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03026","scoring_system":"epss","scoring_elements":"0.86632","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03026","scoring_system":"epss","scoring_elements":"0.86613","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03026","scoring_system":"epss","scoring_elements":"0.86594","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03026","scoring_system":"epss","scoring_elements":"0.86583","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14233","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14233"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14234","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14234"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14235","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14235"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/"}],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-c4qh-4vgv-qc6g","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c4qh-4vgv-qc6g"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-11.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-11.yaml"},{"reference_url":"https://github.com/pypa/advisory-db/tree/main/vulns/django/PYSEC-2019-11.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-db/tree/main/vulns/django/PYSEC-2019-11.yaml"},{"reference_url":"https://groups.google.com/forum/#%21topic/django-announce/jIoju2-KLDs","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/"}],"url":"https://groups.google.com/forum/#%21topic/django-announce/jIoju2-KLDs"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/"},{"reference_url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/3LGJSPCN3VEG2UJPYCUB6TU75JTIV2TQ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/3LGJSPCN3VEG2UJPYCUB6TU75JTIV2TQ"},{"reference_url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/5XTP44JEOSNXRVW4JDZXA5XGMBDZLWSW","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/5XTP44JEOSNXRVW4JDZXA5XGMBDZLWSW"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14232","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14232"},{"reference_url":"https://seclists.org/bugtraq/2019/Aug/15","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/"}],"url":"https://seclists.org/bugtraq/2019/Aug/15"},{"reference_url":"https://security.gentoo.org/glsa/202004-17","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/"}],"url":"https://security.gentoo.org/glsa/202004-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190828-0002","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20190828-0002"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190828-0002/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/"}],"url":"https://security.netapp.com/advisory/ntap-20190828-0002/"},{"reference_url":"https://www.debian.org/security/2019/dsa-4498","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/"}],"url":"https://www.debian.org/security/2019/dsa-4498"},{"reference_url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/"}],"url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases/"},{"reference_url":"https://www.openwall.com/lists/oss-security/2023/10/04/6","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2023/10/04/6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/10/04/6","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/10/04/6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/03/04/1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/03/04/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1734405","reference_id":"1734405","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1734405"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934026","reference_id":"934026","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934026"},{"reference_url":"https://security.archlinux.org/ASA-201908-2","reference_id":"ASA-201908-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-2"},{"reference_url":"https://security.archlinux.org/AVG-1015","reference_id":"AVG-1015","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1015"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1324","reference_id":"RHSA-2020:1324","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1324"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4390","reference_id":"RHSA-2020:4390","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4390"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/","reference_id":"STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/"},{"reference_url":"https://usn.ubuntu.com/4084-1/","reference_id":"USN-4084-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4084-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036926?format=json","purl":"pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fs3-2msx-9kev"},{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-27wt-wmzc-1bc2"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-438j-ce4y-zkan"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-56na-n4w5-8fak"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jae8-w85w-cyfu"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mv1p-yxvp-pbh6"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qjez-qe32-e3b6"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-vwt9-q3dt-vbfg"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-x664-bfna-6qdv"},{"vulnerability":"VCID-xaqg-mhqa-7keg"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1037783?format=json","purl":"pkg:deb/debian/python-django@1:1.11.29-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1049560?format=json","purl":"pkg:deb/debian/python-django@2:2.2.28-1~deb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2"}],"aliases":["CVE-2019-14232","GHSA-c4qh-4vgv-qc6g","PYSEC-2019-11"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2zb9-27sm-3kgh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5620?format=json","vulnerability_id":"VCID-438j-ce4y-zkan","summary":"In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with \"DEBUG = True\" (which makes this page accessible) in your production settings.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12794.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12794.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12794","reference_id":"","reference_type":"","scores":[{"value":"0.17619","scoring_system":"epss","scoring_elements":"0.95062","published_at":"2026-04-01T12:55:00Z"},{"value":"0.17619","scoring_system":"epss","scoring_elements":"0.95075","published_at":"2026-04-07T12:55:00Z"},{"value":"0.17619","scoring_system":"epss","scoring_elements":"0.95072","published_at":"2026-04-02T12:55:00Z"},{"value":"0.17619","scoring_system":"epss","scoring_elements":"0.95073","published_at":"2026-04-04T12:55:00Z"},{"value":"0.17619","scoring_system":"epss","scoring_elements":"0.95108","published_at":"2026-04-18T12:55:00Z"},{"value":"0.17619","scoring_system":"epss","scoring_elements":"0.95105","published_at":"2026-04-16T12:55:00Z"},{"value":"0.17619","scoring_system":"epss","scoring_elements":"0.95096","published_at":"2026-04-13T12:55:00Z"},{"value":"0.17619","scoring_system":"epss","scoring_elements":"0.95093","published_at":"2026-04-12T12:55:00Z"},{"value":"0.17619","scoring_system":"epss","scoring_elements":"0.95092","published_at":"2026-04-11T12:55:00Z"},{"value":"0.17619","scoring_system":"epss","scoring_elements":"0.95086","published_at":"2026-04-09T12:55:00Z"},{"value":"0.17619","scoring_system":"epss","scoring_elements":"0.95082","published_at":"2026-04-08T12:55:00Z"},{"value":"0.20966","scoring_system":"epss","scoring_elements":"0.95653","published_at":"2026-04-26T12:55:00Z"},{"value":"0.20966","scoring_system":"epss","scoring_elements":"0.95652","published_at":"2026-04-29T12:55:00Z"},{"value":"0.20966","scoring_system":"epss","scoring_elements":"0.9565","published_at":"2026-04-21T12:55:00Z"},{"value":"0.20966","scoring_system":"epss","scoring_elements":"0.95703","published_at":"2026-05-16T12:55:00Z"},{"value":"0.20966","scoring_system":"epss","scoring_elements":"0.95702","published_at":"2026-05-15T12:55:00Z"},{"value":"0.20966","scoring_system":"epss","scoring_elements":"0.957","published_at":"2026-05-14T12:55:00Z"},{"value":"0.20966","scoring_system":"epss","scoring_elements":"0.95688","published_at":"2026-05-12T12:55:00Z"},{"value":"0.20966","scoring_system":"epss","scoring_elements":"0.95683","published_at":"2026-05-11T12:55:00Z"},{"value":"0.20966","scoring_system":"epss","scoring_elements":"0.95677","published_at":"2026-05-09T12:55:00Z"},{"value":"0.20966","scoring_system":"epss","scoring_elements":"0.9567","published_at":"2026-05-07T12:55:00Z"},{"value":"0.20966","scoring_system":"epss","scoring_elements":"0.95667","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12794"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12794","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12794"},{"reference_url":"https://github.com/advisories/GHSA-9r8w-6x8c-6jr9","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9r8w-6x8c-6jr9"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/58e08e80e362db79eb0fd775dc81faad90dca47a","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/58e08e80e362db79eb0fd775dc81faad90dca47a"},{"reference_url":"https://github.com/django/django/commit/e35a0c56086924f331e9422daa266e907a4784cc","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/e35a0c56086924f331e9422daa266e907a4784cc"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2017-44.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2017-44.yaml"},{"reference_url":"https://usn.ubuntu.com/3559-1","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3559-1"},{"reference_url":"https://usn.ubuntu.com/3559-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3559-1/"},{"reference_url":"https://web.archive.org/web/20170927072701/http://www.securitytracker.com/id/1039264","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170927072701/http://www.securitytracker.com/id/1039264"},{"reference_url":"https://web.archive.org/web/20200227150819/http://www.securityfocus.com/bid/100643","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227150819/http://www.securityfocus.com/bid/100643"},{"reference_url":"https://www.djangoproject.com/weblog/2017/sep/05/security-releases","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2017/sep/05/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2017/sep/05/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2017/sep/05/security-releases/"},{"reference_url":"http://www.securityfocus.com/bid/100643","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/100643"},{"reference_url":"http://www.securitytracker.com/id/1039264","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1039264"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1486451","reference_id":"1486451","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1486451"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874415","reference_id":"874415","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874415"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:djangoproject:django:1.10.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:djangoproject:django:1.10.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:djangoproject:django:1.10.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:djangoproject:django:1.10.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:djangoproject:django:1.10.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:djangoproject:django:1.10.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:djangoproject:django:1.10.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:djangoproject:django:1.10.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.11.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:djangoproject:django:1.11.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.11.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.11.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:djangoproject:django:1.11.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.11.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.11.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:djangoproject:django:1.11.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.11.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.11.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:djangoproject:django:1.11.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.11.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.11.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:djangoproject:django:1.11.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.11.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12794","reference_id":"CVE-2017-12794","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12794"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037783?format=json","purl":"pkg:deb/debian/python-django@1:1.11.29-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1"}],"aliases":["CVE-2017-12794","GHSA-9r8w-6x8c-6jr9","PYSEC-2017-44"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-438j-ce4y-zkan"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11392?format=json","vulnerability_id":"VCID-4ztz-fq98-5fh1","summary":"In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41164.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41164.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-41164","reference_id":"","reference_type":"","scores":[{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61231","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61097","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61045","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61092","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61103","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.6112","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61113","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61071","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.6109","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61104","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61083","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61067","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61019","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61053","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61025","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61217","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61202","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61143","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61116","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61154","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61095","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-41164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460"},{"reference_url":"https://docs.djangoproject.com/en/4.2/releases/security","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/4.2/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/4.2/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.2/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/6f030b1149bd8fa4ba90452e77cb3edc095ce54e","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/6f030b1149bd8fa4ba90452e77cb3edc095ce54e"},{"reference_url":"https://github.com/django/django/commit/9c51b4dcfa0cefcb48231f4d71cafa80821f87b9","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/9c51b4dcfa0cefcb48231f4d71cafa80821f87b9"},{"reference_url":"https://github.com/django/django/commit/ba00bc5ec6a7eff5e08be438f7b5b0e9574e8ff0","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/ba00bc5ec6a7eff5e08be438f7b5b0e9574e8ff0"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-225.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-225.yaml"},{"reference_url":"https://groups.google.com/forum/#%21forum/django-announce","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#%21forum/django-announce"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D"},{"reference_url":"https://security.netapp.com/advisory/ntap-20231214-0002","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20231214-0002"},{"reference_url":"https://www.djangoproject.com/weblog/2023/sep/04/security-releases","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2023/sep/04/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2023/sep/04/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2023/sep/04/security-releases/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051226","reference_id":"1051226","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051226"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2237258","reference_id":"2237258","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2237258"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-41164","reference_id":"CVE-2023-41164","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-41164"},{"reference_url":"https://github.com/advisories/GHSA-7h4p-27mh-hmrw","reference_id":"GHSA-7h4p-27mh-hmrw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7h4p-27mh-hmrw"},{"reference_url":"https://security.gentoo.org/glsa/202509-03","reference_id":"GLSA-202509-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202509-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5208","reference_id":"RHSA-2023:5208","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5208"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1878","reference_id":"RHSA-2024:1878","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1878"},{"reference_url":"https://usn.ubuntu.com/6378-1/","reference_id":"USN-6378-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6378-1/"},{"reference_url":"https://usn.ubuntu.com/6414-2/","reference_id":"USN-6414-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6414-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036926?format=json","purl":"pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fs3-2msx-9kev"},{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-27wt-wmzc-1bc2"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-438j-ce4y-zkan"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-56na-n4w5-8fak"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jae8-w85w-cyfu"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mv1p-yxvp-pbh6"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qjez-qe32-e3b6"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-vwt9-q3dt-vbfg"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-x664-bfna-6qdv"},{"vulnerability":"VCID-xaqg-mhqa-7keg"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1037783?format=json","purl":"pkg:deb/debian/python-django@1:1.11.29-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1049561?format=json","purl":"pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1"}],"aliases":["BIT-django-2023-41164","CVE-2023-41164","GHSA-7h4p-27mh-hmrw","PYSEC-2023-225"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4ztz-fq98-5fh1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5887?format=json","vulnerability_id":"VCID-56na-n4w5-8fak","summary":"An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provided as a URL query parameter payload, could result in an clickable JavaScript link.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12308.json","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12308.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12308","reference_id":"","reference_type":"","scores":[{"value":"0.01454","scoring_system":"epss","scoring_elements":"0.80918","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01454","scoring_system":"epss","scoring_elements":"0.80897","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01454","scoring_system":"epss","scoring_elements":"0.80743","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01454","scoring_system":"epss","scoring_elements":"0.81005","published_at":"2026-05-16T12:55:00Z"},{"value":"0.01454","scoring_system":"epss","scoring_elements":"0.81002","published_at":"2026-05-15T12:55:00Z"},{"value":"0.01454","scoring_system":"epss","scoring_elements":"0.80997","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01454","scoring_system":"epss","scoring_elements":"0.80953","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01454","scoring_system":"epss","scoring_elements":"0.80934","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01454","scoring_system":"epss","scoring_elements":"0.8094","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01454","scoring_system":"epss","scoring_elements":"0.808","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01454","scoring_system":"epss","scoring_elements":"0.80808","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01454","scoring_system":"epss","scoring_elements":"0.80822","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01454","scoring_system":"epss","scoring_elements":"0.80806","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01454","scoring_system":"epss","scoring_elements":"0.80798","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01454","scoring_system":"epss","scoring_elements":"0.8077","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01454","scoring_system":"epss","scoring_elements":"0.80773","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01454","scoring_system":"epss","scoring_elements":"0.80752","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01454","scoring_system":"epss","scoring_elements":"0.8088","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01454","scoring_system":"epss","scoring_elements":"0.80868","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01454","scoring_system":"epss","scoring_elements":"0.80862","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01454","scoring_system":"epss","scoring_elements":"0.80839","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01454","scoring_system":"epss","scoring_elements":"0.80837","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12308"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12308","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12308"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12781","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12781"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6975","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6975"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/1.11.21","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/1.11.21"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/1.11.21/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/1.11.21/"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/2.1.9","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/2.1.9"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/2.1.9/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/2.1.9/"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/2.2.2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/2.2.2"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/2.2.2/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/2.2.2/"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-7rp2-fm2h-wchj","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7rp2-fm2h-wchj"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/09186a13d975de6d049f8b3e05484f66b01ece62","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/09186a13d975de6d049f8b3e05484f66b01ece62"},{"reference_url":"https://github.com/django/django/commit/afddabf8428ddc89a332f7a78d0d21eaf2b5a673","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/afddabf8428ddc89a332f7a78d0d21eaf2b5a673"},{"reference_url":"https://github.com/django/django/commit/c238701859a52d584f349cce15d56c8e8137c52b","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/c238701859a52d584f349cce15d56c8e8137c52b"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-79.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-79.yaml"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/GEbHU7YoVz8","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/django-announce/GEbHU7YoVz8"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00001.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/07/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/07/msg00001.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USYRARSYB7PE3S2ZQO7PZNWMH7RPGL5G","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USYRARSYB7PE3S2ZQO7PZNWMH7RPGL5G"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USYRARSYB7PE3S2ZQO7PZNWMH7RPGL5G/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USYRARSYB7PE3S2ZQO7PZNWMH7RPGL5G/"},{"reference_url":"https://seclists.org/bugtraq/2019/Jul/10","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/Jul/10"},{"reference_url":"https://security.gentoo.org/glsa/202004-17","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202004-17"},{"reference_url":"https://usn.ubuntu.com/4043-1","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4043-1"},{"reference_url":"https://usn.ubuntu.com/4043-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4043-1/"},{"reference_url":"https://www.debian.org/security/2019/dsa-4476","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4476"},{"reference_url":"https://www.djangoproject.com/weblog/2019/jun/03/security-releases","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2019/jun/03/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2019/jun/03/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2019/jun/03/security-releases/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/06/03/2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2019/06/03/2"},{"reference_url":"http://www.securityfocus.com/bid/108559","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/108559"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1715915","reference_id":"1715915","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1715915"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929927","reference_id":"929927","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929927"},{"reference_url":"https://security.archlinux.org/ASA-201906-2","reference_id":"ASA-201906-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201906-2"},{"reference_url":"https://security.archlinux.org/AVG-969","reference_id":"AVG-969","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-969"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12308","reference_id":"CVE-2019-12308","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12308"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036926?format=json","purl":"pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fs3-2msx-9kev"},{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-27wt-wmzc-1bc2"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-438j-ce4y-zkan"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-56na-n4w5-8fak"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jae8-w85w-cyfu"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mv1p-yxvp-pbh6"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qjez-qe32-e3b6"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-vwt9-q3dt-vbfg"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-x664-bfna-6qdv"},{"vulnerability":"VCID-xaqg-mhqa-7keg"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1037783?format=json","purl":"pkg:deb/debian/python-django@1:1.11.29-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1"}],"aliases":["CVE-2019-12308","GHSA-7rp2-fm2h-wchj","PYSEC-2019-79"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-56na-n4w5-8fak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13419?format=json","vulnerability_id":"VCID-7tph-k8q2-bue2","summary":"An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41991.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41991.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-41991","reference_id":"","reference_type":"","scores":[{"value":"0.0091","scoring_system":"epss","scoring_elements":"0.76031","published_at":"2026-05-16T12:55:00Z"},{"value":"0.0091","scoring_system":"epss","scoring_elements":"0.76021","published_at":"2026-05-15T12:55:00Z"},{"value":"0.0091","scoring_system":"epss","scoring_elements":"0.75878","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0091","scoring_system":"epss","scoring_elements":"0.75815","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0091","scoring_system":"epss","scoring_elements":"0.75803","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0091","scoring_system":"epss","scoring_elements":"0.7577","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0091","scoring_system":"epss","scoring_elements":"0.75792","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0091","scoring_system":"epss","scoring_elements":"0.75759","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0091","scoring_system":"epss","scoring_elements":"0.76007","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0091","scoring_system":"epss","scoring_elements":"0.75957","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0091","scoring_system":"epss","scoring_elements":"0.75943","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0091","scoring_system":"epss","scoring_elements":"0.75959","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0091","scoring_system":"epss","scoring_elements":"0.75936","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0091","scoring_system":"epss","scoring_elements":"0.75906","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0091","scoring_system":"epss","scoring_elements":"0.75899","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0091","scoring_system":"epss","scoring_elements":"0.75887","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0091","scoring_system":"epss","scoring_elements":"0.75855","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0091","scoring_system":"epss","scoring_elements":"0.75851","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0091","scoring_system":"epss","scoring_elements":"0.75813","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0091","scoring_system":"epss","scoring_elements":"0.7582","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0091","scoring_system":"epss","scoring_elements":"0.75839","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-41991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-07T17:57:11Z/"}],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/523da8771bce321023f490f70d71a9e973ddc927","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/523da8771bce321023f490f70d71a9e973ddc927"},{"reference_url":"https://github.com/django/django/commit/efea1ef7e2190e3f77ca0651b5458297bc0f6a9f","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/efea1ef7e2190e3f77ca0651b5458297bc0f6a9f"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-69.