{"url":"http://public2.vulnerablecode.io/api/packages/11476?format=json","purl":"pkg:pypi/django@1.11.17","type":"pypi","namespace":"","name":"django","version":"1.11.17","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.11.19","latest_non_vulnerable_version":"6.0.5","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6026?format=json","vulnerability_id":"VCID-2bh9-k4at-r7hz","summary":"sql injection","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7471","reference_id":"","reference_type":"","scores":[{"value":"0.09442","scoring_system":"epss","scoring_elements":"0.92943","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7471"},{"reference_url":"https://docs.djangoproject.com/en/3.0/releases/security","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/3.0/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/3.0/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/3.0/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-hmr4-m2h5-33qx","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hmr4-m2h5-33qx"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/001b0634cd309e372edb6d7d95d083d02b8e37bd","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/001b0634cd309e372edb6d7d95d083d02b8e37bd"},{"reference_url":"https://github.com/django/django/commit/505826b469b16ab36693360da9e11fd13213421b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/505826b469b16ab36693360da9e11fd13213421b"},{"reference_url":"https://github.com/django/django/commit/c67a368c16e4680b324b4f385398d638db4d8147","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/c67a368c16e4680b324b4f385398d638db4d8147"},{"reference_url":"https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-35.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-35.yaml"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/X45S86X5bZI","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/django-announce/X45S86X5bZI"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/"},{"reference_url":"https://seclists.org/bugtraq/2020/Feb/30","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2020/Feb/30"},{"reference_url":"https://security.gentoo.org/glsa/202004-17","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202004-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200221-0006","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20200221-0006"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200221-0006/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20200221-0006/"},{"reference_url":"https://usn.ubuntu.com/4264-1","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4264-1"},{"reference_url":"https://usn.ubuntu.com/4264-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4264-1/"},{"reference_url":"https://www.debian.org/security/2020/dsa-4629","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2020/dsa-4629"},{"reference_url":"https://www.djangoproject.com/weblog/2020/feb/03/security-releases","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2020/feb/03/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2020/feb/03/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2020/feb/03/security-releases/"},{"reference_url":"https://www.openwall.com/lists/oss-security/2020/02/03/1","reference_id":"","reference_type":"","scores":[],"url":"https://www.openwall.com/lists/oss-security/2020/02/03/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/02/03/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2020/02/03/1"},{"reference_url":"https://security.archlinux.org/ASA-202002-1","reference_id":"ASA-202002-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202002-1"},{"reference_url":"https://security.archlinux.org/AVG-1091","reference_id":"AVG-1091","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1091"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7471","reference_id":"CVE-2020-7471","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7471"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/13755?format=json","purl":"pkg:pypi/django@1.11.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7b47-vsfh-y3gh"},{"vulnerability":"VCID-hzcv-euwq-eqeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.28"},{"url":"http://public2.vulnerablecode.io/api/packages/13756?format=json","purl":"pkg:pypi/django@2.2.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f2p-wfbs-73hz"},{"vulnerability":"VCID-5a2y-2m62-1qfa"},{"vulnerability":"VCID-7b47-vsfh-y3gh"},{"vulnerability":"VCID-81q1-gytk-2uaq"},{"vulnerability":"VCID-9hp4-hn21-zkg8"},{"vulnerability":"VCID-b81v-3drw-xudf"},{"vulnerability":"VCID-bbxx-48nj-pqcd"},{"vulnerability":"VCID-dcv2-gx5a-pfe2"},{"vulnerability":"VCID-dqkn-1888-y3er"},{"vulnerability":"VCID-fc6y-y2b1-v3d5"},{"vulnerability":"VCID-gxju-xjh2-z7bn"},{"vulnerability":"VCID-hzcv-euwq-eqeg"},{"vulnerability":"VCID-jzbk-uswz-8ucg"},{"vulnerability":"VCID-nxbs-37dx-rbbh"},{"vulnerability":"VCID-punr-dfy5-v3g1"},{"vulnerability":"VCID-u53d-8afk-c3gq"},{"vulnerability":"VCID-vyzr-dkz3-vfg6"},{"vulnerability":"VCID-xb3c-6rew-z3ba"},{"vulnerability":"VCID-xu9t-qtjz-bud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.10"},{"url":"http://public2.vulnerablecode.io/api/packages/13757?format=json","purl":"pkg:pypi/django@3.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5a2y-2m62-1qfa"},{"vulnerability":"VCID-7b47-vsfh-y3gh"},{"vulnerability":"VCID-9hp4-hn21-zkg8"},{"vulnerability":"VCID-b81v-3drw-xudf"},{"vulnerability":"VCID-hzcv-euwq-eqeg"},{"vulnerability":"VCID-nxbs-37dx-rbbh"},{"vulnerability":"VCID-punr-dfy5-v3g1"},{"vulnerability":"VCID-xb3c-6rew-z3ba"},{"vulnerability":"VCID-xu9t-qtjz-bud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.3"}],"aliases":["BIT-django-2020-7471","CVE-2020-7471","GHSA-hmr4-m2h5-33qx","PYSEC-2020-35"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2bh9-k4at-r7hz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/345505?format=json","vulnerability_id":"VCID-6s18-ssym-1bd6","summary":"An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/"},{"reference_url":"https://seclists.org/bugtraq/2019/Aug/15","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2019/Aug/15"},{"reference_url":"https://security.gentoo.org/glsa/202004-17","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202004-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190828-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190828-0002/"},{"reference_url":"https://www.debian.org/security/2019/dsa-4498","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4498"},{"reference_url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12700?format=json","purl":"pkg:pypi/django@1.11.23","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bh9-k4at-r7hz"},{"vulnerability":"VCID-7b47-vsfh-y3gh"},{"vulnerability":"VCID-arff-yjfe-auhp"},{"vulnerability":"VCID-fynq-usj6-rfd3"},{"vulnerability":"VCID-hzcv-euwq-eqeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.23"},{"url":"http://public2.vulnerablecode.io/api/packages/12701?format=json","purl":"pkg:pypi/django@2.1.