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-69.yaml"},{"reference_url":"https://groups.google.com/forum/#%21forum/django-announce","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-07T17:57:11Z/"}],"url":"https://groups.google.com/forum/#%21forum/django-announce"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41991","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41991"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240905-0007","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240905-0007"},{"reference_url":"https://www.djangoproject.com/weblog/2024/aug/06/security-releases","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2024/aug/06/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2024/aug/06/security-releases/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-07T17:57:11Z/"}],"url":"https://www.djangoproject.com/weblog/2024/aug/06/security-releases/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074","reference_id":"1078074","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2302435","reference_id":"2302435","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2302435"},{"reference_url":"https://github.com/advisories/GHSA-r836-hh6v-rg5g","reference_id":"GHSA-r836-hh6v-rg5g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r836-hh6v-rg5g"},{"reference_url":"https://security.gentoo.org/glsa/202509-03","reference_id":"GLSA-202509-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202509-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6428","reference_id":"RHSA-2024:6428","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6428"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7987","reference_id":"RHSA-2024:7987","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7987"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1335","reference_id":"RHSA-2025:1335","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1335"},{"reference_url":"https://usn.ubuntu.com/6946-1/","reference_id":"USN-6946-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6946-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036926?format=json","purl":"pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fs3-2msx-9kev"},{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-27wt-wmzc-1bc2"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-438j-ce4y-zkan"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-56na-n4w5-8fak"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jae8-w85w-cyfu"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mv1p-yxvp-pbh6"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qjez-qe32-e3b6"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-vwt9-q3dt-vbfg"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-x664-bfna-6qdv"},{"vulnerability":"VCID-xaqg-mhqa-7keg"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1037783?format=json","purl":"pkg:deb/debian/python-django@1:1.11.29-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1049561?format=json","purl":"pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1"}],"aliases":["BIT-django-2024-41991","CVE-2024-41991","GHSA-r836-hh6v-rg5g","PYSEC-2024-69"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7tph-k8q2-bue2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15097?format=json","vulnerability_id":"VCID-896g-hqec-ryb9","summary":"An issue was discovered in Django 5.2 before 5.2.2, 5.1 before 5.1.10, and 4.2 before 4.2.22. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48432.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48432.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48432","reference_id":"","reference_type":"","scores":[{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61584","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.6157","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61555","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61502","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61407","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61446","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.6146","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61439","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61423","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61377","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61378","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61474","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61512","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61404","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61452","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61457","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61442","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61455","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61471","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61467","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61428","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/"}],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-47.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-47.yaml"},{"reference_url":"https://groups.google.com/g/django-announce","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/"}],"url":"https://groups.google.com/g/django-announce"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48432","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48432"},{"reference_url":"https://www.djangoproject.com/weblog/2025/jun/04/security-releases","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2025/jun/04/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2025/jun/04/security-releases/","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/"}],"url":"https://www.djangoproject.com/weblog/2025/jun/04/security-releases/"},{"reference_url":"https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/06/04/5","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/06/04/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/06/10/2","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/06/10/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/06/10/3","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/06/10/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/06/10/4","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/06/10/4"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107282","reference_id":"1107282","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107282"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2370365","reference_id":"2370365","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2370365"},{"reference_url":"https://security.archlinux.org/ASA-202506-6","reference_id":"ASA-202506-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202506-6"},{"reference_url":"https://security.archlinux.org/AVG-2894","reference_id":"AVG-2894","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2894"},{"reference_url":"https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases/","reference_id":"bugfix-releases","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/"}],"url":"https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases/"},{"reference_url":"https://github.com/advisories/GHSA-7xr5-9hcq-chf9","reference_id":"GHSA-7xr5-9hcq-chf9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7xr5-9hcq-chf9"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14686","reference_id":"RHSA-2025:14686","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14686"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16487","reference_id":"RHSA-2025:16487","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16487"},{"reference_url":"https://usn.ubuntu.com/7555-1/","reference_id":"USN-7555-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7555-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036926?format=json","purl":"pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fs3-2msx-9kev"},{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-27wt-wmzc-1bc2"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-438j-ce4y-zkan"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-56na-n4w5-8fak"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jae8-w85w-cyfu"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mv1p-yxvp-pbh6"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qjez-qe32-e3b6"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-vwt9-q3dt-vbfg"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-x664-bfna-6qdv"},{"vulnerability":"VCID-xaqg-mhqa-7keg"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1037783?format=json","purl":"pkg:deb/debian/python-django@1:1.11.29-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1049561?format=json","purl":"pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1"}],"aliases":["BIT-django-2025-48432","CVE-2025-48432","GHSA-7xr5-9hcq-chf9","PYSEC-2025-47"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-896g-hqec-ryb9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5988?format=json","vulnerability_id":"VCID-8jaq-53td-wbeg","summary":"Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.)","references":[{"reference_url":"http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19844.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19844.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19844","reference_id":"","reference_type":"","scores":[{"value":"0.13973","scoring_system":"epss","scoring_elements":"0.94289","published_at":"2026-04-01T12:55:00Z"},{"value":"0.13973","scoring_system":"epss","scoring_elements":"0.94403","published_at":"2026-05-16T12:55:00Z"},{"value":"0.13973","scoring_system":"epss","scoring_elements":"0.94407","published_at":"2026-05-15T12:55:00Z"},{"value":"0.13973","scoring_system":"epss","scoring_elements":"0.94404","published_at":"2026-05-14T12:55:00Z"},{"value":"0.13973","scoring_system":"epss","scoring_elements":"0.9432","published_at":"2026-04-08T12:55:00Z"},{"value":"0.13973","scoring_system":"epss","scoring_elements":"0.9431","published_at":"2026-04-07T12:55:00Z"},{"value":"0.13973","scoring_system":"epss","scoring_elements":"0.94309","published_at":"2026-04-04T12:55:00Z"},{"value":"0.13973","scoring_system":"epss","scoring_elements":"0.94298","published_at":"2026-04-02T12:55:00Z"},{"value":"0.13973","scoring_system":"epss","scoring_elements":"0.9439","published_at":"2026-05-12T12:55:00Z"},{"value":"0.13973","scoring_system":"epss","scoring_elements":"0.94384","published_at":"2026-05-11T12:55:00Z"},{"value":"0.13973","scoring_system":"epss","scoring_elements":"0.94377","published_at":"2026-05-09T12:55:00Z"},{"value":"0.13973","scoring_system":"epss","scoring_elements":"0.94365","published_at":"2026-05-07T12:55:00Z"},{"value":"0.13973","scoring_system":"epss","scoring_elements":"0.94356","published_at":"2026-05-05T12:55:00Z"},{"value":"0.13973","scoring_system":"epss","scoring_elements":"0.94353","published_at":"2026-04-26T12:55:00Z"},{"value":"0.13973","scoring_system":"epss","scoring_elements":"0.94354","published_at":"2026-04-24T12:55:00Z"},{"value":"0.13973","scoring_system":"epss","scoring_elements":"0.9435","published_at":"2026-04-21T12:55:00Z"},{"value":"0.13973","scoring_system":"epss","scoring_elements":"0.94351","published_at":"2026-04-29T12:55:00Z"},{"value":"0.13973","scoring_system":"epss","scoring_elements":"0.94345","published_at":"2026-04-16T12:55:00Z"},{"value":"0.13973","scoring_system":"epss","scoring_elements":"0.9433","published_at":"2026-04-13T12:55:00Z"},{"value":"0.13973","scoring_system":"epss","scoring_elements":"0.94329","published_at":"2026-04-12T12:55:00Z"},{"value":"0.13973","scoring_system":"epss","scoring_elements":"0.94328","published_at":"2026-04-11T12:55:00Z"},{"value":"0.13973","scoring_system":"epss","scoring_elements":"0.94324","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19844"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-vfq6-hq5r-27r6","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vfq6-hq5r-27r6"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/302a4ff1e8b1c798aab97673909c7a3dfda42c26","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/302a4ff1e8b1c798aab97673909c7a3dfda42c26"},{"reference_url":"https://github.com/django/django/commit/4d334bea06cac63dc1272abcec545b85136cca0e","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/4d334bea06cac63dc1272abcec545b85136cca0e"},{"reference_url":"https://github.com/django/django/commit/5b1fbcef7a8bec991ebe7b2a18b5d5a95d72cb70","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/5b1fbcef7a8bec991ebe7b2a18b5d5a95d72cb70"},{"reference_url":"https://github.com/django/django/commit/f4cff43bf921fcea6a29b726eb66767f67753fa2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/f4cff43bf921fcea6a29b726eb66767f67753fa2"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-16.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-16.yaml"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19844","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19844"},{"reference_url":"https://seclists.org/bugtraq/2020/Jan/9","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2020/Jan/9"},{"reference_url":"https://security.gentoo.org/glsa/202004-17","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202004-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200110-0003","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200110-0003"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200110-0003/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20200110-0003/"},{"reference_url":"https://usn.ubuntu.com/4224-1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4224-1"},{"reference_url":"https://usn.ubuntu.com/4224-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4224-1/"},{"reference_url":"https://www.debian.org/security/2020/dsa-4598","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2020/dsa-4598"},{"reference_url":"https://www.djangoproject.com/weblog/2019/dec/18/security-releases","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2019/dec/18/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2019/dec/18/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2019/dec/18/security-releases/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1788425","reference_id":"1788425","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1788425"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946937","reference_id":"946937","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946937"},{"reference_url":"https://security.archlinux.org/AVG-1080","reference_id":"AVG-1080","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1080"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/webapps/47879.md","reference_id":"CVE-2019-19844","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/webapps/47879.md"},{"reference_url":"https://ryu22e.org/en/posts/2019/12/25/django-cve-2019-19844/","reference_id":"CVE-2019-19844","reference_type":"exploit","scores":[],"url":"https://ryu22e.org/en/posts/2019/12/25/django-cve-2019-19844/"},{"reference_url":"https://usn.ubuntu.com/6722-1/","reference_id":"USN-6722-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6722-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036926?format=json","purl":"pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fs3-2msx-9kev"},{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-27wt-wmzc-1bc2"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-438j-ce4y-zkan"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-56na-n4w5-8fak"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jae8-w85w-cyfu"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mv1p-yxvp-pbh6"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qjez-qe32-e3b6"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-vwt9-q3dt-vbfg"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-x664-bfna-6qdv"},{"vulnerability":"VCID-xaqg-mhqa-7keg"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1037783?format=json","purl":"pkg:deb/debian/python-django@1:1.11.29-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1049560?format=json","purl":"pkg:deb/debian/python-django@2:2.2.28-1~deb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2"}],"aliases":["CVE-2019-19844","GHSA-vfq6-hq5r-27r6","PYSEC-2019-16"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8jaq-53td-wbeg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11405?format=json","vulnerability_id":"VCID-8m4b-y4va-kqgm","summary":"In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43665.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43665.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43665","reference_id":"","reference_type":"","scores":[{"value":"0.02194","scoring_system":"epss","scoring_elements":"0.84423","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02194","scoring_system":"epss","scoring_elements":"0.844","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02194","scoring_system":"epss","scoring_elements":"0.84404","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0279","scoring_system":"epss","scoring_elements":"0.86185","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0279","scoring_system":"epss","scoring_elements":"0.8603","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0279","scoring_system":"epss","scoring_elements":"0.86189","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0279","scoring_system":"epss","scoring_elements":"0.8617","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0279","scoring_system":"epss","scoring_elements":"0.86148","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0279","scoring_system":"epss","scoring_elements":"0.86091","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0279","scoring_system":"epss","scoring_elements":"0.86119","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0279","scoring_system":"epss","scoring_elements":"0.86099","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0279","scoring_system":"epss","scoring_elements":"0.86047","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0279","scoring_system":"epss","scoring_elements":"0.86046","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0279","scoring_system":"epss","scoring_elements":"0.86066","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0279","scoring_system":"epss","scoring_elements":"0.86076","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0279","scoring_system":"epss","scoring_elements":"0.86129","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0279","scoring_system":"epss","scoring_elements":"0.86248","published_at":"2026-05-16T12:55:00Z"},{"value":"0.0279","scoring_system":"epss","scoring_elements":"0.86237","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0279","scoring_system":"epss","scoring_elements":"0.86198","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43665"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460"},{"reference_url":"https://docs.djangoproject.com/en/4.2/releases/security","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/4.2/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/4.2/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/4.2/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/be9c27c4d18c2e6a5be8af4e53c0797440794473","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/be9c27c4d18c2e6a5be8af4e53c0797440794473"},{"reference_url":"https://github.com/django/django/commit/c7b7024742250414e426ad49fb80db943e7ba4e8","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/c7b7024742250414e426ad49fb80db943e7ba4e8"},{"reference_url":"https://github.com/django/django/commit/ccdade1a0262537868d7ca64374de3d957ca50c5","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/ccdade1a0262537868d7ca64374de3d957ca50c5"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-226.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-226.yaml"},{"reference_url":"https://groups.google.com/forum/#%21forum/django-announce","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#%21forum/django-announce"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D"},{"reference_url":"https://security.netapp.com/advisory/ntap-20231221-0001","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20231221-0001"},{"reference_url":"https://www.djangoproject.com/weblog/2023/oct/04/security-releases","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2023/oct/04/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2023/oct/04/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2023/oct/04/security-releases/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/03/04/1","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/03/04/1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053475","reference_id":"1053475","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053475"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2241046","reference_id":"2241046","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2241046"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-43665","reference_id":"CVE-2023-43665","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-43665"},{"reference_url":"https://github.com/advisories/GHSA-h8gc-pgj2-vjm3","reference_id":"GHSA-h8gc-pgj2-vjm3","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h8gc-pgj2-vjm3"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6158","reference_id":"RHSA-2023:6158","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6158"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1878","reference_id":"RHSA-2024:1878","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1878"},{"reference_url":"https://usn.ubuntu.com/6414-1/","reference_id":"USN-6414-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6414-1/"},{"reference_url":"https://usn.ubuntu.com/6414-2/","reference_id":"USN-6414-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6414-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036926?format=json","purl":"pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fs3-2msx-9kev"},{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-27wt-wmzc-1bc2"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-438j-ce4y-zkan"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-56na-n4w5-8fak"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jae8-w85w-cyfu"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mv1p-yxvp-pbh6"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qjez-qe32-e3b6"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-vwt9-q3dt-vbfg"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-x664-bfna-6qdv"},{"vulnerability":"VCID-xaqg-mhqa-7keg"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1037783?format=json","purl":"pkg:deb/debian/python-django@1:1.11.29-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1049561?format=json","purl":"pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1"}],"aliases":["BIT-django-2023-43665","CVE-2023-43665","GHSA-h8gc-pgj2-vjm3","PYSEC-2023-226"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8m4b-y4va-kqgm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12375?format=json","vulnerability_id":"VCID-8xgs-8xjr-cber","summary":"An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24680.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24680.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-24680","reference_id":"","reference_type":"","scores":[{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.8058","published_at":"2026-05-16T12:55:00Z"},{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.80577","published_at":"2026-05-15T12:55:00Z"},{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.80573","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.80532","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.80515","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.8052","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.80501","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.80478","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.80463","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.80446","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.80439","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.80413","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.8041","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.80408","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.80379","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.80335","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.80355","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.80343","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.80372","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.80386","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.80383","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.80402","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-24680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460"},{"reference_url":"https://docs.djangoproject.com/en/5.0/releases/security","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/5.0/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/5.0/releases/security/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:36Z/"}],"url":"https://docs.djangoproject.com/en/5.0/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/16a8fe18a3b81250f4fa57e3f93f0599dc4895bc","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/16a8fe18a3b81250f4fa57e3f93f0599dc4895bc"},{"reference_url":"https://github.com/django/django/commit/55519d6cf8998fe4c8f5c8abffc2b10a7c3d14e9","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/55519d6cf8998fe4c8f5c8abffc2b10a7c3d14e9"},{"reference_url":"https://github.com/django/django/commit/572ea07e84b38ea8de0551f4b4eda685d91d09d2","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/572ea07e84b38ea8de0551f4b4eda685d91d09d2"},{"reference_url":"https://github.com/django/django/commit/c1171ffbd570db90ca206c30f8e2b9f691243820","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/c1171ffbd570db90ca206c30f8e2b9f691243820"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-28.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-28.yaml"},{"reference_url":"https://groups.google.com/forum/#%21forum/django-announce","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:36Z/"}],"url":"https://groups.google.com/forum/#%21forum/django-announce"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-24680","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-24680"},{"reference_url":"https://www.djangoproject.com/weblog/2024/feb/06/security-releases","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2024/feb/06/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2024/feb/06/security-releases/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:36Z/"}],"url":"https://www.djangoproject.com/weblog/2024/feb/06/security-releases/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2261856","reference_id":"2261856","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2261856"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX/","reference_id":"D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:36Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX/"},{"reference_url":"https://github.com/advisories/GHSA-xxj9-f6rv-m3x4","reference_id":"GHSA-xxj9-f6rv-m3x4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xxj9-f6rv-m3x4"},{"reference_url":"https://security.gentoo.org/glsa/202509-03","reference_id":"GLSA-202509-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202509-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1057","reference_id":"RHSA-2024:1057","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1057"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1878","reference_id":"RHSA-2024:1878","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1878"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2731","reference_id":"RHSA-2024:2731","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2731"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5662","reference_id":"RHSA-2024:5662","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5662"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6/","reference_id":"SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:36Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6/"},{"reference_url":"https://usn.ubuntu.com/6623-1/","reference_id":"USN-6623-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6623-1/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/","reference_id":"ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:36Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036926?format=json","purl":"pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fs3-2msx-9kev"},{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-27wt-wmzc-1bc2"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-438j-ce4y-zkan"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-56na-n4w5-8fak"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jae8-w85w-cyfu"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mv1p-yxvp-pbh6"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qjez-qe32-e3b6"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-vwt9-q3dt-vbfg"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-x664-bfna-6qdv"},{"vulnerability":"VCID-xaqg-mhqa-7keg"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1037783?format=json","purl":"pkg:deb/debian/python-django@1:1.11.29-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1049561?format=json","purl":"pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1"}],"aliases":["BIT-django-2024-24680","CVE-2024-24680","GHSA-xxj9-f6rv-m3x4","PYSEC-2024-28"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8xgs-8xjr-cber"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15000?format=json","vulnerability_id":"VCID-9abh-apwm-ebab","summary":"An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags().","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32873.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32873.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32873","reference_id":"","reference_type":"","scores":[{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.3721","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37188","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.3717","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37092","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.3712","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.372","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37181","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37114","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.3723","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.3732","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.3734","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37577","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37659","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37613","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37717","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37674","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37661","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37647","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37596","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37641","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37692","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:36:22Z/"}],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/9f3419b519799d69f2aba70b9d25abe2e70d03e0","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/9f3419b519799d69f2aba70b9d25abe2e70d03e0"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-37.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-37.yaml"},{"reference_url":"https://groups.google.com/g/django-announce","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:36:22Z/"}],"url":"https://groups.google.com/g/django-announce"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-32873","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-32873"},{"reference_url":"https://www.djangoproject.com/weblog/2025/may/07/security-releases","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2025/may/07/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2025/may/07/security-releases/","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:36:22Z/"}],"url":"https://www.djangoproject.com/weblog/2025/may/07/security-releases/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/05/07/1","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/05/07/1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104872","reference_id":"1104872","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104872"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2364980","reference_id":"2364980","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2364980"},{"reference_url":"https://security.archlinux.org/ASA-202505-10","reference_id":"ASA-202505-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202505-10"},{"reference_url":"https://security.archlinux.org/AVG-2876","reference_id":"AVG-2876","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2876"},{"reference_url":"https://github.com/advisories/GHSA-8j24-cjrq-gr2m","reference_id":"GHSA-8j24-cjrq-gr2m","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8j24-cjrq-gr2m"},{"reference_url":"https://security.gentoo.org/glsa/202509-03","reference_id":"GLSA-202509-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202509-03"},{"reference_url":"https://usn.ubuntu.com/7501-1/","reference_id":"USN-7501-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7501-1/"},{"reference_url":"https://usn.ubuntu.com/7501-2/","reference_id":"USN-7501-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7501-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036926?format=json","purl":"pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fs3-2msx-9kev"},{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-27wt-wmzc-1bc2"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-438j-ce4y-zkan"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-56na-n4w5-8fak"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jae8-w85w-cyfu"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mv1p-yxvp-pbh6"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qjez-qe32-e3b6"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-vwt9-q3dt-vbfg"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-x664-bfna-6qdv"},{"vulnerability":"VCID-xaqg-mhqa-7keg"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1037783?format=json","purl":"pkg:deb/debian/python-django@1:1.11.29-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1049561?format=json","purl":"pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1"}],"aliases":["BIT-django-2025-32873","CVE-2025-32873","GHSA-8j24-cjrq-gr2m","PYSEC-2025-37"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9abh-apwm-ebab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/22234?format=json","vulnerability_id":"VCID-9uzd-mmyv-mfh4","summary":"Django vulnerable to SQL injection via _connector keyword argument in QuerySet and Q objects.\nAn issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.\nThe methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank cyberstan for reporting this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64459.json","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64459.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64459","reference_id":"","reference_type":"","scores":[{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41087","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49059","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.4904","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48966","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48937","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.4899","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48963","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.489","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48981","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49025","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49031","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49016","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49066","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68724","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68747","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68774","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68804","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68818","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68795","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.68776","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00642","scoring_system":"epss","scoring_elements":"0.70648","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00642","scoring_system":"epss","scoring_elements":"0.7064","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/06dd38324ac3d60d83d9f3adabf0dcdf423d2a85","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/06dd38324ac3d60d83d9f3adabf0dcdf423d2a85"},{"reference_url":"https://github.com/django/django/commit/59ae82e67053d281ff4562a24bbba21299f0a7d4","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/59ae82e67053d281ff4562a24bbba21299f0a7d4"},{"reference_url":"https://github.com/django/django/commit/6703f364d767e949c5b0e4016433ef75063b4f9b","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/6703f364d767e949c5b0e4016433ef75063b4f9b"},{"reference_url":"https://github.com/django/django/commit/72d2c87431f2ae0431d65d0ec792047f078c8241","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/72d2c87431f2ae0431d65d0ec792047f078c8241"},{"reference_url":"https://github.com/omarkurt/django-connector-CVE-2025-64459-testbed","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/omarkurt/django-connector-CVE-2025-64459-testbed"},{"reference_url":"https://groups.google.com/g/django-announce","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-11-06T04:55:36Z/"}],"url":"https://groups.google.com/g/django-announce"},{"reference_url":"https://shivasurya.me/security/django/2025/11/07/django-sql-injection-CVE-2025-64459.html","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://shivasurya.me/security/django/2025/11/07/django-sql-injection-CVE-2025-64459.html"},{"reference_url":"https://www.djangoproject.com/weblog/2025/nov/05/security-releases","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2025/nov/05/security-releases"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120139","reference_id":"1120139","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120139"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2412651","reference_id":"2412651","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2412651"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52456.py","reference_id":"CVE-2025-64459","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52456.py"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64459","reference_id":"CVE-2025-64459","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64459"},{"reference_url":"https://github.com/advisories/GHSA-frmv-pr5f-9mcr","reference_id":"GHSA-frmv-pr5f-9mcr","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-frmv-pr5f-9mcr"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23069","reference_id":"RHSA-2025:23069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23070","reference_id":"RHSA-2025:23070","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23070"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23130","reference_id":"RHSA-2025:23130","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23130"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23131","reference_id":"RHSA-2025:23131","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23131"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23133","reference_id":"RHSA-2025:23133","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23133"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23196","reference_id":"RHSA-2025:23196","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23196"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1596","reference_id":"RHSA-2026:1596","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1596"},{"reference_url":"https://www.djangoproject.com/weblog/2025/nov/05/security-releases/","reference_id":"security-releases","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-11-06T04:55:36Z/"}],"url":"https://www.djangoproject.com/weblog/2025/nov/05/security-releases/"},{"reference_url":"https://usn.ubuntu.com/7859-1/","reference_id":"USN-7859-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7859-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036926?format=json","purl":"pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fs3-2msx-9kev"},{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-27wt-wmzc-1bc2"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-438j-ce4y-zkan"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-56na-n4w5-8fak"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jae8-w85w-cyfu"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mv1p-yxvp-pbh6"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qjez-qe32-e3b6"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-vwt9-q3dt-vbfg"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-x664-bfna-6qdv"},{"vulnerability":"VCID-xaqg-mhqa-7keg"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1037783?format=json","purl":"pkg:deb/debian/python-django@1:1.11.29-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1049561?format=json","purl":"pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1"}],"aliases":["CVE-2025-64459","GHSA-frmv-pr5f-9mcr"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9uzd-mmyv-mfh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5919?format=json","vulnerability_id":"VCID-a8zx-jamf-cfcm","summary":"An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of \"OR 1=1\" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14234.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14234.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14234","reference_id":"","reference_type":"","scores":[{"value":"0.19114","scoring_system":"epss","scoring_elements":"0.95417","published_at":"2026-05-16T12:55:00Z"},{"value":"0.19114","scoring_system":"epss","scoring_elements":"0.9541","published_at":"2026-05-14T12:55:00Z"},{"value":"0.19114","scoring_system":"epss","scoring_elements":"0.9536","published_at":"2026-04-24T12:55:00Z"},{"value":"0.19114","scoring_system":"epss","scoring_elements":"0.95359","published_at":"2026-04-21T12:55:00Z"},{"value":"0.19114","scoring_system":"epss","scoring_elements":"0.95357","published_at":"2026-04-18T12:55:00Z"},{"value":"0.19114","scoring_system":"epss","scoring_elements":"0.95354","published_at":"2026-04-16T12:55:00Z"},{"value":"0.19114","scoring_system":"epss","scoring_elements":"0.95346","published_at":"2026-04-13T12:55:00Z"},{"value":"0.19114","scoring_system":"epss","scoring_elements":"0.95344","published_at":"2026-04-12T12:55:00Z"},{"value":"0.19114","scoring_system":"epss","scoring_elements":"0.95339","published_at":"2026-04-09T12:55:00Z"},{"value":"0.19114","scoring_system":"epss","scoring_elements":"0.95335","published_at":"2026-04-08T12:55:00Z"},{"value":"0.19114","scoring_system":"epss","scoring_elements":"0.95328","published_at":"2026-04-07T12:55:00Z"},{"value":"0.19114","scoring_system":"epss","scoring_elements":"0.95413","published_at":"2026-05-15T12:55:00Z"},{"value":"0.19114","scoring_system":"epss","scoring_elements":"0.95364","published_at":"2026-04-29T12:55:00Z"},{"value":"0.19114","scoring_system":"epss","scoring_elements":"0.95363","published_at":"2026-04-26T12:55:00Z"},{"value":"0.1952","scoring_system":"epss","scoring_elements":"0.95454","published_at":"2026-05-12T12:55:00Z"},{"value":"0.1952","scoring_system":"epss","scoring_elements":"0.95444","published_at":"2026-05-09T12:55:00Z"},{"value":"0.1952","scoring_system":"epss","scoring_elements":"0.95436","published_at":"2026-05-07T12:55:00Z"},{"value":"0.1952","scoring_system":"epss","scoring_elements":"0.9543","published_at":"2026-05-05T12:55:00Z"},{"value":"0.1952","scoring_system":"epss","scoring_elements":"0.95382","published_at":"2026-04-04T12:55:00Z"},{"value":"0.1952","scoring_system":"epss","scoring_elements":"0.95376","published_at":"2026-04-02T12:55:00Z"},{"value":"0.1952","scoring_system":"epss","scoring_elements":"0.95367","published_at":"2026-04-01T12:55:00Z"},{"value":"0.1952","scoring_system":"epss","scoring_elements":"0.9545","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14234"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14233","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14233"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14234","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14234"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14235","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14235"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-6r97-cj55-9hrq","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6r97-cj55-9hrq"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/4f5b58f5cd3c57fee9972ab074f8dc6895d8f387","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/4f5b58f5cd3c57fee9972ab074f8dc6895d8f387"},{"reference_url":"https://github.com/django/django/commit/ed682a24fca774818542757651bfba576c3fc3ef","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/ed682a24fca774818542757651bfba576c3fc3ef"},{"reference_url":"https://github.com/django/django/commit/f74b3ae3628c26e1b4f8db3d13a91d52a833a975","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/f74b3ae3628c26e1b4f8db3d13a91d52a833a975"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-13.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-13.yaml"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14234","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14234"},{"reference_url":"https://seclists.org/bugtraq/2019/Aug/15","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/Aug/15"},{"reference_url":"https://security.gentoo.org/glsa/202004-17","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202004-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190828-0002","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20190828-0002"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190828-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190828-0002/"},{"reference_url":"https://www.debian.org/security/2019/dsa-4498","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4498"},{"reference_url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1734417","reference_id":"1734417","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1734417"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934026","reference_id":"934026","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934026"},{"reference_url":"https://security.archlinux.org/ASA-201908-2","reference_id":"ASA-201908-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-2"},{"reference_url":"https://security.archlinux.org/AVG-1015","reference_id":"AVG-1015","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1015"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1324","reference_id":"RHSA-2020:1324","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1324"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4390","reference_id":"RHSA-2020:4390","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4390"},{"reference_url":"https://usn.ubuntu.com/4084-1/","reference_id":"USN-4084-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4084-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036926?format=json","purl":"pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fs3-2msx-9kev"},{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-27wt-wmzc-1bc2"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-438j-ce4y-zkan"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-56na-n4w5-8fak"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jae8-w85w-cyfu"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mv1p-yxvp-pbh6"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qjez-qe32-e3b6"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-vwt9-q3dt-vbfg"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-x664-bfna-6qdv"},{"vulnerability":"VCID-xaqg-mhqa-7keg"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1037783?format=json","purl":"pkg:deb/debian/python-django@1:1.11.29-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1049560?format=json","purl":"pkg:deb/debian/python-django@2:2.2.28-1~deb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2"}],"aliases":["CVE-2019-14234","GHSA-6r97-cj55-9hrq","PYSEC-2019-13"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a8zx-jamf-cfcm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/21634?format=json","vulnerability_id":"VCID-c6xy-v4sf-u3hn","summary":"Django vulnerable to partial directory traversal via archives\nAn issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. The django.utils.archive.extract() function, used by the \"startapp --template\" and \"startproject --template\" commands, allows partial directory traversal via an archive with file paths sharing a common prefix with the target directory.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59682.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59682.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59682","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05258","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05433","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05391","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05353","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05198","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05196","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05251","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05204","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05265","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05279","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05314","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05234","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05294","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0619","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06176","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06174","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06165","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06163","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06147","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06081","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06247","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.0623","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59682"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/43d84aef04a9e71164c21a74885996981857e66e","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/43d84aef04a9e71164c21a74885996981857e66e"},{"reference_url":"https://github.com/django/django/commit/924a0c092e65fa2d0953fd1855d2dc8786d94de2","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/924a0c092e65fa2d0953fd1855d2dc8786d94de2"},{"reference_url":"https://groups.google.com/g/django-announce","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T19:10:29Z/"}],"url":"https://groups.google.com/g/django-announce"},{"reference_url":"https://www.djangoproject.com/weblog/2025/oct/01/security-releases","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2025/oct/01/security-releases"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/10/01/3","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/10/01/3"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116979","reference_id":"1116979","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116979"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2400450","reference_id":"2400450","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2400450"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59682","reference_id":"CVE-2025-59682","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59682"},{"reference_url":"https://github.com/advisories/GHSA-q95w-c7qg-hrff","reference_id":"GHSA-q95w-c7qg-hrff","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q95w-c7qg-hrff"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18979","reference_id":"RHSA-2025:18979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18984","reference_id":"RHSA-2025:18984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19201","reference_id":"RHSA-2025:19201","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19201"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19221","reference_id":"RHSA-2025:19221","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19221"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23196","reference_id":"RHSA-2025:23196","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23196"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0414","reference_id":"RHSA-2026:0414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0414"},{"reference_url":"https://www.djangoproject.com/weblog/2025/oct/01/security-releases/","reference_id":"security-releases","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T19:10:29Z/"}],"url":"https://www.djangoproject.com/weblog/2025/oct/01/security-releases/"},{"reference_url":"https://usn.ubuntu.com/7794-1/","reference_id":"USN-7794-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7794-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036926?format=json","purl":"pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fs3-2msx-9kev"},{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-27wt-wmzc-1bc2"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-438j-ce4y-zkan"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-56na-n4w5-8fak"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jae8-w85w-cyfu"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mv1p-yxvp-pbh6"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qjez-qe32-e3b6"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-vwt9-q3dt-vbfg"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-x664-bfna-6qdv"},{"vulnerability":"VCID-xaqg-mhqa-7keg"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1037783?format=json","purl":"pkg:deb/debian/python-django@1:1.11.29-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1049561?format=json","purl":"pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1"}],"aliases":["CVE-2025-59682","GHSA-q95w-c7qg-hrff"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c6xy-v4sf-u3hn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12049?format=json","vulnerability_id":"VCID-e2jd-yd4j-kqgt","summary":"Django allows enumeration of user e-mail addresses\nAn issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45231.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45231.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45231","reference_id":"","reference_type":"","scores":[{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46356","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46339","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46267","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46235","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46294","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46273","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46207","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46302","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46354","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46342","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.4636","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46331","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46355","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46299","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46351","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46415","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46418","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46361","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.4635","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46379","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/3c733c78d6f8e50296d6e248968b6516c92a53ca","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/3c733c78d6f8e50296d6e248968b6516c92a53ca"},{"reference_url":"https://github.com/django/django/commit/96d84047715ea1715b4bd1594e46122b8a77b9e2","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/96d84047715ea1715b4bd1594e46122b8a77b9e2"},{"reference_url":"https://github.com/django/django/commit/bf4888d317ba4506d091eeac6e8b4f1fcc731199","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/bf4888d317ba4506d091eeac6e8b4f1fcc731199"},{"reference_url":"https://groups.google.com/forum/#%21forum/django-announce","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:35:34Z/"}],"url":"https://groups.google.com/forum/#%21forum/django-announce"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45231","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45231"},{"reference_url":"https://www.djangoproject.com/weblog/2024/sep/03/security-releases","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2024/sep/03/security-releases"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2314496","reference_id":"2314496","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2314496"},{"reference_url":"https://github.com/advisories/GHSA-rrqc-c2jx-6jgv","reference_id":"GHSA-rrqc-c2jx-6jgv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rrqc-c2jx-6jgv"},{"reference_url":"https://security.gentoo.org/glsa/202509-03","reference_id":"GLSA-202509-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202509-03"},{"reference_url":"https://usn.ubuntu.com/6987-1/","reference_id":"USN-6987-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6987-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036926?format=json","purl":"pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fs3-2msx-9kev"},{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-27wt-wmzc-1bc2"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-438j-ce4y-zkan"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-56na-n4w5-8fak"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jae8-w85w-cyfu"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mv1p-yxvp-pbh6"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qjez-qe32-e3b6"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-vwt9-q3dt-vbfg"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-x664-bfna-6qdv"},{"vulnerability":"VCID-xaqg-mhqa-7keg"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1037783?format=json","purl":"pkg:deb/debian/python-django@1:1.11.29-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1049561?format=json","purl":"pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1"}],"aliases":["CVE-2024-45231","GHSA-rrqc-c2jx-6jgv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e2jd-yd4j-kqgt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14706?format=json","vulnerability_id":"VCID-e87q-1j8h-93hh","summary":"An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (The django.db.models.GenericIPAddressField model field is not affected.)