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bh9-k4at-r7hz"},{"vulnerability":"VCID-3gvv-5jbs-cfc1"},{"vulnerability":"VCID-fynq-usj6-rfd3"},{"vulnerability":"VCID-hzcv-euwq-eqeg"},{"vulnerability":"VCID-vr6h-ymzh-1kb2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.11"},{"url":"http://public2.vulnerablecode.io/api/packages/12702?format=json","purl":"pkg:pypi/django@2.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bh9-k4at-r7hz"},{"vulnerability":"VCID-2f2p-wfbs-73hz"},{"vulnerability":"VCID-3gvv-5jbs-cfc1"},{"vulnerability":"VCID-5a2y-2m62-1qfa"},{"vulnerability":"VCID-7b47-vsfh-y3gh"},{"vulnerability":"VCID-81q1-gytk-2uaq"},{"vulnerability":"VCID-9hp4-hn21-zkg8"},{"vulnerability":"VCID-arff-yjfe-auhp"},{"vulnerability":"VCID-b81v-3drw-xudf"},{"vulnerability":"VCID-bbxx-48nj-pqcd"},{"vulnerability":"VCID-dcv2-gx5a-pfe2"},{"vulnerability":"VCID-dqkn-1888-y3er"},{"vulnerability":"VCID-fc6y-y2b1-v3d5"},{"vulnerability":"VCID-fynq-usj6-rfd3"},{"vulnerability":"VCID-gxju-xjh2-z7bn"},{"vulnerability":"VCID-hzcv-euwq-eqeg"},{"vulnerability":"VCID-jzbk-uswz-8ucg"},{"vulnerability":"VCID-nxbs-37dx-rbbh"},{"vulnerability":"VCID-punr-dfy5-v3g1"},{"vulnerability":"VCID-u53d-8afk-c3gq"},{"vulnerability":"VCID-vr6h-ymzh-1kb2"},{"vulnerability":"VCID-vyzr-dkz3-vfg6"},{"vulnerability":"VCID-xb3c-6rew-z3ba"},{"vulnerability":"VCID-xu9t-qtjz-bud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.4"}],"aliases":["PYSEC-2019-84"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6s18-ssym-1bd6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6016?format=json","vulnerability_id":"VCID-7b47-vsfh-y3gh","summary":"sql injection","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9402","reference_id":"","reference_type":"","scores":[{"value":"0.84997","scoring_system":"epss","scoring_elements":"0.99364","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9402"},{"reference_url":"https://docs.djangoproject.com/en/3.0/releases/security","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/3.0/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/3.0/releases/security/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://docs.djangoproject.com/en/3.0/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-3gh2-xw74-jmcw","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3gh2-xw74-jmcw"},{"reference_url":"https://github.com/django/django/commit/6695d29b1c1ce979725816295a26ecc64ae0e927","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/6695d29b1c1ce979725816295a26ecc64ae0e927"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-345.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-345.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-36.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-36.yaml"},{"reference_url":"https://groups.google.com/forum/#%21topic/django-announce/fLUh_pOaKrY","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://groups.google.com/forum/#%21topic/django-announce/fLUh_pOaKrY"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/fLUh_pOaKrY","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/django-announce/fLUh_pOaKrY"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00035.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00035.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZMN2NKAGTFE3YKMNM2JVJG7R2W7LLHY","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZMN2NKAGTFE3YKMNM2JVJG7R2W7LLHY"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZMN2NKAGTFE3YKMNM2JVJG7R2W7LLHY/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZMN2NKAGTFE3YKMNM2JVJG7R2W7LLHY/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZMN2NKAGTFE3YKMNM2JVJG7R2W7LLHY","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZMN2NKAGTFE3YKMNM2JVJG7R2W7LLHY"},{"reference_url":"https://security.gentoo.org/glsa/202004-17","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://security.gentoo.org/glsa/202004-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200327-0004","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20200327-0004"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200327-0004/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://security.netapp.com/advisory/ntap-20200327-0004/"},{"reference_url":"https://usn.ubuntu.com/4296-1","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4296-1"},{"reference_url":"https://usn.ubuntu.com/4296-1/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://usn.ubuntu.com/4296-1/"},{"reference_url":"https://www.debian.org/security/2020/dsa-4705","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://www.debian.org/security/2020/dsa-4705"},{"reference_url":"https://www.djangoproject.com/weblog/2020/mar/04/security-releases","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2020/mar/04/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2020/mar/04/security-releases/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://www.djangoproject.com/weblog/2020/mar/04/security-releases/"},{"reference_url":"https://security.archlinux.org/ASA-202003-5","reference_id":"ASA-202003-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202003-5"},{"reference_url":"https://security.archlinux.org/AVG-1111","reference_id":"AVG-1111","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1111"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9402","reference_id":"CVE-2020-9402","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9402"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/13763?format=json","purl":"pkg:pypi/django@1.11.29","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hzcv-euwq-eqeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.29"},{"url":"http://public2.vulnerablecode.io/api/packages/13764?format=json","purl":"pkg:pypi/django@2.2.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f2p-wfbs-73hz"},{"vulnerability":"VCID-5a2y-2m62-1qfa"},{"vulnerability":"VCID-81q1-gytk-2uaq"},{"vulnerability":"VCID-9hp4-hn21-zkg8"},{"vulnerability":"VCID-b81v-3drw-xudf"},{"vulnerability":"VCID-bbxx-48nj-pqcd"},{"vulnerability":"VCID-dcv2-gx5a-pfe2"},{"vulnerability":"VCID-dqkn-1888-y3er"},{"vulnerability":"VCID-fc6y-y2b1-v3d5"},{"vulnerability":"VCID-gxju-xjh2-z7bn"},{"vulnerability":"VCID-hzcv-euwq-eqeg"},{"vulnerability":"VCID-jzbk-uswz-8ucg"},{"vulnerability":"VCID-nxbs-37dx-rbbh"},{"vulnerability":"VCID-punr-dfy5-v3g1"},{"vulnerability":"VCID-u53d-8afk-c3gq"},{"vulnerability":"VCID-vyzr-dkz3-vfg6"},{"vulnerability":"VCID-xb3c-6rew-z3ba"},{"vulnerability":"VCID-xu9t-qtjz-bud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.11"},{"url":"http://public2.vulnerablecode.io/api/packages/13765?format=json","purl":"pkg:pypi/django@3.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5a2y-2m62-1qfa"},{"vulnerability":"VCID-9hp4-hn21-zkg8"},{"vulnerability":"VCID-b81v-3drw-xudf"},{"vulnerability":"VCID-hzcv-euwq-eqeg"},{"vulnerability":"VCID-nxbs-37dx-rbbh"},{"vulnerability":"VCID-punr-dfy5-v3g1"},{"vulnerability":"VCID-xb3c-6rew-z3ba"},{"vulnerability":"VCID-xu9t-qtjz-bud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.4"}],"aliases":["BIT-django-2020-9402","CVE-2020-9402","GHSA-3gh2-xw74-jmcw","PYSEC-2020-345","PYSEC-2020-36"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7b47-vsfh-y3gh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/345533?format=json","vulnerability_id":"VCID-arff-yjfe-auhp","summary":"Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.)","references":[{"reference_url":"http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html","reference_id":"","reference_type":"","scores":[],"url":"http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/"},{"reference_url":"https://seclists.org/bugtraq/2020/Jan/9","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2020/Jan/9"},{"reference_url":"https://security.gentoo.org/glsa/202004-17","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202004-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200110-0003/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20200110-0003/"},{"reference_url":"https://usn.ubuntu.com/4224-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4224-1/"},{"reference_url":"https://www.debian.org/security/2020/dsa-4598","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2020/dsa-4598"},{"reference_url":"https://www.djangoproject.com/weblog/2019/dec/18/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2019/dec/18/security-releases/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/13511?format=json","purl":"pkg:pypi/django@1.11.27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bh9-k4at-r7hz"},{"vulnerability":"VCID-7b47-vsfh-y3gh"},{"vulnerability":"VCID-hzcv-euwq-eqeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.27"},{"url":"http://public2.vulnerablecode.io/api/packages/13512?format=json","purl":"pkg:pypi/django@2.2.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bh9-k4at-r7hz"},{"vulnerability":"VCID-2f2p-wfbs-73hz"},{"vulnerability":"VCID-5a2y-2m62-1qfa"},{"vulnerability":"VCID-7b47-vsfh-y3gh"},{"vulnerability":"VCID-81q1-gytk-2uaq"},{"vulnerability":"VCID-9hp4-hn21-zkg8"},{"vulnerability":"VCID-b81v-3drw-xudf"},{"vulnerability":"VCID-bbxx-48nj-pqcd"},{"vulnerability":"VCID-dcv2-gx5a-pfe2"},{"vulnerability":"VCID-dqkn-1888-y3er"},{"vulnerability":"VCID-fc6y-y2b1-v3d5"},{"vulnerability":"VCID-gxju-xjh2-z7bn"},{"vulnerability":"VCID-hzcv-euwq-eqeg"},{"vulnerability":"VCID-jzbk-uswz-8ucg"},{"vulnerability":"VCID-nxbs-37dx-rbbh"},{"vulnerability":"VCID-punr-dfy5-v3g1"},{"vulnerability":"VCID-u53d-8afk-c3gq"},{"vulnerability":"VCID-vyzr-dkz3-vfg6"},{"vulnerability":"VCID-xb3c-6rew-z3ba"},{"vulnerability":"VCID-xu9t-qtjz-bud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.9"}],"aliases":["PYSEC-2019-86"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-arff-yjfe-auhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6075?format=json","vulnerability_id":"VCID-bxu2-wqcg-1ueh","summary":"cross-site scripting","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12308","reference_id":"","reference_type":"","scores":[{"value":"0.01603","scoring_system":"epss","scoring_elements":"0.8203","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12308"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/1.11.21","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/1.11.21"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/1.11.21/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/1.11.21/"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/2.1.9","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/2.1.9"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/2.1.9/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/2.1.9/"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/2.2.2","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/2.2.2"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/2.2.2/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/2.2.2/"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-7rp2-fm2h-wchj","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7rp2-fm2h-wchj"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/09186a13d975de6d049f8b3e05484f66b01ece62","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/09186a13d975de6d049f8b3e05484f66b01ece62"},{"reference_url":"https://github.com/django/django/commit/afddabf8428ddc89a332f7a78d0d21eaf2b5a673","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/afddabf8428ddc89a332f7a78d0d21eaf2b5a673"},{"reference_url":"https://github.com/django/django/commit/c238701859a52d584f349cce15d56c8e8137c52b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/c238701859a52d584f349cce15d56c8e8137c52b"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-79.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-79.yaml"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/GEbHU7YoVz8","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/django-announce/GEbHU7YoVz8"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00001.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00001.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/07/msg00001.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2019/07/msg00001.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USYRARSYB7PE3S2ZQO7PZNWMH7RPGL5G","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USYRARSYB7PE3S2ZQO7PZNWMH7RPGL5G"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USYRARSYB7PE3S2ZQO7PZNWMH7RPGL5G/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USYRARSYB7PE3S2ZQO7PZNWMH7RPGL5G/"},{"reference_url":"https://seclists.org/bugtraq/2019/Jul/10","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2019/Jul/10"},{"reference_url":"https://security.gentoo.org/glsa/202004-17","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202004-17"},{"reference_url":"https://usn.ubuntu.com/4043-1","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4043-1"},{"reference_url":"https://usn.ubuntu.com/4043-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4043-1/"},{"reference_url":"https://www.debian.org/security/2019/dsa-4476","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4476"},{"reference_url":"https://www.djangoproject.com/weblog/2019/jun/03/security-releases","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2019/jun/03/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2019/jun/03/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2019/jun/03/security-releases/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/06/03/2","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2019/06/03/2"},{"reference_url":"http://www.securityfocus.com/bid/108559","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/108559"},{"reference_url":"https://security.archlinux.org/ASA-201906-2","reference_id":"ASA-201906-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201906-2"},{"reference_url":"https://security.archlinux.org/AVG-969","reference_id":"AVG-969","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-969"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12308","reference_id":"CVE-2019-12308","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12308"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12244?format=json","purl":"pkg:pypi/django@1.11.