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56374.json","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56374.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-56374","reference_id":"","reference_type":"","scores":[{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24475","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24496","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24443","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24457","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24512","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24537","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24545","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24532","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24586","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24629","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24612","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24686","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24724","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24567","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24481","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24451","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24372","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24353","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24417","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24355","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24276","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24401","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-56374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T19:40:35Z/"}],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/4806731e58f3e8700a3c802e77899d54ac6021fe","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/4806731e58f3e8700a3c802e77899d54ac6021fe"},{"reference_url":"https://github.com/django/django/commit/ad866a1ca3e7d60da888d25d27e46a8adb2ed36e","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/ad866a1ca3e7d60da888d25d27e46a8adb2ed36e"},{"reference_url":"https://github.com/django/django/commit/ca2be7724e1244a4cb723de40a070f873c6e94bf","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/ca2be7724e1244a4cb723de40a070f873c6e94bf"},{"reference_url":"https://github.com/django/django/commit/e8d4a2005955dcf962193600b53bf461b190b455","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/e8d4a2005955dcf962193600b53bf461b190b455"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-1.yaml"},{"reference_url":"https://groups.google.com/g/django-announce","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T19:40:35Z/"}],"url":"https://groups.google.com/g/django-announce"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00024.html","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00024.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-56374","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-56374"},{"reference_url":"https://www.djangoproject.com/weblog/2025/jan/14/security-releases","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2025/jan/14/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2025/jan/14/security-releases/","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T19:40:35Z/"}],"url":"https://www.djangoproject.com/weblog/2025/jan/14/security-releases/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/01/14/2","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/01/14/2"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093049","reference_id":"1093049","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093049"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2337996","reference_id":"2337996","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2337996"},{"reference_url":"https://github.com/advisories/GHSA-qcgg-j2x8-h9g8","reference_id":"GHSA-qcgg-j2x8-h9g8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qcgg-j2x8-h9g8"},{"reference_url":"https://security.gentoo.org/glsa/202509-03","reference_id":"GLSA-202509-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202509-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0722","reference_id":"RHSA-2025:0722","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0722"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0777","reference_id":"RHSA-2025:0777","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0777"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0782","reference_id":"RHSA-2025:0782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2399","reference_id":"RHSA-2025:2399","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:2399"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4576","reference_id":"RHSA-2025:4576","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4576"},{"reference_url":"https://usn.ubuntu.com/7205-1/","reference_id":"USN-7205-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7205-1/"},{"reference_url":"https://usn.ubuntu.com/7205-2/","reference_id":"USN-7205-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7205-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036926?format=json","purl":"pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fs3-2msx-9kev"},{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-27wt-wmzc-1bc2"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-438j-ce4y-zkan"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-56na-n4w5-8fak"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jae8-w85w-cyfu"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mv1p-yxvp-pbh6"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qjez-qe32-e3b6"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-vwt9-q3dt-vbfg"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-x664-bfna-6qdv"},{"vulnerability":"VCID-xaqg-mhqa-7keg"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1037783?format=json","purl":"pkg:deb/debian/python-django@1:1.11.29-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1049561?format=json","purl":"pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1"}],"aliases":["BIT-django-2024-56374","CVE-2024-56374","GHSA-qcgg-j2x8-h9g8","PYSEC-2025-1"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e87q-1j8h-93hh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6093?format=json","vulnerability_id":"VCID-j4br-4y39-s3gs","summary":"An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13596.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13596.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13596","reference_id":"","reference_type":"","scores":[{"value":"0.00812","scoring_system":"epss","scoring_elements":"0.74415","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00812","scoring_system":"epss","scoring_elements":"0.7443","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00812","scoring_system":"epss","scoring_elements":"0.74421","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.7701","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.7698","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.7699","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.76978","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.7697","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.76872","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.77032","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.77016","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.77029","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.76903","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.76923","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.76896","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.76885","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.76854","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.76836","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.76843","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.76936","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.76945","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.7694","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.76898","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13596"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13254","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13254"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13596","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13596"},{"reference_url":"https://docs.djangoproject.com/en/3.0/releases/security","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/3.0/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/3.0/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/3.0/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-2m34-jcjv-45xf","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2m34-jcjv-45xf"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/1f2dd37f6fcefdd10ed44cb233b2e62b520afb38","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/1f2dd37f6fcefdd10ed44cb233b2e62b520afb38"},{"reference_url":"https://github.com/django/django/commit/6d61860b22875f358fac83d903dc629897934815","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/6d61860b22875f358fac83d903dc629897934815"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-32.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-32.yaml"},{"reference_url":"https://groups.google.com/forum/#!msg/django-announce/pPEmb2ot4Fo/X-SMalYSBAAJ","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!msg/django-announce/pPEmb2ot4Fo/X-SMalYSBAAJ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13596","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13596"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200611-0002","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200611-0002"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200611-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20200611-0002/"},{"reference_url":"https://usn.ubuntu.com/4381-1","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4381-1"},{"reference_url":"https://usn.ubuntu.com/4381-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4381-1/"},{"reference_url":"https://usn.ubuntu.com/4381-2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4381-2"},{"reference_url":"https://usn.ubuntu.com/4381-2/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4381-2/"},{"reference_url":"https://www.debian.org/security/2020/dsa-4705","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2020/dsa-4705"},{"reference_url":"https://www.djangoproject.com/weblog/2020/jun/03/security-releases","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2020/jun/03/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2020/jun/03/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2020/jun/03/security-releases/"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2021.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1843625","reference_id":"1843625","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1843625"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962323","reference_id":"962323","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962323"},{"reference_url":"https://security.archlinux.org/ASA-202006-8","reference_id":"ASA-202006-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202006-8"},{"reference_url":"https://security.archlinux.org/AVG-1176","reference_id":"AVG-1176","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1176"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036926?format=json","purl":"pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fs3-2msx-9kev"},{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-27wt-wmzc-1bc2"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-438j-ce4y-zkan"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-56na-n4w5-8fak"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jae8-w85w-cyfu"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mv1p-yxvp-pbh6"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qjez-qe32-e3b6"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-vwt9-q3dt-vbfg"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-x664-bfna-6qdv"},{"vulnerability":"VCID-xaqg-mhqa-7keg"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1037783?format=json","purl":"pkg:deb/debian/python-django@1:1.11.29-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1049560?format=json","purl":"pkg:deb/debian/python-django@2:2.2.28-1~deb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2"}],"aliases":["BIT-django-2020-13596","CVE-2020-13596","GHSA-2m34-jcjv-45xf","PYSEC-2020-32"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j4br-4y39-s3gs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5698?format=json","vulnerability_id":"VCID-jae8-w85w-cyfu","summary":"An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2927","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2927"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0265","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:0265"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7537.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7537.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7537","reference_id":"","reference_type":"","scores":[{"value":"0.02064","scoring_system":"epss","scoring_elements":"0.84009","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02064","scoring_system":"epss","scoring_elements":"0.83988","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02064","scoring_system":"epss","scoring_elements":"0.83983","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02064","scoring_system":"epss","scoring_elements":"0.83975","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02064","scoring_system":"epss","scoring_elements":"0.83949","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02064","scoring_system":"epss","scoring_elements":"0.83948","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02064","scoring_system":"epss","scoring_elements":"0.83947","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02064","scoring_system":"epss","scoring_elements":"0.83922","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02064","scoring_system":"epss","scoring_elements":"0.83926","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02064","scoring_system":"epss","scoring_elements":"0.83932","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02064","scoring_system":"epss","scoring_elements":"0.83915","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02064","scoring_system":"epss","scoring_elements":"0.83909","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02064","scoring_system":"epss","scoring_elements":"0.83885","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02064","scoring_system":"epss","scoring_elements":"0.83884","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02064","scoring_system":"epss","scoring_elements":"0.83868","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02064","scoring_system":"epss","scoring_elements":"0.83854","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02064","scoring_system":"epss","scoring_elements":"0.84113","published_at":"2026-05-16T12:55:00Z"},{"value":"0.02064","scoring_system":"epss","scoring_elements":"0.8411","published_at":"2026-05-15T12:55:00Z"},{"value":"0.02064","scoring_system":"epss","scoring_elements":"0.84099","published_at":"2026-05-14T12:55:00Z"},{"value":"0.02064","scoring_system":"epss","scoring_elements":"0.84065","published_at":"2026-05-12T12:55:00Z"},{"value":"0.02064","scoring_system":"epss","scoring_elements":"0.84048","published_at":"2026-05-11T12:55:00Z"},{"value":"0.02064","scoring_system":"epss","scoring_elements":"0.84031","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7536","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7536"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7537"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-2f9x-5v75-3qv4","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2f9x-5v75-3qv4"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/94c5da1d17a6b0d378866c66b605102c19f7988c","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/94c5da1d17a6b0d378866c66b605102c19f7988c"},{"reference_url":"https://github.com/django/django/commit/a91436360b79a6ff995c3e5018bcc666dfaf1539","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/a91436360b79a6ff995c3e5018bcc666dfaf1539"},{"reference_url":"https://github.com/django/django/commit/d17974a287a6ea2e361daff88fcc004cbd6835fa","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/d17974a287a6ea2e361daff88fcc004cbd6835fa"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-6.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-6.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/03/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/03/msg00006.html"},{"reference_url":"https://usn.ubuntu.com/3591-1","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3591-1"},{"reference_url":"https://usn.ubuntu.com/3591-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3591-1/"},{"reference_url":"https://www.debian.org/security/2018/dsa-4161","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4161"},{"reference_url":"https://www.djangoproject.com/weblog/2018/mar/06/security-releases","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2018/mar/06/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2018/mar/06/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2018/mar/06/security-releases/"},{"reference_url":"http://www.securityfocus.com/bid/103357","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/103357"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1549779","reference_id":"1549779","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1549779"},{"reference_url":"https://security.archlinux.org/ASA-201803-5","reference_id":"ASA-201803-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-5"},{"reference_url":"https://security.archlinux.org/AVG-649","reference_id":"AVG-649","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-649"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-7537","reference_id":"CVE-2018-7537","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-7537"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035925?format=json","purl":"pkg:deb/debian/python-django@1.7.11-1%2Bdeb8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fs3-2msx-9kev"},{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-27wt-wmzc-1bc2"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-325d-7dfk-sqd2"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-438j-ce4y-zkan"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-56na-n4w5-8fak"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8teq-9xr9-q3fg"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-bdms-nb18-guf9"},{"vulnerability":"VCID-br5x-v7md-47hp"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jae8-w85w-cyfu"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-k25u-g17y-hyfh"},{"vulnerability":"VCID-k6s1-gnmc-e3ed"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mv1p-yxvp-pbh6"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qjez-qe32-e3b6"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-uk1w-hehw-dyda"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ukxp-wqpr-t3by"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-vwt9-q3dt-vbfg"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-x4ev-6zjm-sbe4"},{"vulnerability":"VCID-x664-bfna-6qdv"},{"vulnerability":"VCID-xaqg-mhqa-7keg"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-y8fz-krt7-vkhp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1.7.11-1%252Bdeb8u3"},{"url":"http://public2.vulnerablecode.io/api/packages/1036926?format=json","purl":"pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fs3-2msx-9kev"},{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-27wt-wmzc-1bc2"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-438j-ce4y-zkan"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-56na-n4w5-8fak"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jae8-w85w-cyfu"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mv1p-yxvp-pbh6"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qjez-qe32-e3b6"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-vwt9-q3dt-vbfg"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-x664-bfna-6qdv"},{"vulnerability":"VCID-xaqg-mhqa-7keg"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1037783?format=json","purl":"pkg:deb/debian/python-django@1:1.11.29-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1"}],"aliases":["CVE-2018-7537","GHSA-2f9x-5v75-3qv4","PYSEC-2018-6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jae8-w85w-cyfu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12636?format=json","vulnerability_id":"VCID-jh1e-72hp-fuf4","summary":"In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27351.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27351.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27351","reference_id":"","reference_type":"","scores":[{"value":"0.01855","scoring_system":"epss","scoring_elements":"0.82977","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02611","scoring_system":"epss","scoring_elements":"0.85808","published_at":"2026-05-15T12:55:00Z"},{"value":"0.02611","scoring_system":"epss","scoring_elements":"0.85799","published_at":"2026-05-14T12:55:00Z"},{"value":"0.02611","scoring_system":"epss","scoring_elements":"0.85599","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02611","scoring_system":"epss","scoring_elements":"0.85604","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02611","scoring_system":"epss","scoring_elements":"0.85624","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02611","scoring_system":"epss","scoring_elements":"0.85763","published_at":"2026-05-12T12:55:00Z"},{"value":"0.02611","scoring_system":"epss","scoring_elements":"0.85646","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02611","scoring_system":"epss","scoring_elements":"0.85809","published_at":"2026-05-16T12:55:00Z"},{"value":"0.02611","scoring_system":"epss","scoring_elements":"0.85642","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02611","scoring_system":"epss","scoring_elements":"0.8565","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02611","scoring_system":"epss","scoring_elements":"0.85635","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02611","scoring_system":"epss","scoring_elements":"0.85751","published_at":"2026-05-11T12:55:00Z"},{"value":"0.02611","scoring_system":"epss","scoring_elements":"0.85755","published_at":"2026-05-09T12:55:00Z"},{"value":"0.02611","scoring_system":"epss","scoring_elements":"0.85738","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02611","scoring_system":"epss","scoring_elements":"0.85717","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02611","scoring_system":"epss","scoring_elements":"0.85701","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02611","scoring_system":"epss","scoring_elements":"0.85698","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02611","scoring_system":"epss","scoring_elements":"0.85687","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02611","scoring_system":"epss","scoring_elements":"0.8567","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02611","scoring_system":"epss","scoring_elements":"0.85665","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460"},{"reference_url":"https://docs.djangoproject.com/en/5.0/releases/security","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/5.0/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/5.0/releases/security/","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T19:41:21Z/"}],"url":"https://docs.djangoproject.com/en/5.0/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/072963e4c4d0b3a7a8c5412bc0c7d27d1a9c3521","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/072963e4c4d0b3a7a8c5412bc0c7d27d1a9c3521"},{"reference_url":"https://github.com/django/django/commit/3394fc6132436eca89e997083bae9985fb7e761e","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/3394fc6132436eca89e997083bae9985fb7e761e"},{"reference_url":"https://github.com/django/django/commit/3c9a2771cc80821e041b16eb36c1c37af5349d4a","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/3c9a2771cc80821e041b16eb36c1c37af5349d4a"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-47.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-47.yaml"},{"reference_url":"https://groups.google.com/forum/#%21forum/django-announce","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T19:41:21Z/"}],"url":"https://groups.google.com/forum/#%21forum/django-announce"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27351","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27351"},{"reference_url":"https://www.djangoproject.com/weblog/2024/mar/04/security-releases","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2024/mar/04/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2024/mar/04/security-releases/","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T19:41:21Z/"}],"url":"https://www.djangoproject.com/weblog/2024/mar/04/security-releases/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/03/04/1","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T19:41:21Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/03/04/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2266045","reference_id":"2266045","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2266045"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX/","reference_id":"D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T19:41:21Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX/"},{"reference_url":"https://github.com/advisories/GHSA-vm8q-m57g-pff3","reference_id":"GHSA-vm8q-m57g-pff3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vm8q-m57g-pff3"},{"reference_url":"https://security.gentoo.org/glsa/202509-03","reference_id":"GLSA-202509-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202509-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1878","reference_id":"RHSA-2024:1878","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1878"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3781","reference_id":"RHSA-2024:3781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5662","reference_id":"RHSA-2024:5662","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5662"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4187","reference_id":"RHSA-2025:4187","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4187"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6/","reference_id":"SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T19:41:21Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6/"},{"reference_url":"https://usn.ubuntu.com/6674-1/","reference_id":"USN-6674-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6674-1/"},{"reference_url":"https://usn.ubuntu.com/6674-2/","reference_id":"USN-6674-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6674-2/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/","reference_id":"ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T19:41:21Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036926?format=json","purl":"pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fs3-2msx-9kev"},{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-27wt-wmzc-1bc2"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-438j-ce4y-zkan"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-56na-n4w5-8fak"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jae8-w85w-cyfu"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mv1p-yxvp-pbh6"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qjez-qe32-e3b6"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-vwt9-q3dt-vbfg"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-x664-bfna-6qdv"},{"vulnerability":"VCID-xaqg-mhqa-7keg"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1037783?format=json","purl":"pkg:deb/debian/python-django@1:1.11.29-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1049561?format=json","purl":"pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1"}],"aliases":["BIT-django-2024-27351","CVE-2024-27351","GHSA-vm8q-m57g-pff3","PYSEC-2024-47"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jh1e-72hp-fuf4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5916?format=json","vulnerability_id":"VCID-jtru-9jmz-kkek","summary":"An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.strip_tags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14233.