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bh9-k4at-r7hz"},{"vulnerability":"VCID-6s18-ssym-1bd6"},{"vulnerability":"VCID-7b47-vsfh-y3gh"},{"vulnerability":"VCID-arff-yjfe-auhp"},{"vulnerability":"VCID-evu1-efcj-gfc5"},{"vulnerability":"VCID-fynq-usj6-rfd3"},{"vulnerability":"VCID-had1-mb3z-23dy"},{"vulnerability":"VCID-hzcv-euwq-eqeg"},{"vulnerability":"VCID-n9cz-g44c-4fht"},{"vulnerability":"VCID-phrd-92uj-sygr"},{"vulnerability":"VCID-v8hg-78p1-87bh"},{"vulnerability":"VCID-wv4b-pjet-r7d1"},{"vulnerability":"VCID-x2hp-rmcn-gbah"},{"vulnerability":"VCID-yh41-twy2-c7c5"},{"vulnerability":"VCID-ypwa-2rh9-gyex"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.21"},{"url":"http://public2.vulnerablecode.io/api/packages/12243?format=json","purl":"pkg:pypi/django@2.1.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bh9-k4at-r7hz"},{"vulnerability":"VCID-3gvv-5jbs-cfc1"},{"vulnerability":"VCID-6s18-ssym-1bd6"},{"vulnerability":"VCID-evu1-efcj-gfc5"},{"vulnerability":"VCID-fynq-usj6-rfd3"},{"vulnerability":"VCID-had1-mb3z-23dy"},{"vulnerability":"VCID-hzcv-euwq-eqeg"},{"vulnerability":"VCID-n9cz-g44c-4fht"},{"vulnerability":"VCID-phrd-92uj-sygr"},{"vulnerability":"VCID-v8hg-78p1-87bh"},{"vulnerability":"VCID-vr6h-ymzh-1kb2"},{"vulnerability":"VCID-wv4b-pjet-r7d1"},{"vulnerability":"VCID-x2hp-rmcn-gbah"},{"vulnerability":"VCID-yh41-twy2-c7c5"},{"vulnerability":"VCID-ypwa-2rh9-gyex"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.9"},{"url":"http://public2.vulnerablecode.io/api/packages/12245?format=json","purl":"pkg:pypi/django@2.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bh9-k4at-r7hz"},{"vulnerability":"VCID-2f2p-wfbs-73hz"},{"vulnerability":"VCID-3gvv-5jbs-cfc1"},{"vulnerability":"VCID-5a2y-2m62-1qfa"},{"vulnerability":"VCID-6s18-ssym-1bd6"},{"vulnerability":"VCID-7b47-vsfh-y3gh"},{"vulnerability":"VCID-81q1-gytk-2uaq"},{"vulnerability":"VCID-9hp4-hn21-zkg8"},{"vulnerability":"VCID-arff-yjfe-auhp"},{"vulnerability":"VCID-b81v-3drw-xudf"},{"vulnerability":"VCID-bbxx-48nj-pqcd"},{"vulnerability":"VCID-dcv2-gx5a-pfe2"},{"vulnerability":"VCID-dqkn-1888-y3er"},{"vulnerability":"VCID-evu1-efcj-gfc5"},{"vulnerability":"VCID-fc6y-y2b1-v3d5"},{"vulnerability":"VCID-fynq-usj6-rfd3"},{"vulnerability":"VCID-gxju-xjh2-z7bn"},{"vulnerability":"VCID-had1-mb3z-23dy"},{"vulnerability":"VCID-hzcv-euwq-eqeg"},{"vulnerability":"VCID-jzbk-uswz-8ucg"},{"vulnerability":"VCID-n9cz-g44c-4fht"},{"vulnerability":"VCID-nxbs-37dx-rbbh"},{"vulnerability":"VCID-phrd-92uj-sygr"},{"vulnerability":"VCID-punr-dfy5-v3g1"},{"vulnerability":"VCID-u53d-8afk-c3gq"},{"vulnerability":"VCID-v8hg-78p1-87bh"},{"vulnerability":"VCID-vr6h-ymzh-1kb2"},{"vulnerability":"VCID-vyzr-dkz3-vfg6"},{"vulnerability":"VCID-wv4b-pjet-r7d1"},{"vulnerability":"VCID-x2hp-rmcn-gbah"},{"vulnerability":"VCID-xb3c-6rew-z3ba"},{"vulnerability":"VCID-xu9t-qtjz-bud8"},{"vulnerability":"VCID-yh41-twy2-c7c5"},{"vulnerability":"VCID-ypwa-2rh9-gyex"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.2"}],"aliases":["CVE-2019-12308","GHSA-7rp2-fm2h-wchj","PYSEC-2019-79"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bxu2-wqcg-1ueh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6060?format=json","vulnerability_id":"VCID-evu1-efcj-gfc5","summary":"multiple issues","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14235","reference_id":"","reference_type":"","scores":[{"value":"0.06773","scoring_system":"epss","scoring_elements":"0.91447","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14235"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-v9qg-3j8p-r63v","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v9qg-3j8p-r63v"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-14.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-14.yaml"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/"},{"reference_url":"https://seclists.org/bugtraq/2019/Aug/15","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2019/Aug/15"},{"reference_url":"https://security.gentoo.org/glsa/202004-17","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202004-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190828-0002","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190828-0002"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190828-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190828-0002/"},{"reference_url":"https://www.debian.org/security/2019/dsa-4498","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4498"},{"reference_url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases/"},{"reference_url":"https://security.archlinux.org/ASA-201908-2","reference_id":"ASA-201908-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-2"},{"reference_url":"https://security.archlinux.org/AVG-1015","reference_id":"AVG-1015","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1015"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14235","reference_id":"CVE-2019-14235","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14235"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12700?format=json","purl":"pkg:pypi/django@1.11.23","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bh9-k4at-r7hz"},{"vulnerability":"VCID-7b47-vsfh-y3gh"},{"vulnerability":"VCID-arff-yjfe-auhp"},{"vulnerability":"VCID-fynq-usj6-rfd3"},{"vulnerability":"VCID-hzcv-euwq-eqeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.23"},{"url":"http://public2.vulnerablecode.io/api/packages/12701?format=json","purl":"pkg:pypi/django@2.1.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bh9-k4at-r7hz"},{"vulnerability":"VCID-3gvv-5jbs-cfc1"},{"vulnerability":"VCID-fynq-usj6-rfd3"},{"vulnerability":"VCID-hzcv-euwq-eqeg"},{"vulnerability":"VCID-vr6h-ymzh-1kb2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.11"},{"url":"http://public2.vulnerablecode.io/api/packages/12702?format=json","purl":"pkg:pypi/django@2.