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14233.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14233","reference_id":"","reference_type":"","scores":[{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89145","published_at":"2026-04-12T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.8925","published_at":"2026-05-16T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.8924","published_at":"2026-05-14T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89221","published_at":"2026-05-12T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89211","published_at":"2026-05-11T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89187","published_at":"2026-05-05T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89179","published_at":"2026-04-29T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89175","published_at":"2026-04-26T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89169","published_at":"2026-04-24T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89153","published_at":"2026-04-21T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89156","published_at":"2026-04-18T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89143","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89148","published_at":"2026-04-11T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89138","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89132","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89115","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89112","published_at":"2026-04-04T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89098","published_at":"2026-04-02T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89089","published_at":"2026-04-01T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89215","published_at":"2026-05-09T12:55:00Z"},{"value":"0.04511","scoring_system":"epss","scoring_elements":"0.89204","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14233"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14233","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14233"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14234","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14234"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14235","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14235"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-h5jv-4p7w-64jg","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h5jv-4p7w-64jg"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-12.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-12.yaml"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14233","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14233"},{"reference_url":"https://seclists.org/bugtraq/2019/Aug/15","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/Aug/15"},{"reference_url":"https://security.gentoo.org/glsa/202004-17","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202004-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190828-0002","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20190828-0002"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190828-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190828-0002/"},{"reference_url":"https://www.debian.org/security/2019/dsa-4498","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4498"},{"reference_url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1734410","reference_id":"1734410","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1734410"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934026","reference_id":"934026","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934026"},{"reference_url":"https://security.archlinux.org/ASA-201908-2","reference_id":"ASA-201908-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-2"},{"reference_url":"https://security.archlinux.org/AVG-1015","reference_id":"AVG-1015","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1015"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1324","reference_id":"RHSA-2020:1324","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1324"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4390","reference_id":"RHSA-2020:4390","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4390"},{"reference_url":"https://usn.ubuntu.com/4084-1/","reference_id":"USN-4084-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4084-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036926?format=json","purl":"pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fs3-2msx-9kev"},{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-27wt-wmzc-1bc2"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-438j-ce4y-zkan"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-56na-n4w5-8fak"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jae8-w85w-cyfu"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mv1p-yxvp-pbh6"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qjez-qe32-e3b6"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-vwt9-q3dt-vbfg"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-x664-bfna-6qdv"},{"vulnerability":"VCID-xaqg-mhqa-7keg"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1037783?format=json","purl":"pkg:deb/debian/python-django@1:1.11.29-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1049560?format=json","purl":"pkg:deb/debian/python-django@2:2.2.28-1~deb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2"}],"aliases":["CVE-2019-14233","GHSA-h5jv-4p7w-64jg","PYSEC-2019-12"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jtru-9jmz-kkek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13433?format=json","vulnerability_id":"VCID-m91a-6235-nye9","summary":"An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42005.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42005.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42005","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55877","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55859","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55799","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55772","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55818","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55761","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55713","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55768","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55848","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55873","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55863","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.5586","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55809","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55829","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55807","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55793","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55775","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55874","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.5587","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55834","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55852","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-16T20:19:17Z/"}],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/32ebcbf2e1fe3e5ba79a6554a167efce81f7422d","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/32ebcbf2e1fe3e5ba79a6554a167efce81f7422d"},{"reference_url":"https://github.com/django/django/commit/f4af67b9b41e0f4c117a8741da3abbd1c869ab28","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/f4af67b9b41e0f4c117a8741da3abbd1c869ab28"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-70.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-70.yaml"},{"reference_url":"https://groups.google.com/forum/#%21forum/django-announce","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-16T20:19:17Z/"}],"url":"https://groups.google.com/forum/#%21forum/django-announce"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-42005","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-42005"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240905-0007","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240905-0007"},{"reference_url":"https://www.djangoproject.com/weblog/2024/aug/06/security-releases","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2024/aug/06/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2024/aug/06/security-releases/","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-16T20:19:17Z/"}],"url":"https://www.djangoproject.com/weblog/2024/aug/06/security-releases/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074","reference_id":"1078074","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2302436","reference_id":"2302436","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2302436"},{"reference_url":"https://github.com/advisories/GHSA-pv4p-cwwg-4rph","reference_id":"GHSA-pv4p-cwwg-4rph","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pv4p-cwwg-4rph"},{"reference_url":"https://security.gentoo.org/glsa/202509-03","reference_id":"GLSA-202509-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202509-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6428","reference_id":"RHSA-2024:6428","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6428"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8906","reference_id":"RHSA-2024:8906","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8906"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1335","reference_id":"RHSA-2025:1335","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1335"},{"reference_url":"https://usn.ubuntu.com/6946-1/","reference_id":"USN-6946-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6946-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036926?format=json","purl":"pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fs3-2msx-9kev"},{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-27wt-wmzc-1bc2"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-438j-ce4y-zkan"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-56na-n4w5-8fak"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jae8-w85w-cyfu"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mv1p-yxvp-pbh6"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qjez-qe32-e3b6"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-vwt9-q3dt-vbfg"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-x664-bfna-6qdv"},{"vulnerability":"VCID-xaqg-mhqa-7keg"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1037783?format=json","purl":"pkg:deb/debian/python-django@1:1.11.29-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1049561?format=json","purl":"pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1"}],"aliases":["BIT-django-2024-42005","CVE-2024-42005","GHSA-pv4p-cwwg-4rph","PYSEC-2024-70"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m91a-6235-nye9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/21625?format=json","vulnerability_id":"VCID-mux4-uv98-hbbw","summary":"Django vulnerable to SQL injection in column aliases\nAn issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate(), and QuerySet.extra() are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to these methods (on MySQL and MariaDB).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59681.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59681.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59681","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02004","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02008","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02022","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.01937","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.01935","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.01955","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.01959","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.01991","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.01974","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.01975","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.01962","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02702","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02617","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02654","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02653","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.0268","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.0269","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02923","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02947","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/41b43c74bda19753c757036673ea9db74acf494a","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/41b43c74bda19753c757036673ea9db74acf494a"},{"reference_url":"https://github.com/django/django/commit/43d84aef04a9e71164c21a74885996981857e66e","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/43d84aef04a9e71164c21a74885996981857e66e"},{"reference_url":"https://groups.google.com/g/django-announce","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T19:12:04Z/"}],"url":"https://groups.google.com/g/django-announce"},{"reference_url":"https://www.djangoproject.com/weblog/2025/oct/01/security-releases","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2025/oct/01/security-releases"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/10/01/3","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/10/01/3"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116979","reference_id":"1116979","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116979"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2400449","reference_id":"2400449","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2400449"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59681","reference_id":"CVE-2025-59681","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59681"},{"reference_url":"https://github.com/advisories/GHSA-hpr9-3m2g-3j9p","reference_id":"GHSA-hpr9-3m2g-3j9p","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hpr9-3m2g-3j9p"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18984","reference_id":"RHSA-2025:18984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23196","reference_id":"RHSA-2025:23196","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23196"},{"reference_url":"https://www.djangoproject.com/weblog/2025/oct/01/security-releases/","reference_id":"security-releases","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T19:12:04Z/"}],"url":"https://www.djangoproject.com/weblog/2025/oct/01/security-releases/"},{"reference_url":"https://usn.ubuntu.com/7794-1/","reference_id":"USN-7794-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7794-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036926?format=json","purl":"pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fs3-2msx-9kev"},{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-27wt-wmzc-1bc2"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-438j-ce4y-zkan"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-56na-n4w5-8fak"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jae8-w85w-cyfu"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mv1p-yxvp-pbh6"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qjez-qe32-e3b6"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-vwt9-q3dt-vbfg"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-x664-bfna-6qdv"},{"vulnerability":"VCID-xaqg-mhqa-7keg"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1037783?format=json","purl":"pkg:deb/debian/python-django@1:1.11.29-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1049561?format=json","purl":"pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1"}],"aliases":["CVE-2025-59681","GHSA-hpr9-3m2g-3j9p"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mux4-uv98-hbbw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5699?format=json","vulnerability_id":"VCID-mv1p-yxvp-pbh6","summary":"An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2927","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2927"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0051","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:0051"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0082","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:0082"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0265","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:0265"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7536.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7536.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7536","reference_id":"","reference_type":"","scores":[{"value":"0.01372","scoring_system":"epss","scoring_elements":"0.80252","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01372","scoring_system":"epss","scoring_elements":"0.8042","published_at":"2026-05-16T12:55:00Z"},{"value":"0.01372","scoring_system":"epss","scoring_elements":"0.80416","published_at":"2026-05-15T12:55:00Z"},{"value":"0.01372","scoring_system":"epss","scoring_elements":"0.80413","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01372","scoring_system":"epss","scoring_elements":"0.80372","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01372","scoring_system":"epss","scoring_elements":"0.80355","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01372","scoring_system":"epss","scoring_elements":"0.8036","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01372","scoring_system":"epss","scoring_elements":"0.80343","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01372","scoring_system":"epss","scoring_elements":"0.80321","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01372","scoring_system":"epss","scoring_elements":"0.80306","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01372","scoring_system":"epss","scoring_elements":"0.8029","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01372","scoring_system":"epss","scoring_elements":"0.80283","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01372","scoring_system":"epss","scoring_elements":"0.80257","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01372","scoring_system":"epss","scoring_elements":"0.80226","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01372","scoring_system":"epss","scoring_elements":"0.80216","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01372","scoring_system":"epss","scoring_elements":"0.80188","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01372","scoring_system":"epss","scoring_elements":"0.80199","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01372","scoring_system":"epss","scoring_elements":"0.80179","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01372","scoring_system":"epss","scoring_elements":"0.80172","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01372","scoring_system":"epss","scoring_elements":"0.80254","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01372","scoring_system":"epss","scoring_elements":"0.80224","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01372","scoring_system":"epss","scoring_elements":"0.8023","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01372","scoring_system":"epss","scoring_elements":"0.80244","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7536"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7536","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7536"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7537"},{"reference_url":"https://github.com/advisories/GHSA-r28v-mw67-m5p9","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r28v-mw67-m5p9"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/1ca63a66ef3163149ad822701273e8a1844192c2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/1ca63a66ef3163149ad822701273e8a1844192c2"},{"reference_url":"https://github.com/django/django/commit/abf89d729f210c692a50e0ad3f75fb6bec6fae16","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/abf89d729f210c692a50e0ad3f75fb6bec6fae16"},{"reference_url":"https://github.com/django/django/commit/e157315da3ae7005fa0683ffc9751dbeca7306c8","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/e157315da3ae7005fa0683ffc9751dbeca7306c8"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-5.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-5.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/03/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/03/msg00006.html"},{"reference_url":"https://usn.ubuntu.com/3591-1","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3591-1"},{"reference_url":"https://usn.ubuntu.com/3591-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3591-1/"},{"reference_url":"https://web.archive.org/web/20200227131019/http://www.securityfocus.com/bid/103361","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227131019/http://www.securityfocus.com/bid/103361"},{"reference_url":"https://www.debian.org/security/2018/dsa-4161","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4161"},{"reference_url":"https://www.djangoproject.com/weblog/2018/mar/06/security-releases","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2018/mar/06/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2018/mar/06/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2018/mar/06/security-releases/"},{"reference_url":"http://www.securityfocus.com/bid/103361","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/103361"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1549777","reference_id":"1549777","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1549777"},{"reference_url":"https://security.archlinux.org/ASA-201803-5","reference_id":"ASA-201803-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-5"},{"reference_url":"https://security.archlinux.org/AVG-649","reference_id":"AVG-649","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-649"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-7536","reference_id":"CVE-2018-7536","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-7536"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035925?format=json","purl":"pkg:deb/debian/python-django@1.7.11-1%2Bdeb8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fs3-2msx-9kev"},{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-27wt-wmzc-1bc2"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-325d-7dfk-sqd2"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-438j-ce4y-zkan"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-56na-n4w5-8fak"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8teq-9xr9-q3fg"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-bdms-nb18-guf9"},{"vulnerability":"VCID-br5x-v7md-47hp"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jae8-w85w-cyfu"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-k25u-g17y-hyfh"},{"vulnerability":"VCID-k6s1-gnmc-e3ed"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mv1p-yxvp-pbh6"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qjez-qe32-e3b6"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-uk1w-hehw-dyda"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ukxp-wqpr-t3by"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-vwt9-q3dt-vbfg"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-x4ev-6zjm-sbe4"},{"vulnerability":"VCID-x664-bfna-6qdv"},{"vulnerability":"VCID-xaqg-mhqa-7keg"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-y8fz-krt7-vkhp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1.7.11-1%252Bdeb8u3"},{"url":"http://public2.vulnerablecode.io/api/packages/1036926?format=json","purl":"pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fs3-2msx-9kev"},{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-27wt-wmzc-1bc2"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-438j-ce4y-zkan"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-56na-n4w5-8fak"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jae8-w85w-cyfu"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mv1p-yxvp-pbh6"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qjez-qe32-e3b6"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-vwt9-q3dt-vbfg"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-x664-bfna-6qdv"},{"vulnerability":"VCID-xaqg-mhqa-7keg"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1037783?format=json","purl":"pkg:deb/debian/python-django@1:1.11.29-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1"}],"aliases":["CVE-2018-7536","GHSA-r28v-mw67-m5p9","PYSEC-2018-5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mv1p-yxvp-pbh6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13212?format=json","vulnerability_id":"VCID-q12d-kv8p-8ff7","summary":"An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate() method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39329.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39329.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39329","reference_id":"","reference_type":"","scores":[{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37652","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37533","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37596","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37615","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37571","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37599","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37632","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37619","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37607","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37555","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37676","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37386","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37276","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37365","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37255","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37234","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37214","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37137","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37165","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37245","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37226","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37158","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-10T16:17:00Z/"}],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/07cefdee4a9d1fcd9a3a631cbd07c78defd1923b","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/07cefdee4a9d1fcd9a3a631cbd07c78defd1923b"},{"reference_url":"https://github.com/django/django/commit/156d3186c96e3ec2ca73b8b25dc2ef366e38df14","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/156d3186c96e3ec2ca73b8b25dc2ef366e38df14"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-57.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-57.yaml"},{"reference_url":"https://groups.google.com/forum/#%21forum/django-announce","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-10T16:17:00Z/"}],"url":"https://groups.google.com/forum/#%21forum/django-announce"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39329","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39329"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240808-0005","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240808-0005"},{"reference_url":"https://www.djangoproject.com/weblog/2024/jul/09/security-releases","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2024/jul/09/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2024/jul/09/security-releases/","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-10T16:17:00Z/"}],"url":"https://www.djangoproject.com/weblog/2024/jul/09/security-releases/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076069","reference_id":"1076069","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076069"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2295936","reference_id":"2295936","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2295936"},{"reference_url":"https://github.com/advisories/GHSA-x7q2-wr7g-xqmf","reference_id":"GHSA-x7q2-wr7g-xqmf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x7q2-wr7g-xqmf"},{"reference_url":"https://security.gentoo.org/glsa/202509-03","reference_id":"GLSA-202509-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202509-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6428","reference_id":"RHSA-2024:6428","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6428"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8906","reference_id":"RHSA-2024:8906","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8906"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:9481","reference_id":"RHSA-2024:9481","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:9481"},{"reference_url":"https://usn.ubuntu.com/6888-1/","reference_id":"USN-6888-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6888-1/"},{"reference_url":"https://usn.ubuntu.com/6888-2/","reference_id":"USN-6888-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6888-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036926?format=json","purl":"pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fs3-2msx-9kev"},{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-27wt-wmzc-1bc2"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-438j-ce4y-zkan"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-56na-n4w5-8fak"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jae8-w85w-cyfu"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mv1p-yxvp-pbh6"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qjez-qe32-e3b6"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-vwt9-q3dt-vbfg"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-x664-bfna-6qdv"},{"vulnerability":"VCID-xaqg-mhqa-7keg"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1037783?format=json","purl":"pkg:deb/debian/python-django@1:1.11.29-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1049561?format=json","purl":"pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1"}],"aliases":["BIT-django-2024-39329","CVE-2024-39329","GHSA-x7q2-wr7g-xqmf","PYSEC-2024-57"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q12d-kv8p-8ff7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5897?format=json","vulnerability_id":"VCID-qjez-qe32-e3b6","summary":"An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12781.