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bh9-k4at-r7hz"},{"vulnerability":"VCID-2f2p-wfbs-73hz"},{"vulnerability":"VCID-3gvv-5jbs-cfc1"},{"vulnerability":"VCID-5a2y-2m62-1qfa"},{"vulnerability":"VCID-7b47-vsfh-y3gh"},{"vulnerability":"VCID-81q1-gytk-2uaq"},{"vulnerability":"VCID-9hp4-hn21-zkg8"},{"vulnerability":"VCID-arff-yjfe-auhp"},{"vulnerability":"VCID-b81v-3drw-xudf"},{"vulnerability":"VCID-bbxx-48nj-pqcd"},{"vulnerability":"VCID-dcv2-gx5a-pfe2"},{"vulnerability":"VCID-dqkn-1888-y3er"},{"vulnerability":"VCID-fc6y-y2b1-v3d5"},{"vulnerability":"VCID-fynq-usj6-rfd3"},{"vulnerability":"VCID-gxju-xjh2-z7bn"},{"vulnerability":"VCID-hzcv-euwq-eqeg"},{"vulnerability":"VCID-jzbk-uswz-8ucg"},{"vulnerability":"VCID-nxbs-37dx-rbbh"},{"vulnerability":"VCID-punr-dfy5-v3g1"},{"vulnerability":"VCID-u53d-8afk-c3gq"},{"vulnerability":"VCID-vr6h-ymzh-1kb2"},{"vulnerability":"VCID-vyzr-dkz3-vfg6"},{"vulnerability":"VCID-xb3c-6rew-z3ba"},{"vulnerability":"VCID-xu9t-qtjz-bud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.4"}],"aliases":["CVE-2019-14235","GHSA-v9qg-3j8p-r63v","PYSEC-2019-14"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-evu1-efcj-gfc5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4216?format=json","vulnerability_id":"VCID-fynq-usj6-rfd3","summary":"insufficient validation","references":[{"reference_url":"http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html","reference_id":"","reference_type":"","scores":[],"url":"http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19844","reference_id":"","reference_type":"","scores":[{"value":"0.13973","scoring_system":"epss","scoring_elements":"0.94448","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19844"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-vfq6-hq5r-27r6","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vfq6-hq5r-27r6"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/302a4ff1e8b1c798aab97673909c7a3dfda42c26","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/302a4ff1e8b1c798aab97673909c7a3dfda42c26"},{"reference_url":"https://github.com/django/django/commit/4d334bea06cac63dc1272abcec545b85136cca0e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/4d334bea06cac63dc1272abcec545b85136cca0e"},{"reference_url":"https://github.com/django/django/commit/5b1fbcef7a8bec991ebe7b2a18b5d5a95d72cb70","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/5b1fbcef7a8bec991ebe7b2a18b5d5a95d72cb70"},{"reference_url":"https://github.com/django/django/commit/f4cff43bf921fcea6a29b726eb66767f67753fa2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/f4cff43bf921fcea6a29b726eb66767f67753fa2"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-16.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-16.yaml"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/"},{"reference_url":"https://seclists.org/bugtraq/2020/Jan/9","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2020/Jan/9"},{"reference_url":"https://security.gentoo.org/glsa/202004-17","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202004-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200110-0003","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20200110-0003"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200110-0003/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20200110-0003/"},{"reference_url":"https://usn.ubuntu.com/4224-1","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4224-1"},{"reference_url":"https://usn.ubuntu.com/4224-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4224-1/"},{"reference_url":"https://www.debian.org/security/2020/dsa-4598","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2020/dsa-4598"},{"reference_url":"https://www.djangoproject.com/weblog/2019/dec/18/security-releases","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2019/dec/18/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2019/dec/18/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2019/dec/18/security-releases/"},{"reference_url":"https://security.archlinux.org/AVG-1080","reference_id":"AVG-1080","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1080"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19844","reference_id":"CVE-2019-19844","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19844"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/13511?format=json","purl":"pkg:pypi/django@1.11.27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bh9-k4at-r7hz"},{"vulnerability":"VCID-7b47-vsfh-y3gh"},{"vulnerability":"VCID-hzcv-euwq-eqeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.27"},{"url":"http://public2.vulnerablecode.io/api/packages/13512?format=json","purl":"pkg:pypi/django@2.2.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bh9-k4at-r7hz"},{"vulnerability":"VCID-2f2p-wfbs-73hz"},{"vulnerability":"VCID-5a2y-2m62-1qfa"},{"vulnerability":"VCID-7b47-vsfh-y3gh"},{"vulnerability":"VCID-81q1-gytk-2uaq"},{"vulnerability":"VCID-9hp4-hn21-zkg8"},{"vulnerability":"VCID-b81v-3drw-xudf"},{"vulnerability":"VCID-bbxx-48nj-pqcd"},{"vulnerability":"VCID-dcv2-gx5a-pfe2"},{"vulnerability":"VCID-dqkn-1888-y3er"},{"vulnerability":"VCID-fc6y-y2b1-v3d5"},{"vulnerability":"VCID-gxju-xjh2-z7bn"},{"vulnerability":"VCID-hzcv-euwq-eqeg"},{"vulnerability":"VCID-jzbk-uswz-8ucg"},{"vulnerability":"VCID-nxbs-37dx-rbbh"},{"vulnerability":"VCID-punr-dfy5-v3g1"},{"vulnerability":"VCID-u53d-8afk-c3gq"},{"vulnerability":"VCID-vyzr-dkz3-vfg6"},{"vulnerability":"VCID-xb3c-6rew-z3ba"},{"vulnerability":"VCID-xu9t-qtjz-bud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.9"},{"url":"http://public2.vulnerablecode.io/api/packages/13753?format=json","purl":"pkg:pypi/django@3.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bh9-k4at-r7hz"},{"vulnerability":"VCID-5a2y-2m62-1qfa"},{"vulnerability":"VCID-7b47-vsfh-y3gh"},{"vulnerability":"VCID-9hp4-hn21-zkg8"},{"vulnerability":"VCID-b81v-3drw-xudf"},{"vulnerability":"VCID-hzcv-euwq-eqeg"},{"vulnerability":"VCID-nxbs-37dx-rbbh"},{"vulnerability":"VCID-punr-dfy5-v3g1"},{"vulnerability":"VCID-xb3c-6rew-z3ba"},{"vulnerability":"VCID-xu9t-qtjz-bud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.1"}],"aliases":["CVE-2019-19844","GHSA-vfq6-hq5r-27r6","PYSEC-2019-16"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fynq-usj6-rfd3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/345507?format=json","vulnerability_id":"VCID-had1-mb3z-23dy","summary":"An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.strip_tags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/"},{"reference_url":"https://seclists.org/bugtraq/2019/Aug/15","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2019/Aug/15"},{"reference_url":"https://security.gentoo.org/glsa/202004-17","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202004-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190828-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190828-0002/"},{"reference_url":"https://www.debian.org/security/2019/dsa-4498","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4498"},{"reference_url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12700?format=json","purl":"pkg:pypi/django@1.11.23","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bh9-k4at-r7hz"},{"vulnerability":"VCID-7b47-vsfh-y3gh"},{"vulnerability":"VCID-arff-yjfe-auhp"},{"vulnerability":"VCID-fynq-usj6-rfd3"},{"vulnerability":"VCID-hzcv-euwq-eqeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.23"},{"url":"http://public2.vulnerablecode.io/api/packages/12701?format=json","purl":"pkg:pypi/django@2.1.