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12781.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12781","reference_id":"","reference_type":"","scores":[{"value":"0.03901","scoring_system":"epss","scoring_elements":"0.88226","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03901","scoring_system":"epss","scoring_elements":"0.88404","published_at":"2026-05-16T12:55:00Z"},{"value":"0.03901","scoring_system":"epss","scoring_elements":"0.88405","published_at":"2026-05-15T12:55:00Z"},{"value":"0.03901","scoring_system":"epss","scoring_elements":"0.88396","published_at":"2026-05-14T12:55:00Z"},{"value":"0.03901","scoring_system":"epss","scoring_elements":"0.88319","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03901","scoring_system":"epss","scoring_elements":"0.88316","published_at":"2026-04-26T12:55:00Z"},{"value":"0.03901","scoring_system":"epss","scoring_elements":"0.88311","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03901","scoring_system":"epss","scoring_elements":"0.88293","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03901","scoring_system":"epss","scoring_elements":"0.88294","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03901","scoring_system":"epss","scoring_elements":"0.88296","published_at":"2026-04-16T12:55:00Z"},{"value":"0.03901","scoring_system":"epss","scoring_elements":"0.88282","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03901","scoring_system":"epss","scoring_elements":"0.88291","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03901","scoring_system":"epss","scoring_elements":"0.88279","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03901","scoring_system":"epss","scoring_elements":"0.88273","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03901","scoring_system":"epss","scoring_elements":"0.88254","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03901","scoring_system":"epss","scoring_elements":"0.88249","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03901","scoring_system":"epss","scoring_elements":"0.88234","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03901","scoring_system":"epss","scoring_elements":"0.88368","published_at":"2026-05-12T12:55:00Z"},{"value":"0.03901","scoring_system":"epss","scoring_elements":"0.88356","published_at":"2026-05-11T12:55:00Z"},{"value":"0.03901","scoring_system":"epss","scoring_elements":"0.88358","published_at":"2026-05-09T12:55:00Z"},{"value":"0.03901","scoring_system":"epss","scoring_elements":"0.88346","published_at":"2026-05-07T12:55:00Z"},{"value":"0.03901","scoring_system":"epss","scoring_elements":"0.8833","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12781"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12308","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12308"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12781","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12781"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6975","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6975"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-6c7v-2f49-8h26","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6c7v-2f49-8h26"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-10.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-10.yaml"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/Is4kLY9ZcZQ","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/django-announce/Is4kLY9ZcZQ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5VXXWIOQGXOB7JCGJ3CVUW673LDHKEYL","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5VXXWIOQGXOB7JCGJ3CVUW673LDHKEYL"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5VXXWIOQGXOB7JCGJ3CVUW673LDHKEYL/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5VXXWIOQGXOB7JCGJ3CVUW673LDHKEYL/"},{"reference_url":"https://seclists.org/bugtraq/2019/Jul/10","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/Jul/10"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190705-0002","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20190705-0002"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190705-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190705-0002/"},{"reference_url":"https://usn.ubuntu.com/4043-1","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4043-1"},{"reference_url":"https://usn.ubuntu.com/4043-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4043-1/"},{"reference_url":"https://www.debian.org/security/2019/dsa-4476","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4476"},{"reference_url":"https://www.djangoproject.com/weblog/2019/jul/01/security-releases","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2019/jul/01/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2019/jul/01/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2019/jul/01/security-releases/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/07/01/3","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2019/07/01/3"},{"reference_url":"http://www.securityfocus.com/bid/109018","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/109018"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1724497","reference_id":"1724497","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1724497"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931316","reference_id":"931316","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931316"},{"reference_url":"https://security.archlinux.org/ASA-201907-2","reference_id":"ASA-201907-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201907-2"},{"reference_url":"https://security.archlinux.org/AVG-1000","reference_id":"AVG-1000","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1000"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12781","reference_id":"CVE-2019-12781","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1324","reference_id":"RHSA-2020:1324","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1324"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4366","reference_id":"RHSA-2020:4366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4390","reference_id":"RHSA-2020:4390","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4390"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036926?format=json","purl":"pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fs3-2msx-9kev"},{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-27wt-wmzc-1bc2"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-438j-ce4y-zkan"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-56na-n4w5-8fak"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jae8-w85w-cyfu"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mv1p-yxvp-pbh6"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qjez-qe32-e3b6"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-vwt9-q3dt-vbfg"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-x664-bfna-6qdv"},{"vulnerability":"VCID-xaqg-mhqa-7keg"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1037783?format=json","purl":"pkg:deb/debian/python-django@1:1.11.29-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1"}],"aliases":["CVE-2019-12781","GHSA-6c7v-2f49-8h26","PYSEC-2019-10"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qjez-qe32-e3b6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13196?format=json","vulnerability_id":"VCID-u3zk-tff2-aua9","summary":"An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39614.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39614.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39614","reference_id":"","reference_type":"","scores":[{"value":"0.06838","scoring_system":"epss","scoring_elements":"0.91304","published_at":"2026-04-02T12:55:00Z"},{"value":"0.06838","scoring_system":"epss","scoring_elements":"0.91334","published_at":"2026-04-08T12:55:00Z"},{"value":"0.06838","scoring_system":"epss","scoring_elements":"0.91348","published_at":"2026-04-13T12:55:00Z"},{"value":"0.06838","scoring_system":"epss","scoring_elements":"0.91349","published_at":"2026-04-12T12:55:00Z"},{"value":"0.06838","scoring_system":"epss","scoring_elements":"0.91346","published_at":"2026-04-11T12:55:00Z"},{"value":"0.06838","scoring_system":"epss","scoring_elements":"0.91339","published_at":"2026-04-09T12:55:00Z"},{"value":"0.06838","scoring_system":"epss","scoring_elements":"0.91444","published_at":"2026-05-16T12:55:00Z"},{"value":"0.06838","scoring_system":"epss","scoring_elements":"0.91437","published_at":"2026-05-14T12:55:00Z"},{"value":"0.06838","scoring_system":"epss","scoring_elements":"0.91428","published_at":"2026-05-12T12:55:00Z"},{"value":"0.06838","scoring_system":"epss","scoring_elements":"0.91418","published_at":"2026-05-11T12:55:00Z"},{"value":"0.06838","scoring_system":"epss","scoring_elements":"0.9142","published_at":"2026-05-09T12:55:00Z"},{"value":"0.06838","scoring_system":"epss","scoring_elements":"0.91411","published_at":"2026-05-07T12:55:00Z"},{"value":"0.06838","scoring_system":"epss","scoring_elements":"0.91314","published_at":"2026-04-04T12:55:00Z"},{"value":"0.06838","scoring_system":"epss","scoring_elements":"0.91395","published_at":"2026-05-05T12:55:00Z"},{"value":"0.06838","scoring_system":"epss","scoring_elements":"0.91381","published_at":"2026-04-29T12:55:00Z"},{"value":"0.06838","scoring_system":"epss","scoring_elements":"0.91382","published_at":"2026-04-24T12:55:00Z"},{"value":"0.06838","scoring_system":"epss","scoring_elements":"0.91321","published_at":"2026-04-07T12:55:00Z"},{"value":"0.06838","scoring_system":"epss","scoring_elements":"0.91371","published_at":"2026-04-18T12:55:00Z"},{"value":"0.06838","scoring_system":"epss","scoring_elements":"0.91373","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-10T13:29:40Z/"}],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/17358fb35fb7217423d4c4877ccb6d1a3a40b1c3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/17358fb35fb7217423d4c4877ccb6d1a3a40b1c3"},{"reference_url":"https://github.com/django/django/commit/8e7a44e4bec0f11474699c3111a5e0a45afe7f49","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/8e7a44e4bec0f11474699c3111a5e0a45afe7f49"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-59.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-59.yaml"},{"reference_url":"https://groups.google.com/forum/#%21forum/django-announce","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-10T13:29:40Z/"}],"url":"https://groups.google.com/forum/#%21forum/django-announce"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39614","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39614"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240808-0005","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240808-0005"},{"reference_url":"https://www.djangoproject.com/weblog/2024/jul/09/security-releases","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2024/jul/09/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2024/jul/09/security-releases/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-10T13:29:40Z/"}],"url":"https://www.djangoproject.com/weblog/2024/jul/09/security-releases/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076069","reference_id":"1076069","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076069"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2295938","reference_id":"2295938","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2295938"},{"reference_url":"https://github.com/advisories/GHSA-f6f8-9mx6-9mx2","reference_id":"GHSA-f6f8-9mx6-9mx2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f6f8-9mx6-9mx2"},{"reference_url":"https://security.gentoo.org/glsa/202509-03","reference_id":"GLSA-202509-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202509-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6428","reference_id":"RHSA-2024:6428","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6428"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8906","reference_id":"RHSA-2024:8906","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8906"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:9481","reference_id":"RHSA-2024:9481","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:9481"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1335","reference_id":"RHSA-2025:1335","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1335"},{"reference_url":"https://usn.ubuntu.com/6888-1/","reference_id":"USN-6888-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6888-1/"},{"reference_url":"https://usn.ubuntu.com/6888-2/","reference_id":"USN-6888-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6888-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036926?format=json","purl":"pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fs3-2msx-9kev"},{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-27wt-wmzc-1bc2"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-438j-ce4y-zkan"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-56na-n4w5-8fak"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jae8-w85w-cyfu"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mv1p-yxvp-pbh6"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qjez-qe32-e3b6"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-vwt9-q3dt-vbfg"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-x664-bfna-6qdv"},{"vulnerability":"VCID-xaqg-mhqa-7keg"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1037783?format=json","purl":"pkg:deb/debian/python-django@1:1.11.29-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1049561?format=json","purl":"pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1"}],"aliases":["BIT-django-2024-39614","CVE-2024-39614","GHSA-f6f8-9mx6-9mx2","PYSEC-2024-59"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u3zk-tff2-aua9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/23671?format=json","vulnerability_id":"VCID-ukkt-wgau-t3et","summary":"Django is vulnerable to DoS via XML serializer text extraction\nAn issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27.\nAlgorithmic complexity in `django.core.serializers.xml_serializer.getInnerText()` allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML input processed by the XML `Deserializer`.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank Seokchan Yoon for reporting this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64460.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64460.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64460","reference_id":"","reference_type":"","scores":[{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17447","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17602","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17638","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17539","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19807","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20708","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20622","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20713","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20704","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22425","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22288","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.2214","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22147","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22158","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22308","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.2236","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22365","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22349","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22405","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22447","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.2237","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.225","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64460"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/0db9ea4669312f1f4973e09f4bca06ab9c1ec74b","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/0db9ea4669312f1f4973e09f4bca06ab9c1ec74b"},{"reference_url":"https://github.com/django/django/commit/1dbd07a608e495a0c229edaaf84d58d8976313b5","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/1dbd07a608e495a0c229edaaf84d58d8976313b5"},{"reference_url":"https://github.com/django/django/commit/4d2b8803bebcdefd2b76e9e8fc528d5fddea93f0","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/4d2b8803bebcdefd2b76e9e8fc528d5fddea93f0"},{"reference_url":"https://github.com/django/django/commit/99e7d22f55497278d0bcb2e15e72ef532e62a31d","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/99e7d22f55497278d0bcb2e15e72ef532e62a31d"},{"reference_url":"https://groups.google.com/g/django-announce","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:53:53Z/"}],"url":"https://groups.google.com/g/django-announce"},{"reference_url":"https://www.djangoproject.com/weblog/2025/dec/02/security-releases","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2025/dec/02/security-releases"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121788","reference_id":"1121788","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121788"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2418366","reference_id":"2418366","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2418366"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64460","reference_id":"CVE-2025-64460","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64460"},{"reference_url":"https://github.com/advisories/GHSA-vrcr-9hj9-jcg6","reference_id":"GHSA-vrcr-9hj9-jcg6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vrcr-9hj9-jcg6"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0414","reference_id":"RHSA-2026:0414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1249","reference_id":"RHSA-2026:1249","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1249"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1497","reference_id":"RHSA-2026:1497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1506","reference_id":"RHSA-2026:1506","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1506"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1599","reference_id":"RHSA-2026:1599","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1599"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1609","reference_id":"RHSA-2026:1609","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1609"},{"reference_url":"https://www.djangoproject.com/weblog/2025/dec/02/security-releases/","reference_id":"security-releases","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:53:53Z/"}],"url":"https://www.djangoproject.com/weblog/2025/dec/02/security-releases/"},{"reference_url":"https://usn.ubuntu.com/7903-1/","reference_id":"USN-7903-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7903-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036926?format=json","purl":"pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fs3-2msx-9kev"},{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-27wt-wmzc-1bc2"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-438j-ce4y-zkan"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-56na-n4w5-8fak"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jae8-w85w-cyfu"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mv1p-yxvp-pbh6"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qjez-qe32-e3b6"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-vwt9-q3dt-vbfg"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-x664-bfna-6qdv"},{"vulnerability":"VCID-xaqg-mhqa-7keg"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1037783?format=json","purl":"pkg:deb/debian/python-django@1:1.11.29-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1049561?format=json","purl":"pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1"}],"aliases":["CVE-2025-64460","GHSA-vrcr-9hj9-jcg6"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ukkt-wgau-t3et"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13427?format=json","vulnerability_id":"VCID-v1xr-z4zu-yfb4","summary":"An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41989.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41989.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-41989","reference_id":"","reference_type":"","scores":[{"value":"0.01386","scoring_system":"epss","scoring_elements":"0.80529","published_at":"2026-05-16T12:55:00Z"},{"value":"0.01386","scoring_system":"epss","scoring_elements":"0.80526","published_at":"2026-05-15T12:55:00Z"},{"value":"0.01386","scoring_system":"epss","scoring_elements":"0.80361","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01386","scoring_system":"epss","scoring_elements":"0.80346","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01386","scoring_system":"epss","scoring_elements":"0.80327","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01386","scoring_system":"epss","scoring_elements":"0.80316","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01386","scoring_system":"epss","scoring_elements":"0.80288","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01386","scoring_system":"epss","scoring_elements":"0.803","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01386","scoring_system":"epss","scoring_elements":"0.80279","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01386","scoring_system":"epss","scoring_elements":"0.80521","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01386","scoring_system":"epss","scoring_elements":"0.8048","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01386","scoring_system":"epss","scoring_elements":"0.80463","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01386","scoring_system":"epss","scoring_elements":"0.80468","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01386","scoring_system":"epss","scoring_elements":"0.80449","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01386","scoring_system":"epss","scoring_elements":"0.80427","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01386","scoring_system":"epss","scoring_elements":"0.80411","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01386","scoring_system":"epss","scoring_elements":"0.80394","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01386","scoring_system":"epss","scoring_elements":"0.80387","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01386","scoring_system":"epss","scoring_elements":"0.80356","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01386","scoring_system":"epss","scoring_elements":"0.80354","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01386","scoring_system":"epss","scoring_elements":"0.80324","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01386","scoring_system":"epss","scoring_elements":"0.80331","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-41989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T19:34:43Z/"}],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/27900fe56f3d3cabb4aeb6ccb82f92bab29073a8","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/27900fe56f3d3cabb4aeb6ccb82f92bab29073a8"},{"reference_url":"https://github.com/django/django/commit/fc76660f589ac07e45e9cd34ccb8087aeb11904b","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/fc76660f589ac07e45e9cd34ccb8087aeb11904b"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-67.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-67.yaml"},{"reference_url":"https://groups.google.com/forum/#%21forum/django-announce","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T19:34:43Z/"}],"url":"https://groups.google.com/forum/#%21forum/django-announce"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41989","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41989"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240905-0007","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240905-0007"},{"reference_url":"https://www.djangoproject.com/weblog/2024/aug/06/security-releases","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2024/aug/06/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2024/aug/06/security-releases/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T19:34:43Z/"}],"url":"https://www.djangoproject.com/weblog/2024/aug/06/security-releases/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074","reference_id":"1078074","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2302433","reference_id":"2302433","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2302433"},{"reference_url":"https://github.com/advisories/GHSA-jh75-99hh-qvx9","reference_id":"GHSA-jh75-99hh-qvx9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jh75-99hh-qvx9"},{"reference_url":"https://security.gentoo.org/glsa/202509-03","reference_id":"GLSA-202509-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202509-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6428","reference_id":"RHSA-2024:6428","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6428"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8534","reference_id":"RHSA-2024:8534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8534"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1335","reference_id":"RHSA-2025:1335","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1335"},{"reference_url":"https://usn.ubuntu.com/6946-1/","reference_id":"USN-6946-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6946-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036926?format=json","purl":"pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fs3-2msx-9kev"},{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-27wt-wmzc-1bc2"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-438j-ce4y-zkan"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-56na-n4w5-8fak"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jae8-w85w-cyfu"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mv1p-yxvp-pbh6"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qjez-qe32-e3b6"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-vwt9-q3dt-vbfg"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-x664-bfna-6qdv"},{"vulnerability":"VCID-xaqg-mhqa-7keg"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1037783?format=json","purl":"pkg:deb/debian/python-django@1:1.11.29-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1049561?format=json","purl":"pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1"}],"aliases":["BIT-django-2024-41989","CVE-2024-41989","GHSA-jh75-99hh-qvx9","PYSEC-2024-67"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v1xr-z4zu-yfb4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/23649?format=json","vulnerability_id":"VCID-vwt9-q3dt-vbfg","summary":"Django is vulnerable to SQL injection in column aliases\nAn issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27.\n`FilteredRelation` is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the `**kwargs` passed to `QuerySet.annotate()` or `QuerySet.alias()` on PostgreSQL.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank Stackered for reporting this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13372.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13372.