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bh9-k4at-r7hz"},{"vulnerability":"VCID-3gvv-5jbs-cfc1"},{"vulnerability":"VCID-fynq-usj6-rfd3"},{"vulnerability":"VCID-hzcv-euwq-eqeg"},{"vulnerability":"VCID-vr6h-ymzh-1kb2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.11"},{"url":"http://public2.vulnerablecode.io/api/packages/12702?format=json","purl":"pkg:pypi/django@2.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bh9-k4at-r7hz"},{"vulnerability":"VCID-2f2p-wfbs-73hz"},{"vulnerability":"VCID-3gvv-5jbs-cfc1"},{"vulnerability":"VCID-5a2y-2m62-1qfa"},{"vulnerability":"VCID-7b47-vsfh-y3gh"},{"vulnerability":"VCID-81q1-gytk-2uaq"},{"vulnerability":"VCID-9hp4-hn21-zkg8"},{"vulnerability":"VCID-arff-yjfe-auhp"},{"vulnerability":"VCID-b81v-3drw-xudf"},{"vulnerability":"VCID-bbxx-48nj-pqcd"},{"vulnerability":"VCID-dcv2-gx5a-pfe2"},{"vulnerability":"VCID-dqkn-1888-y3er"},{"vulnerability":"VCID-fc6y-y2b1-v3d5"},{"vulnerability":"VCID-fynq-usj6-rfd3"},{"vulnerability":"VCID-gxju-xjh2-z7bn"},{"vulnerability":"VCID-hzcv-euwq-eqeg"},{"vulnerability":"VCID-jzbk-uswz-8ucg"},{"vulnerability":"VCID-nxbs-37dx-rbbh"},{"vulnerability":"VCID-punr-dfy5-v3g1"},{"vulnerability":"VCID-u53d-8afk-c3gq"},{"vulnerability":"VCID-vr6h-ymzh-1kb2"},{"vulnerability":"VCID-vyzr-dkz3-vfg6"},{"vulnerability":"VCID-xb3c-6rew-z3ba"},{"vulnerability":"VCID-xu9t-qtjz-bud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.4"}],"aliases":["PYSEC-2019-82"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-had1-mb3z-23dy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5556?format=json","vulnerability_id":"VCID-hzcv-euwq-eqeg","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33203","reference_id":"","reference_type":"","scores":[{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.5585","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33203"},{"reference_url":"https://docs.djangoproject.com/en/3.2/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/3.2/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-68w8-qjq3-2gfm","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-68w8-qjq3-2gfm"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://www.djangoproject.com/weblog/2021/jun/02/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2021/jun/02/security-releases/"},{"reference_url":"https://security.archlinux.org/ASA-202106-41","reference_id":"ASA-202106-41","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-41"},{"reference_url":"https://security.archlinux.org/AVG-2026","reference_id":"AVG-2026","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2026"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21276?format=json","purl":"pkg:pypi/django@2.2.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f2p-wfbs-73hz"},{"vulnerability":"VCID-81q1-gytk-2uaq"},{"vulnerability":"VCID-bbxx-48nj-pqcd"},{"vulnerability":"VCID-dcv2-gx5a-pfe2"},{"vulnerability":"VCID-dqkn-1888-y3er"},{"vulnerability":"VCID-fc6y-y2b1-v3d5"},{"vulnerability":"VCID-jzbk-uswz-8ucg"},{"vulnerability":"VCID-vyzr-dkz3-vfg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.24"},{"url":"http://public2.vulnerablecode.io/api/packages/21277?format=json","purl":"pkg:pypi/django@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fc6y-y2b1-v3d5"},{"vulnerability":"VCID-zvet-h29t-tub8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/21278?format=json","purl":"pkg:pypi/django@3.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f2p-wfbs-73hz"},{"vulnerability":"VCID-5k3f-9smv-8bev"},{"vulnerability":"VCID-6bct-bfhb-xugt"},{"vulnerability":"VCID-7u6e-a3ng-fude"},{"vulnerability":"VCID-81q1-gytk-2uaq"},{"vulnerability":"VCID-bbxx-48nj-pqcd"},{"vulnerability":"VCID-bjn5-qpmt-qffx"},{"vulnerability":"VCID-ctk2-ykg7-h7ag"},{"vulnerability":"VCID-dcv2-gx5a-pfe2"},{"vulnerability":"VCID-dqkn-1888-y3er"},{"vulnerability":"VCID-e2p6-m8gu-jbfu"},{"vulnerability":"VCID-fc6y-y2b1-v3d5"},{"vulnerability":"VCID-fwkd-bq8u-9kg8"},{"vulnerability":"VCID-jzbk-uswz-8ucg"},{"vulnerability":"VCID-kmv2-339j-8ugc"},{"vulnerability":"VCID-nyy8-t17r-syex"},{"vulnerability":"VCID-qg2s-fuw3-nbda"},{"vulnerability":"VCID-rn9d-fd73-3kb9"},{"vulnerability":"VCID-vyzr-dkz3-vfg6"},{"vulnerability":"VCID-x4s4-qav9-xbet"},{"vulnerability":"VCID-zvet-h29t-tub8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.4"}],"aliases":["BIT-django-2021-33203","CVE-2021-33203","GHSA-68w8-qjq3-2gfm","PYSEC-2021-98"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hzcv-euwq-eqeg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/345491?format=json","vulnerability_id":"VCID-k3fv-7e29-bfep","summary":"An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provided as a URL query parameter payload, could result in an clickable JavaScript link.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/1.11.21/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/1.11.21/"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/2.1.9/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/2.1.9/"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/2.2.2/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/2.2.2/"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/GEbHU7YoVz8","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/django-announce/GEbHU7YoVz8"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00001.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00001.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/07/msg00001.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2019/07/msg00001.