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13372","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01194","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01184","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01181","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01188","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01182","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01203","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01201","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.0126","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01266","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01259","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01254","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01185","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01173","published_at":"2026-04-16T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00221","published_at":"2026-05-11T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00224","published_at":"2026-05-09T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00225","published_at":"2026-05-05T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00299","published_at":"2026-05-14T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00295","published_at":"2026-05-12T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00297","published_at":"2026-05-16T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00835","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/479415ce5249bcdebeb6570c72df2a87f45a7bbf","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/479415ce5249bcdebeb6570c72df2a87f45a7bbf"},{"reference_url":"https://github.com/django/django/commit/56aea00c3c5e1aacf4ed05f8ee06c2e78f02cea0","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/56aea00c3c5e1aacf4ed05f8ee06c2e78f02cea0"},{"reference_url":"https://github.com/django/django/commit/5b90ca1e7591fa36fccf2d6dad67cf1477e6293e","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/5b90ca1e7591fa36fccf2d6dad67cf1477e6293e"},{"reference_url":"https://github.com/django/django/commit/9c6a5bde24240382807d13bc3748d08444709355","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/9c6a5bde24240382807d13bc3748d08444709355"},{"reference_url":"https://github.com/django/django/commit/f997037b235f6b5c9e7c4a501491ec45f3400f3d","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/f997037b235f6b5c9e7c4a501491ec45f3400f3d"},{"reference_url":"https://groups.google.com/g/django-announce","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-02T15:43:29Z/"}],"url":"https://groups.google.com/g/django-announce"},{"reference_url":"https://www.djangoproject.com/weblog/2025/dec/02/security-releases","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2025/dec/02/security-releases"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121788","reference_id":"1121788","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121788"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2418372","reference_id":"2418372","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2418372"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-13372","reference_id":"CVE-2025-13372","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-13372"},{"reference_url":"https://github.com/advisories/GHSA-rqw2-ghq9-44m7","reference_id":"GHSA-rqw2-ghq9-44m7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rqw2-ghq9-44m7"},{"reference_url":"https://www.djangoproject.com/weblog/2025/dec/02/security-releases/","reference_id":"security-releases","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-02T15:43:29Z/"}],"url":"https://www.djangoproject.com/weblog/2025/dec/02/security-releases/"},{"reference_url":"https://usn.ubuntu.com/7903-1/","reference_id":"USN-7903-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7903-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036926?format=json","purl":"pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fs3-2msx-9kev"},{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-27wt-wmzc-1bc2"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-438j-ce4y-zkan"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-56na-n4w5-8fak"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jae8-w85w-cyfu"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mv1p-yxvp-pbh6"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qjez-qe32-e3b6"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-vwt9-q3dt-vbfg"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-x664-bfna-6qdv"},{"vulnerability":"VCID-xaqg-mhqa-7keg"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1037783?format=json","purl":"pkg:deb/debian/python-django@1:1.11.29-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1"}],"aliases":["CVE-2025-13372","GHSA-rqw2-ghq9-44m7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vwt9-q3dt-vbfg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6028?format=json","vulnerability_id":"VCID-w2dv-u8h6-sbgs","summary":"Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7471.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7471.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7471","reference_id":"","reference_type":"","scores":[{"value":"0.09442","scoring_system":"epss","scoring_elements":"0.92778","published_at":"2026-04-01T12:55:00Z"},{"value":"0.09442","scoring_system":"epss","scoring_elements":"0.92796","published_at":"2026-04-08T12:55:00Z"},{"value":"0.09442","scoring_system":"epss","scoring_elements":"0.92786","published_at":"2026-04-07T12:55:00Z"},{"value":"0.09442","scoring_system":"epss","scoring_elements":"0.9279","published_at":"2026-04-04T12:55:00Z"},{"value":"0.09442","scoring_system":"epss","scoring_elements":"0.92785","published_at":"2026-04-02T12:55:00Z"},{"value":"0.09442","scoring_system":"epss","scoring_elements":"0.929","published_at":"2026-05-15T12:55:00Z"},{"value":"0.09442","scoring_system":"epss","scoring_elements":"0.92894","published_at":"2026-05-16T12:55:00Z"},{"value":"0.09442","scoring_system":"epss","scoring_elements":"0.92868","published_at":"2026-05-12T12:55:00Z"},{"value":"0.09442","scoring_system":"epss","scoring_elements":"0.92862","published_at":"2026-05-11T12:55:00Z"},{"value":"0.09442","scoring_system":"epss","scoring_elements":"0.92858","published_at":"2026-05-09T12:55:00Z"},{"value":"0.09442","scoring_system":"epss","scoring_elements":"0.92846","published_at":"2026-05-07T12:55:00Z"},{"value":"0.09442","scoring_system":"epss","scoring_elements":"0.92832","published_at":"2026-05-05T12:55:00Z"},{"value":"0.09442","scoring_system":"epss","scoring_elements":"0.92823","published_at":"2026-04-29T12:55:00Z"},{"value":"0.09442","scoring_system":"epss","scoring_elements":"0.92827","published_at":"2026-04-26T12:55:00Z"},{"value":"0.09442","scoring_system":"epss","scoring_elements":"0.92826","published_at":"2026-04-24T12:55:00Z"},{"value":"0.09442","scoring_system":"epss","scoring_elements":"0.92819","published_at":"2026-04-21T12:55:00Z"},{"value":"0.09442","scoring_system":"epss","scoring_elements":"0.92815","published_at":"2026-04-18T12:55:00Z"},{"value":"0.09442","scoring_system":"epss","scoring_elements":"0.92814","published_at":"2026-04-16T12:55:00Z"},{"value":"0.09442","scoring_system":"epss","scoring_elements":"0.92804","published_at":"2026-04-13T12:55:00Z"},{"value":"0.09442","scoring_system":"epss","scoring_elements":"0.92805","published_at":"2026-04-11T12:55:00Z"},{"value":"0.09442","scoring_system":"epss","scoring_elements":"0.928","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7471"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7471","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7471"},{"reference_url":"https://docs.djangoproject.com/en/3.0/releases/security","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/3.0/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/3.0/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/3.0/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-hmr4-m2h5-33qx","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hmr4-m2h5-33qx"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/001b0634cd309e372edb6d7d95d083d02b8e37bd","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/001b0634cd309e372edb6d7d95d083d02b8e37bd"},{"reference_url":"https://github.com/django/django/commit/505826b469b16ab36693360da9e11fd13213421b","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/505826b469b16ab36693360da9e11fd13213421b"},{"reference_url":"https://github.com/django/django/commit/c67a368c16e4680b324b4f385398d638db4d8147","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/c67a368c16e4680b324b4f385398d638db4d8147"},{"reference_url":"https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-35.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-35.yaml"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/X45S86X5bZI","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/django-announce/X45S86X5bZI"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7471","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7471"},{"reference_url":"https://seclists.org/bugtraq/2020/Feb/30","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2020/Feb/30"},{"reference_url":"https://security.gentoo.org/glsa/202004-17","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202004-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200221-0006","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200221-0006"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200221-0006/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20200221-0006/"},{"reference_url":"https://usn.ubuntu.com/4264-1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4264-1"},{"reference_url":"https://usn.ubuntu.com/4264-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4264-1/"},{"reference_url":"https://www.debian.org/security/2020/dsa-4629","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2020/dsa-4629"},{"reference_url":"https://www.djangoproject.com/weblog/2020/feb/03/security-releases","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2020/feb/03/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2020/feb/03/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2020/feb/03/security-releases/"},{"reference_url":"https://www.openwall.com/lists/oss-security/2020/02/03/1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2020/02/03/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/02/03/1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2020/02/03/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1798515","reference_id":"1798515","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1798515"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950581","reference_id":"950581","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950581"},{"reference_url":"https://security.archlinux.org/ASA-202002-1","reference_id":"ASA-202002-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202002-1"},{"reference_url":"https://security.archlinux.org/AVG-1091","reference_id":"AVG-1091","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1091"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036926?format=json","purl":"pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fs3-2msx-9kev"},{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-27wt-wmzc-1bc2"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-438j-ce4y-zkan"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-56na-n4w5-8fak"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jae8-w85w-cyfu"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mv1p-yxvp-pbh6"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qjez-qe32-e3b6"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-vwt9-q3dt-vbfg"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-x664-bfna-6qdv"},{"vulnerability":"VCID-xaqg-mhqa-7keg"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1037783?format=json","purl":"pkg:deb/debian/python-django@1:1.11.29-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1049560?format=json","purl":"pkg:deb/debian/python-django@2:2.2.28-1~deb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2"}],"aliases":["BIT-django-2020-7471","CVE-2020-7471","GHSA-hmr4-m2h5-33qx","PYSEC-2020-35"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w2dv-u8h6-sbgs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25634?format=json","vulnerability_id":"VCID-w4pr-k5nj-ckgy","summary":"Django is subject to SQL injection through its column aliases\nAn issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed QuerySet.annotate() or QuerySet.alias().","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-57833.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-57833.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-57833","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05631","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05603","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05593","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05586","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05535","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05549","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05867","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0579","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05784","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05777","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05706","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0574","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05834","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05868","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05828","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05798","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06527","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06549","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.0656","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06504","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06514","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06544","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-57833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/102965ea93072fe3c39a30be437c683ec1106ef5","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/102965ea93072fe3c39a30be437c683ec1106ef5"},{"reference_url":"https://github.com/django/django/commit/31334e6965ad136a5e369993b01721499c5d1a92","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/31334e6965ad136a5e369993b01721499c5d1a92"},{"reference_url":"https://github.com/django/django/commit/4c044fcc866ec226f612c475950b690b0139d243","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/4c044fcc866ec226f612c475950b690b0139d243"},{"reference_url":"https://groups.google.com/g/django-announce","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-08T17:33:03Z/"}],"url":"https://groups.google.com/g/django-announce"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/09/msg00017.html","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/09/msg00017.html"},{"reference_url":"https://medium.com/@EyalSec/django-unauthenticated-0-click-rce-and-sql-injection-using-default-configuration-059964f3f898","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-08T17:33:03Z/"}],"url":"https://medium.com/@EyalSec/django-unauthenticated-0-click-rce-and-sql-injection-using-default-configuration-059964f3f898"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-57833","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-57833"},{"reference_url":"https://www.djangoproject.com/weblog/2025/sep/03/security-releases","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2025/sep/03/security-releases"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/09/03/3","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/09/03/3"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1113865","reference_id":"1113865","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1113865"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2392990","reference_id":"2392990","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2392990"},{"reference_url":"https://github.com/advisories/GHSA-6w2r-r2m5-xq5w","reference_id":"GHSA-6w2r-r2m5-xq5w","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6w2r-r2m5-xq5w"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16403","reference_id":"RHSA-2025:16403","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16403"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16404","reference_id":"RHSA-2025:16404","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16404"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16487","reference_id":"RHSA-2025:16487","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16487"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16514","reference_id":"RHSA-2025:16514","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16514"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17498","reference_id":"RHSA-2025:17498","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17498"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17499","reference_id":"RHSA-2025:17499","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17499"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17500","reference_id":"RHSA-2025:17500","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17500"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17606","reference_id":"RHSA-2025:17606","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17606"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17613","reference_id":"RHSA-2025:17613","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17613"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17614","reference_id":"RHSA-2025:17614","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17614"},{"reference_url":"https://www.djangoproject.com/weblog/2025/sep/03/security-releases/","reference_id":"security-releases","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-08T17:33:03Z/"}],"url":"https://www.djangoproject.com/weblog/2025/sep/03/security-releases/"},{"reference_url":"https://usn.ubuntu.com/7736-1/","reference_id":"USN-7736-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7736-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036926?format=json","purl":"pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fs3-2msx-9kev"},{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-27wt-wmzc-1bc2"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-438j-ce4y-zkan"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-56na-n4w5-8fak"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jae8-w85w-cyfu"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mv1p-yxvp-pbh6"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qjez-qe32-e3b6"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-vwt9-q3dt-vbfg"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-x664-bfna-6qdv"},{"vulnerability":"VCID-xaqg-mhqa-7keg"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1037783?format=json","purl":"pkg:deb/debian/python-django@1:1.11.29-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1049561?format=json","purl":"pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1"}],"aliases":["CVE-2025-57833","GHSA-6w2r-r2m5-xq5w"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w4pr-k5nj-ckgy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6094?format=json","vulnerability_id":"VCID-wkrc-62bd-bbgx","summary":"An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13254.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13254.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13254","reference_id":"","reference_type":"","scores":[{"value":"0.08673","scoring_system":"epss","scoring_elements":"0.92542","published_at":"2026-05-16T12:55:00Z"},{"value":"0.08673","scoring_system":"epss","scoring_elements":"0.92548","published_at":"2026-05-15T12:55:00Z"},{"value":"0.08673","scoring_system":"epss","scoring_elements":"0.92541","published_at":"2026-05-14T12:55:00Z"},{"value":"0.08673","scoring_system":"epss","scoring_elements":"0.92516","published_at":"2026-05-12T12:55:00Z"},{"value":"0.08673","scoring_system":"epss","scoring_elements":"0.9251","published_at":"2026-05-11T12:55:00Z"},{"value":"0.08673","scoring_system":"epss","scoring_elements":"0.92506","published_at":"2026-05-09T12:55:00Z"},{"value":"0.08673","scoring_system":"epss","scoring_elements":"0.92495","published_at":"2026-05-07T12:55:00Z"},{"value":"0.08673","scoring_system":"epss","scoring_elements":"0.92485","published_at":"2026-05-05T12:55:00Z"},{"value":"0.08673","scoring_system":"epss","scoring_elements":"0.92479","published_at":"2026-04-26T12:55:00Z"},{"value":"0.08673","scoring_system":"epss","scoring_elements":"0.92478","published_at":"2026-04-24T12:55:00Z"},{"value":"0.08673","scoring_system":"epss","scoring_elements":"0.92438","published_at":"2026-04-07T12:55:00Z"},{"value":"0.08673","scoring_system":"epss","scoring_elements":"0.92463","published_at":"2026-04-12T12:55:00Z"},{"value":"0.08673","scoring_system":"epss","scoring_elements":"0.92461","published_at":"2026-04-11T12:55:00Z"},{"value":"0.08673","scoring_system":"epss","scoring_elements":"0.92455","published_at":"2026-04-09T12:55:00Z"},{"value":"0.08673","scoring_system":"epss","scoring_elements":"0.9245","published_at":"2026-04-08T12:55:00Z"},{"value":"0.08673","scoring_system":"epss","scoring_elements":"0.92421","published_at":"2026-04-01T12:55:00Z"},{"value":"0.08673","scoring_system":"epss","scoring_elements":"0.92427","published_at":"2026-04-02T12:55:00Z"},{"value":"0.08673","scoring_system":"epss","scoring_elements":"0.92436","published_at":"2026-04-04T12:55:00Z"},{"value":"0.08673","scoring_system":"epss","scoring_elements":"0.92475","published_at":"2026-04-29T12:55:00Z"},{"value":"0.08673","scoring_system":"epss","scoring_elements":"0.92472","published_at":"2026-04-18T12:55:00Z"},{"value":"0.08673","scoring_system":"epss","scoring_elements":"0.92462","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13254"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13254","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13254"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13596","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13596"},{"reference_url":"https://docs.djangoproject.com/en/3.0/releases/security","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/3.0/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/3.0/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/3.0/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-wpjr-j57x-wxfw","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wpjr-j57x-wxfw"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/07e59caa02831c4569bbebb9eb773bdd9cb4b206","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/07e59caa02831c4569bbebb9eb773bdd9cb4b206"},{"reference_url":"https://github.com/django/django/commit/84b2da5552e100ae3294f564f6c862fef8d0e693","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/84b2da5552e100ae3294f564f6c862fef8d0e693"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-31.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-31.yaml"},{"reference_url":"https://groups.google.com/d/msg/django-announce/pPEmb2ot4Fo/X-SMalYSBAAJ","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/d/msg/django-announce/pPEmb2ot4Fo/X-SMalYSBAAJ"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/06/msg00016.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/06/msg00016.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13254","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13254"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200611-0002","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200611-0002"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200611-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20200611-0002/"},{"reference_url":"https://usn.ubuntu.com/4381-1","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4381-1"},{"reference_url":"https://usn.ubuntu.com/4381-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4381-1/"},{"reference_url":"https://usn.ubuntu.com/4381-2","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4381-2"},{"reference_url":"https://usn.ubuntu.com/4381-2/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4381-2/"},{"reference_url":"https://www.debian.org/security/2020/dsa-4705","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2020/dsa-4705"},{"reference_url":"https://www.djangoproject.com/weblog/2020/jun/03/security-releases","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2020/jun/03/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2020/jun/03/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2020/jun/03/security-releases/"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2021.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1843614","reference_id":"1843614","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1843614"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962323","reference_id":"962323","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962323"},{"reference_url":"https://security.archlinux.org/ASA-202006-8","reference_id":"ASA-202006-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202006-8"},{"reference_url":"https://security.archlinux.org/AVG-1176","reference_id":"AVG-1176","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1176"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0915","reference_id":"RHSA-2021:0915","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0915"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0933","reference_id":"RHSA-2021:0933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0933"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036926?format=json","purl":"pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fs3-2msx-9kev"},{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-27wt-wmzc-1bc2"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-438j-ce4y-zkan"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-56na-n4w5-8fak"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jae8-w85w-cyfu"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mv1p-yxvp-pbh6"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qjez-qe32-e3b6"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-vwt9-q3dt-vbfg"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-x664-bfna-6qdv"},{"vulnerability":"VCID-xaqg-mhqa-7keg"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1037783?format=json","purl":"pkg:deb/debian/python-django@1:1.11.29-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1049560?format=json","purl":"pkg:deb/debian/python-django@2:2.2.28-1~deb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2"}],"aliases":["BIT-django-2020-13254","CVE-2020-13254","GHSA-wpjr-j57x-wxfw","PYSEC-2020-31"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wkrc-62bd-bbgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14665?format=json","vulnerability_id":"VCID-wwa5-mhgu-9khz","summary":"Django denial-of-service in django.utils.html.strip_tags()\nAn issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53907.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53907.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-53907","reference_id":"","reference_type":"","scores":[{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.77628","published_at":"2026-05-16T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.77622","published_at":"2026-05-15T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.77608","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.7756","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.77483","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.77371","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.7739","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.77541","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.77553","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.7753","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.77503","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.77496","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.77364","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.77477","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.77442","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.7745","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.77452","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.77412","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.77416","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.77436","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.7741","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.774","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-53907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-156.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-156.yaml"},{"reference_url":"https://groups.google.com/g/django-announce","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T16:22:53Z/"}],"url":"https://groups.google.com/g/django-announce"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/12/msg00028.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2024/12/msg00028.