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USYRARSYB7PE3S2ZQO7PZNWMH7RPGL5G/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USYRARSYB7PE3S2ZQO7PZNWMH7RPGL5G/"},{"reference_url":"https://seclists.org/bugtraq/2019/Jul/10","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2019/Jul/10"},{"reference_url":"https://security.gentoo.org/glsa/202004-17","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202004-17"},{"reference_url":"https://usn.ubuntu.com/4043-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4043-1/"},{"reference_url":"https://www.debian.org/security/2019/dsa-4476","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4476"},{"reference_url":"https://www.djangoproject.com/weblog/2019/jun/03/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2019/jun/03/security-releases/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/06/03/2","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2019/06/03/2"},{"reference_url":"http://www.securityfocus.com/bid/108559","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/108559"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12244?format=json","purl":"pkg:pypi/django@1.11.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bh9-k4at-r7hz"},{"vulnerability":"VCID-6s18-ssym-1bd6"},{"vulnerability":"VCID-7b47-vsfh-y3gh"},{"vulnerability":"VCID-arff-yjfe-auhp"},{"vulnerability":"VCID-evu1-efcj-gfc5"},{"vulnerability":"VCID-fynq-usj6-rfd3"},{"vulnerability":"VCID-had1-mb3z-23dy"},{"vulnerability":"VCID-hzcv-euwq-eqeg"},{"vulnerability":"VCID-n9cz-g44c-4fht"},{"vulnerability":"VCID-phrd-92uj-sygr"},{"vulnerability":"VCID-v8hg-78p1-87bh"},{"vulnerability":"VCID-wv4b-pjet-r7d1"},{"vulnerability":"VCID-x2hp-rmcn-gbah"},{"vulnerability":"VCID-yh41-twy2-c7c5"},{"vulnerability":"VCID-ypwa-2rh9-gyex"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.21"},{"url":"http://public2.vulnerablecode.io/api/packages/12243?format=json","purl":"pkg:pypi/django@2.1.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bh9-k4at-r7hz"},{"vulnerability":"VCID-3gvv-5jbs-cfc1"},{"vulnerability":"VCID-6s18-ssym-1bd6"},{"vulnerability":"VCID-evu1-efcj-gfc5"},{"vulnerability":"VCID-fynq-usj6-rfd3"},{"vulnerability":"VCID-had1-mb3z-23dy"},{"vulnerability":"VCID-hzcv-euwq-eqeg"},{"vulnerability":"VCID-n9cz-g44c-4fht"},{"vulnerability":"VCID-phrd-92uj-sygr"},{"vulnerability":"VCID-v8hg-78p1-87bh"},{"vulnerability":"VCID-vr6h-ymzh-1kb2"},{"vulnerability":"VCID-wv4b-pjet-r7d1"},{"vulnerability":"VCID-x2hp-rmcn-gbah"},{"vulnerability":"VCID-yh41-twy2-c7c5"},{"vulnerability":"VCID-ypwa-2rh9-gyex"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.9"},{"url":"http://public2.vulnerablecode.io/api/packages/12245?format=json","purl":"pkg:pypi/django@2.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bh9-k4at-r7hz"},{"vulnerability":"VCID-2f2p-wfbs-73hz"},{"vulnerability":"VCID-3gvv-5jbs-cfc1"},{"vulnerability":"VCID-5a2y-2m62-1qfa"},{"vulnerability":"VCID-6s18-ssym-1bd6"},{"vulnerability":"VCID-7b47-vsfh-y3gh"},{"vulnerability":"VCID-81q1-gytk-2uaq"},{"vulnerability":"VCID-9hp4-hn21-zkg8"},{"vulnerability":"VCID-arff-yjfe-auhp"},{"vulnerability":"VCID-b81v-3drw-xudf"},{"vulnerability":"VCID-bbxx-48nj-pqcd"},{"vulnerability":"VCID-dcv2-gx5a-pfe2"},{"vulnerability":"VCID-dqkn-1888-y3er"},{"vulnerability":"VCID-evu1-efcj-gfc5"},{"vulnerability":"VCID-fc6y-y2b1-v3d5"},{"vulnerability":"VCID-fynq-usj6-rfd3"},{"vulnerability":"VCID-gxju-xjh2-z7bn"},{"vulnerability":"VCID-had1-mb3z-23dy"},{"vulnerability":"VCID-hzcv-euwq-eqeg"},{"vulnerability":"VCID-jzbk-uswz-8ucg"},{"vulnerability":"VCID-n9cz-g44c-4fht"},{"vulnerability":"VCID-nxbs-37dx-rbbh"},{"vulnerability":"VCID-phrd-92uj-sygr"},{"vulnerability":"VCID-punr-dfy5-v3g1"},{"vulnerability":"VCID-u53d-8afk-c3gq"},{"vulnerability":"VCID-v8hg-78p1-87bh"},{"vulnerability":"VCID-vr6h-ymzh-1kb2"},{"vulnerability":"VCID-vyzr-dkz3-vfg6"},{"vulnerability":"VCID-wv4b-pjet-r7d1"},{"vulnerability":"VCID-x2hp-rmcn-gbah"},{"vulnerability":"VCID-xb3c-6rew-z3ba"},{"vulnerability":"VCID-xu9t-qtjz-bud8"},{"vulnerability":"VCID-yh41-twy2-c7c5"},{"vulnerability":"VCID-ypwa-2rh9-gyex"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.2"}],"aliases":["PYSEC-2019-9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k3fv-7e29-bfep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/345472?format=json","vulnerability_id":"VCID-myrv-evr9-8kd4","summary":"In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content.","references":[{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/VYU7xQQTEPQ","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/django-announce/VYU7xQQTEPQ"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/01/msg00005.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2019/01/msg00005.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/"},{"reference_url":"https://usn.ubuntu.com/3851-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3851-1/"},{"reference_url":"https://www.debian.org/security/2019/dsa-4363","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4363"},{"reference_url":"https://www.djangoproject.com/weblog/2019/jan/04/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2019/jan/04/security-releases/"},{"reference_url":"http://www.securityfocus.com/bid/106453","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/106453"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/11480?format=json","purl":"pkg:pypi/django@1.11.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bh9-k4at-r7hz"},{"vulnerability":"VCID-6s18-ssym-1bd6"},{"vulnerability":"VCID-7b47-vsfh-y3gh"},{"vulnerability":"VCID-arff-yjfe-auhp"},{"vulnerability":"VCID-bxu2-wqcg-1ueh"},{"vulnerability":"VCID-evu1-efcj-gfc5"},{"vulnerability":"VCID-fynq-usj6-rfd3"},{"vulnerability":"VCID-had1-mb3z-23dy"},{"vulnerability":"VCID-hzcv-euwq-eqeg"},{"vulnerability":"VCID-k3fv-7e29-bfep"},{"vulnerability":"VCID-n9cz-g44c-4fht"},{"vulnerability":"VCID-phrd-92uj-sygr"},{"vulnerability":"VCID-v8hg-78p1-87bh"},{"vulnerability":"VCID-wj2g-v6dz-2yeq"},{"vulnerability":"VCID-wv4b-pjet-r7d1"},{"vulnerability":"VCID-x2hp-rmcn-gbah"},{"vulnerability":"VCID-yc5g-k96t-qub7"},{"vulnerability":"VCID-yh41-twy2-c7c5"},{"vulnerability":"VCID-ypwa-2rh9-gyex"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.18"},{"url":"http://public2.vulnerablecode.io/api/packages/11481?format=json","purl":"pkg:pypi/django@2.0.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bh9-k4at-r7hz"},{"vulnerability":"VCID-795n-caf2-fbcq"},{"vulnerability":"VCID-fynq-usj6-rfd3"},{"vulnerability":"VCID-hzcv-euwq-eqeg"},{"vulnerability":"VCID-wj2g-v6dz-2yeq"},{"vulnerability":"VCID-yc5g-k96t-qub7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.0.10"},{"url":"http://public2.vulnerablecode.io/api/packages/11482?format=json","purl":"pkg:pypi/django@2.1.