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53907","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53907"},{"reference_url":"https://www.djangoproject.com/weblog/2024/dec/04/security-releases","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2024/dec/04/security-releases"},{"reference_url":"https://www.openwall.com/lists/oss-security/2024/12/04/3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T16:22:53Z/"}],"url":"https://www.openwall.com/lists/oss-security/2024/12/04/3"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2329288","reference_id":"2329288","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2329288"},{"reference_url":"https://github.com/advisories/GHSA-8498-2h75-472j","reference_id":"GHSA-8498-2h75-472j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8498-2h75-472j"},{"reference_url":"https://security.gentoo.org/glsa/202509-03","reference_id":"GLSA-202509-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202509-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11144","reference_id":"RHSA-2024:11144","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11144"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11146","reference_id":"RHSA-2024:11146","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11146"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0340","reference_id":"RHSA-2025:0340","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0340"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0777","reference_id":"RHSA-2025:0777","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0777"},{"reference_url":"https://usn.ubuntu.com/7136-1/","reference_id":"USN-7136-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7136-1/"},{"reference_url":"https://usn.ubuntu.com/7136-2/","reference_id":"USN-7136-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7136-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036926?format=json","purl":"pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fs3-2msx-9kev"},{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-27wt-wmzc-1bc2"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-438j-ce4y-zkan"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-56na-n4w5-8fak"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jae8-w85w-cyfu"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mv1p-yxvp-pbh6"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qjez-qe32-e3b6"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-vwt9-q3dt-vbfg"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-x664-bfna-6qdv"},{"vulnerability":"VCID-xaqg-mhqa-7keg"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1037783?format=json","purl":"pkg:deb/debian/python-django@1:1.11.29-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1049561?format=json","purl":"pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1"}],"aliases":["CVE-2024-53907","GHSA-8498-2h75-472j"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wwa5-mhgu-9khz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5827?format=json","vulnerability_id":"VCID-x664-bfna-6qdv","summary":"In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3498.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3498.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3498","reference_id":"","reference_type":"","scores":[{"value":"0.01439","scoring_system":"epss","scoring_elements":"0.8091","published_at":"2026-05-16T12:55:00Z"},{"value":"0.01439","scoring_system":"epss","scoring_elements":"0.80907","published_at":"2026-05-15T12:55:00Z"},{"value":"0.01439","scoring_system":"epss","scoring_elements":"0.80903","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01439","scoring_system":"epss","scoring_elements":"0.80861","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01439","scoring_system":"epss","scoring_elements":"0.80772","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01439","scoring_system":"epss","scoring_elements":"0.80715","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01439","scoring_system":"epss","scoring_elements":"0.80706","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01439","scoring_system":"epss","scoring_elements":"0.80677","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01439","scoring_system":"epss","scoring_elements":"0.80682","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01439","scoring_system":"epss","scoring_elements":"0.8066","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01439","scoring_system":"epss","scoring_elements":"0.80652","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01439","scoring_system":"epss","scoring_elements":"0.80843","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01439","scoring_system":"epss","scoring_elements":"0.80849","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01439","scoring_system":"epss","scoring_elements":"0.80828","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01439","scoring_system":"epss","scoring_elements":"0.80806","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01439","scoring_system":"epss","scoring_elements":"0.8079","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01439","scoring_system":"epss","scoring_elements":"0.80776","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01439","scoring_system":"epss","scoring_elements":"0.8075","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01439","scoring_system":"epss","scoring_elements":"0.80747","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01439","scoring_system":"epss","scoring_elements":"0.80746","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01439","scoring_system":"epss","scoring_elements":"0.8071","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01439","scoring_system":"epss","scoring_elements":"0.80718","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01439","scoring_system":"epss","scoring_elements":"0.80732","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3498"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-337x-4q8g-prc5","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-337x-4q8g-prc5"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-17.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-17.yaml"},{"reference_url":"https://groups.google.com/forum/#%21topic/django-announce/VYU7xQQTEPQ","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#%21topic/django-announce/VYU7xQQTEPQ"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/VYU7xQQTEPQ","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/django-announce/VYU7xQQTEPQ"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/01/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/01/msg00005.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/"},{"reference_url":"https://usn.ubuntu.com/3851-1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3851-1"},{"reference_url":"https://usn.ubuntu.com/3851-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3851-1/"},{"reference_url":"https://web.archive.org/web/20200227094237/http://www.securityfocus.com/bid/106453","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227094237/http://www.securityfocus.com/bid/106453"},{"reference_url":"https://www.debian.org/security/2019/dsa-4363","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4363"},{"reference_url":"https://www.djangoproject.com/weblog/2019/jan/04/security-releases","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2019/jan/04/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2019/jan/04/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2019/jan/04/security-releases/"},{"reference_url":"http://www.securityfocus.com/bid/106453","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/106453"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1663722","reference_id":"1663722","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1663722"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918230","reference_id":"918230","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918230"},{"reference_url":"https://security.archlinux.org/ASA-201901-6","reference_id":"ASA-201901-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201901-6"},{"reference_url":"https://security.archlinux.org/AVG-839","reference_id":"AVG-839","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-839"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3498","reference_id":"CVE-2019-3498","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3498"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036926?format=json","purl":"pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fs3-2msx-9kev"},{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-27wt-wmzc-1bc2"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-438j-ce4y-zkan"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-56na-n4w5-8fak"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jae8-w85w-cyfu"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mv1p-yxvp-pbh6"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qjez-qe32-e3b6"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-vwt9-q3dt-vbfg"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-x664-bfna-6qdv"},{"vulnerability":"VCID-xaqg-mhqa-7keg"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1037783?format=json","purl":"pkg:deb/debian/python-django@1:1.11.29-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1"}],"aliases":["CVE-2019-3498","GHSA-337x-4q8g-prc5","PYSEC-2019-17"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x664-bfna-6qdv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5844?format=json","vulnerability_id":"VCID-xaqg-mhqa-7keg","summary":"Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6975.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6975.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6975","reference_id":"","reference_type":"","scores":[{"value":"0.13466","scoring_system":"epss","scoring_elements":"0.94283","published_at":"2026-05-16T12:55:00Z"},{"value":"0.13466","scoring_system":"epss","scoring_elements":"0.94284","published_at":"2026-05-14T12:55:00Z"},{"value":"0.13466","scoring_system":"epss","scoring_elements":"0.94287","published_at":"2026-05-15T12:55:00Z"},{"value":"0.18399","scoring_system":"epss","scoring_elements":"0.95206","published_at":"2026-04-02T12:55:00Z"},{"value":"0.18399","scoring_system":"epss","scoring_elements":"0.95222","published_at":"2026-04-09T12:55:00Z"},{"value":"0.18399","scoring_system":"epss","scoring_elements":"0.95219","published_at":"2026-04-08T12:55:00Z"},{"value":"0.18399","scoring_system":"epss","scoring_elements":"0.95211","published_at":"2026-04-07T12:55:00Z"},{"value":"0.18399","scoring_system":"epss","scoring_elements":"0.95207","published_at":"2026-04-04T12:55:00Z"},{"value":"0.18399","scoring_system":"epss","scoring_elements":"0.95287","published_at":"2026-05-12T12:55:00Z"},{"value":"0.18399","scoring_system":"epss","scoring_elements":"0.95194","published_at":"2026-04-01T12:55:00Z"},{"value":"0.18399","scoring_system":"epss","scoring_elements":"0.95281","published_at":"2026-05-11T12:55:00Z"},{"value":"0.18399","scoring_system":"epss","scoring_elements":"0.95274","published_at":"2026-05-09T12:55:00Z"},{"value":"0.18399","scoring_system":"epss","scoring_elements":"0.95267","published_at":"2026-05-07T12:55:00Z"},{"value":"0.18399","scoring_system":"epss","scoring_elements":"0.95261","published_at":"2026-05-05T12:55:00Z"},{"value":"0.18399","scoring_system":"epss","scoring_elements":"0.95248","published_at":"2026-04-29T12:55:00Z"},{"value":"0.18399","scoring_system":"epss","scoring_elements":"0.95247","published_at":"2026-04-26T12:55:00Z"},{"value":"0.18399","scoring_system":"epss","scoring_elements":"0.95245","published_at":"2026-04-24T12:55:00Z"},{"value":"0.18399","scoring_system":"epss","scoring_elements":"0.95242","published_at":"2026-04-18T12:55:00Z"},{"value":"0.18399","scoring_system":"epss","scoring_elements":"0.95239","published_at":"2026-04-16T12:55:00Z"},{"value":"0.18399","scoring_system":"epss","scoring_elements":"0.95231","published_at":"2026-04-13T12:55:00Z"},{"value":"0.18399","scoring_system":"epss","scoring_elements":"0.95228","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6975"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12308","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12308"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12781","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12781"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6975","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6975"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-wh4h-v3f2-r2pp","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wh4h-v3f2-r2pp"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/0bbb560183fabf0533289700845dafa94951f227","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/0bbb560183fabf0533289700845dafa94951f227"},{"reference_url":"https://github.com/django/django/commit/1f42f82566c9d2d73aff1c42790d6b1b243f7676","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/1f42f82566c9d2d73aff1c42790d6b1b243f7676"},{"reference_url":"https://github.com/django/django/commit/40cd19055773705301c3428ed5e08a036d2091f3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/40cd19055773705301c3428ed5e08a036d2091f3"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-18.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-18.yaml"},{"reference_url":"https://groups.google.com/forum/#%21topic/django-announce/WTwEAprR0IQ","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#%21topic/django-announce/WTwEAprR0IQ"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/WTwEAprR0IQ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/django-announce/WTwEAprR0IQ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/66WMXHGBXD7GSM3PEXVCMCAGLMQYHZCU/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/66WMXHGBXD7GSM3PEXVCMCAGLMQYHZCU/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66WMXHGBXD7GSM3PEXVCMCAGLMQYHZCU","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66WMXHGBXD7GSM3PEXVCMCAGLMQYHZCU"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66WMXHGBXD7GSM3PEXVCMCAGLMQYHZCU/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66WMXHGBXD7GSM3PEXVCMCAGLMQYHZCU/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/"},{"reference_url":"https://seclists.org/bugtraq/2019/Jul/10","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/Jul/10"},{"reference_url":"https://usn.ubuntu.com/3890-1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3890-1"},{"reference_url":"https://usn.ubuntu.com/3890-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3890-1/"},{"reference_url":"https://web.archive.org/web/20200227084713/http://www.securityfocus.com/bid/106964","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227084713/http://www.securityfocus.com/bid/106964"},{"reference_url":"https://www.debian.org/security/2019/dsa-4476","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4476"},{"reference_url":"https://www.djangoproject.com/weblog/2019/feb/11/security-releases","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2019/feb/11/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2019/feb/11/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2019/feb/11/security-releases/"},{"reference_url":"https://www.openwall.com/lists/oss-security/2019/02/11/1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2019/02/11/1"},{"reference_url":"http://www.securityfocus.com/bid/106964","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/106964"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1673642","reference_id":"1673642","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1673642"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922027","reference_id":"922027","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922027"},{"reference_url":"https://security.archlinux.org/ASA-201902-14","reference_id":"ASA-201902-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201902-14"},{"reference_url":"https://security.archlinux.org/AVG-881","reference_id":"AVG-881","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-881"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6975","reference_id":"CVE-2019-6975","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6975"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036926?format=json","purl":"pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fs3-2msx-9kev"},{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-27wt-wmzc-1bc2"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-438j-ce4y-zkan"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-56na-n4w5-8fak"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jae8-w85w-cyfu"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mv1p-yxvp-pbh6"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qjez-qe32-e3b6"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-vwt9-q3dt-vbfg"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-x664-bfna-6qdv"},{"vulnerability":"VCID-xaqg-mhqa-7keg"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1037783?format=json","purl":"pkg:deb/debian/python-django@1:1.11.29-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1"}],"aliases":["CVE-2019-6975","GHSA-wh4h-v3f2-r2pp","PYSEC-2019-18"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xaqg-mhqa-7keg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14834?format=json","vulnerability_id":"VCID-xgv1-s2ek-q3dp","summary":"An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap() method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26699.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26699.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-26699","reference_id":"","reference_type":"","scores":[{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52216","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52212","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52205","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52125","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.521","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.5214","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52098","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52047","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52102","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52138","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52132","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52185","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52203","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52199","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01596","scoring_system":"epss","scoring_elements":"0.81624","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01596","scoring_system":"epss","scoring_elements":"0.81646","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01596","scoring_system":"epss","scoring_elements":"0.81643","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01596","scoring_system":"epss","scoring_elements":"0.8167","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01596","scoring_system":"epss","scoring_elements":"0.81675","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01596","scoring_system":"epss","scoring_elements":"0.81695","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01596","scoring_system":"epss","scoring_elements":"0.81682","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01596","scoring_system":"epss","scoring_elements":"0.81676","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-26699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T20:30:28Z/"}],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-13.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-13.yaml"},{"reference_url":"https://groups.google.com/g/django-announce","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T20:30:28Z/"}],"url":"https://groups.google.com/g/django-announce"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00012.html","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00012.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-26699","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-26699"},{"reference_url":"https://www.djangoproject.com/weblog/2025/mar/06/security-releases","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2025/mar/06/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2025/mar/06/security-releases/","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T20:30:28Z/"}],"url":"https://www.djangoproject.com/weblog/2025/mar/06/security-releases/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/03/06/12","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/03/06/12"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099682","reference_id":"1099682","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099682"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2348993","reference_id":"2348993","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2348993"},{"reference_url":"https://github.com/advisories/GHSA-p3fp-8748-vqfq","reference_id":"GHSA-p3fp-8748-vqfq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p3fp-8748-vqfq"},{"reference_url":"https://security.gentoo.org/glsa/202509-03","reference_id":"GLSA-202509-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202509-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3160","reference_id":"RHSA-2025:3160","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3160"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3162","reference_id":"RHSA-2025:3162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3162"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3709","reference_id":"RHSA-2025:3709","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3709"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4553","reference_id":"RHSA-2025:4553","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4553"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8609","reference_id":"RHSA-2025:8609","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8609"},{"reference_url":"https://usn.ubuntu.com/7335-1/","reference_id":"USN-7335-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7335-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036926?format=json","purl":"pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fs3-2msx-9kev"},{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-27wt-wmzc-1bc2"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-438j-ce4y-zkan"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-56na-n4w5-8fak"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jae8-w85w-cyfu"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mv1p-yxvp-pbh6"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qjez-qe32-e3b6"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-vwt9-q3dt-vbfg"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-x664-bfna-6qdv"},{"vulnerability":"VCID-xaqg-mhqa-7keg"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1037783?format=json","purl":"pkg:deb/debian/python-django@1:1.11.29-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1049561?format=json","purl":"pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1"}],"aliases":["BIT-django-2025-26699","CVE-2025-26699","GHSA-p3fp-8748-vqfq","PYSEC-2025-13"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xgv1-s2ek-q3dp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13205?format=json","vulnerability_id":"VCID-z27q-zfpz-ckby","summary":"An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations from the parent class, potentially allow directory traversal via certain inputs during a save() call. (Built-in Storage sub-classes are unaffected.)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39330.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39330.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39330","reference_id":"","reference_type":"","scores":[{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40145","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.4012","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40108","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40041","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40017","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40113","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40096","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40028","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40168","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40248","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40261","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.4037","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40448","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40486","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40465","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40402","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.4048","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40454","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40445","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40476","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40429","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-10T13:59:56Z/"}],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/2b00edc0151a660d1eb86da4059904a0fc4e095e","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/2b00edc0151a660d1eb86da4059904a0fc4e095e"},{"reference_url":"https://github.com/django/django/commit/9f4f63e9ebb7bf6cb9547ee4e2526b9b96703270","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/9f4f63e9ebb7bf6cb9547ee4e2526b9b96703270"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-58.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-58.yaml"},{"reference_url":"https://groups.google.com/forum/#%21forum/django-announce","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-10T13:59:56Z/"}],"url":"https://groups.google.com/forum/#%21forum/django-announce"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39330","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39330"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240808-0005","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240808-0005"},{"reference_url":"https://www.djangoproject.com/weblog/2024/jul/09/security-releases","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2024/jul/09/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2024/jul/09/security-releases/","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-10T13:59:56Z/"}],"url":"https://www.djangoproject.com/weblog/2024/jul/09/security-releases/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076069","reference_id":"1076069","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076069"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2295937","reference_id":"2295937","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2295937"},{"reference_url":"https://github.com/advisories/GHSA-9jmf-237g-qf46","reference_id":"GHSA-9jmf-237g-qf46","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9jmf-237g-qf46"},{"reference_url":"https://security.gentoo.org/glsa/202509-03","reference_id":"GLSA-202509-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202509-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6428","reference_id":"RHSA-2024:6428","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6428"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8906","reference_id":"RHSA-2024:8906","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8906"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:9481","reference_id":"RHSA-2024:9481","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:9481"},{"reference_url":"https://usn.ubuntu.com/6888-1/","reference_id":"USN-6888-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6888-1/"},{"reference_url":"https://usn.ubuntu.com/6888-2/","reference_id":"USN-6888-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6888-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036926?format=json","purl":"pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fs3-2msx-9kev"},{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-27wt-wmzc-1bc2"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-438j-ce4y-zkan"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-56na-n4w5-8fak"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jae8-w85w-cyfu"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mv1p-yxvp-pbh6"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qjez-qe32-e3b6"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-vwt9-q3dt-vbfg"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-x664-bfna-6qdv"},{"vulnerability":"VCID-xaqg-mhqa-7keg"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1037783?format=json","purl":"pkg:deb/debian/python-django@1:1.11.29-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1v22-g646-wbay"},{"vulnerability":"VCID-28g3-ubx6-ebff"},{"vulnerability":"VCID-2tfv-rtq7-2fg9"},{"vulnerability":"VCID-2zb9-27sm-3kgh"},{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-7tph-k8q2-bue2"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8qu1-45n9-gyb1"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9abh-apwm-ebab"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a8zx-jamf-cfcm"},{"vulnerability":"VCID-c2kc-1jh1-j3ha"},{"vulnerability":"VCID-c6xy-v4sf-u3hn"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-e87q-1j8h-93hh"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-jtru-9jmz-kkek"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-m91a-6235-nye9"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-msge-1mfu-7qfa"},{"vulnerability":"VCID-mux4-uv98-hbbw"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-q12d-kv8p-8ff7"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u3zk-tff2-aua9"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ukkt-wgau-t3et"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v1xr-z4zu-yfb4"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-wwa5-mhgu-9khz"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-xgv1-s2ek-q3dp"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-ysyp-h7ja-yff3"},{"vulnerability":"VCID-z27q-zfpz-ckby"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1049561?format=json","purl":"pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1adz-zw3h-pqek"},{"vulnerability":"VCID-46pv-pzsu-jucd"},{"vulnerability":"VCID-ac4c-321h-tqfk"},{"vulnerability":"VCID-buuq-c9ps-jfdu"},{"vulnerability":"VCID-ff2a-at5f-2qa8"},{"vulnerability":"VCID-gfym-spzk-w7gk"},{"vulnerability":"VCID-jzae-1awh-k7cm"},{"vulnerability":"VCID-mga4-an1w-qqf9"},{"vulnerability":"VCID-rwyy-f7jh-pubf"},{"vulnerability":"VCID-ssut-reka-r3f8"},{"vulnerability":"VCID-xhpa-mffz-syfy"},{"vulnerability":"VCID-z47n-5z72-u3bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1"}],"aliases":["BIT-django-2024-39330","CVE-2024-39330","GHSA-9jmf-237g-qf46","PYSEC-2024-58"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z27q-zfpz-ckby"}],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1"}