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bh9-k4at-r7hz"},{"vulnerability":"VCID-3gvv-5jbs-cfc1"},{"vulnerability":"VCID-6s18-ssym-1bd6"},{"vulnerability":"VCID-795n-caf2-fbcq"},{"vulnerability":"VCID-bxu2-wqcg-1ueh"},{"vulnerability":"VCID-evu1-efcj-gfc5"},{"vulnerability":"VCID-fynq-usj6-rfd3"},{"vulnerability":"VCID-had1-mb3z-23dy"},{"vulnerability":"VCID-hzcv-euwq-eqeg"},{"vulnerability":"VCID-k3fv-7e29-bfep"},{"vulnerability":"VCID-n9cz-g44c-4fht"},{"vulnerability":"VCID-phrd-92uj-sygr"},{"vulnerability":"VCID-v8hg-78p1-87bh"},{"vulnerability":"VCID-vr6h-ymzh-1kb2"},{"vulnerability":"VCID-wj2g-v6dz-2yeq"},{"vulnerability":"VCID-wv4b-pjet-r7d1"},{"vulnerability":"VCID-x2hp-rmcn-gbah"},{"vulnerability":"VCID-yc5g-k96t-qub7"},{"vulnerability":"VCID-yh41-twy2-c7c5"},{"vulnerability":"VCID-ypwa-2rh9-gyex"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.5"}],"aliases":["PYSEC-2019-87"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-myrv-evr9-8kd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6062?format=json","vulnerability_id":"VCID-n9cz-g44c-4fht","summary":"multiple issues","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14233","reference_id":"","reference_type":"","scores":[{"value":"0.06773","scoring_system":"epss","scoring_elements":"0.91447","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14233"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-h5jv-4p7w-64jg","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h5jv-4p7w-64jg"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-12.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-12.yaml"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/"},{"reference_url":"https://seclists.org/bugtraq/2019/Aug/15","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2019/Aug/15"},{"reference_url":"https://security.gentoo.org/glsa/202004-17","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202004-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190828-0002","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190828-0002"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190828-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190828-0002/"},{"reference_url":"https://www.debian.org/security/2019/dsa-4498","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4498"},{"reference_url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases/"},{"reference_url":"https://security.archlinux.org/ASA-201908-2","reference_id":"ASA-201908-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-2"},{"reference_url":"https://security.archlinux.org/AVG-1015","reference_id":"AVG-1015","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1015"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14233","reference_id":"CVE-2019-14233","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14233"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12700?format=json","purl":"pkg:pypi/django@1.11.23","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bh9-k4at-r7hz"},{"vulnerability":"VCID-7b47-vsfh-y3gh"},{"vulnerability":"VCID-arff-yjfe-auhp"},{"vulnerability":"VCID-fynq-usj6-rfd3"},{"vulnerability":"VCID-hzcv-euwq-eqeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.23"},{"url":"http://public2.vulnerablecode.io/api/packages/12701?format=json","purl":"pkg:pypi/django@2.1.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bh9-k4at-r7hz"},{"vulnerability":"VCID-3gvv-5jbs-cfc1"},{"vulnerability":"VCID-fynq-usj6-rfd3"},{"vulnerability":"VCID-hzcv-euwq-eqeg"},{"vulnerability":"VCID-vr6h-ymzh-1kb2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.11"},{"url":"http://public2.vulnerablecode.io/api/packages/12702?format=json","purl":"pkg:pypi/django@2.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bh9-k4at-r7hz"},{"vulnerability":"VCID-2f2p-wfbs-73hz"},{"vulnerability":"VCID-3gvv-5jbs-cfc1"},{"vulnerability":"VCID-5a2y-2m62-1qfa"},{"vulnerability":"VCID-7b47-vsfh-y3gh"},{"vulnerability":"VCID-81q1-gytk-2uaq"},{"vulnerability":"VCID-9hp4-hn21-zkg8"},{"vulnerability":"VCID-arff-yjfe-auhp"},{"vulnerability":"VCID-b81v-3drw-xudf"},{"vulnerability":"VCID-bbxx-48nj-pqcd"},{"vulnerability":"VCID-dcv2-gx5a-pfe2"},{"vulnerability":"VCID-dqkn-1888-y3er"},{"vulnerability":"VCID-fc6y-y2b1-v3d5"},{"vulnerability":"VCID-fynq-usj6-rfd3"},{"vulnerability":"VCID-gxju-xjh2-z7bn"},{"vulnerability":"VCID-hzcv-euwq-eqeg"},{"vulnerability":"VCID-jzbk-uswz-8ucg"},{"vulnerability":"VCID-nxbs-37dx-rbbh"},{"vulnerability":"VCID-punr-dfy5-v3g1"},{"vulnerability":"VCID-u53d-8afk-c3gq"},{"vulnerability":"VCID-vr6h-ymzh-1kb2"},{"vulnerability":"VCID-vyzr-dkz3-vfg6"},{"vulnerability":"VCID-xb3c-6rew-z3ba"},{"vulnerability":"VCID-xu9t-qtjz-bud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.4"}],"aliases":["CVE-2019-14233","GHSA-h5jv-4p7w-64jg","PYSEC-2019-12"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n9cz-g44c-4fht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/345506?format=json","vulnerability_id":"VCID-phrd-92uj-sygr","summary":"An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/"},{"reference_url":"https://seclists.org/bugtraq/2019/Aug/15","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2019/Aug/15"},{"reference_url":"https://security.gentoo.org/glsa/202004-17","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202004-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190828-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190828-0002/"},{"reference_url":"https://www.debian.org/security/2019/dsa-4498","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4498"},{"reference_url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12700?format=json","purl":"pkg:pypi/django@1.11.23","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bh9-k4at-r7hz"},{"vulnerability":"VCID-7b47-vsfh-y3gh"},{"vulnerability":"VCID-arff-yjfe-auhp"},{"vulnerability":"VCID-fynq-usj6-rfd3"},{"vulnerability":"VCID-hzcv-euwq-eqeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.23"},{"url":"http://public2.vulnerablecode.io/api/packages/12701?format=json","purl":"pkg:pypi/django@2.1.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bh9-k4at-r7hz"},{"vulnerability":"VCID-3gvv-5jbs-cfc1"},{"vulnerability":"VCID-fynq-usj6-rfd3"},{"vulnerability":"VCID-hzcv-euwq-eqeg"},{"vulnerability":"VCID-vr6h-ymzh-1kb2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.11"},{"url":"http://public2.vulnerablecode.io/api/packages/12702?format=json","purl":"pkg:pypi/django@2.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bh9-k4at-r7hz"},{"vulnerability":"VCID-2f2p-wfbs-73hz"},{"vulnerability":"VCID-3gvv-5jbs-cfc1"},{"vulnerability":"VCID-5a2y-2m62-1qfa"},{"vulnerability":"VCID-7b47-vsfh-y3gh"},{"vulnerability":"VCID-81q1-gytk-2uaq"},{"vulnerability":"VCID-9hp4-hn21-zkg8"},{"vulnerability":"VCID-arff-yjfe-auhp"},{"vulnerability":"VCID-b81v-3drw-xudf"},{"vulnerability":"VCID-bbxx-48nj-pqcd"},{"vulnerability":"VCID-dcv2-gx5a-pfe2"},{"vulnerability":"VCID-dqkn-1888-y3er"},{"vulnerability":"VCID-fc6y-y2b1-v3d5"},{"vulnerability":"VCID-fynq-usj6-rfd3"},{"vulnerability":"VCID-gxju-xjh2-z7bn"},{"vulnerability":"VCID-hzcv-euwq-eqeg"},{"vulnerability":"VCID-jzbk-uswz-8ucg"},{"vulnerability":"VCID-nxbs-37dx-rbbh"},{"vulnerability":"VCID-punr-dfy5-v3g1"},{"vulnerability":"VCID-u53d-8afk-c3gq"},{"vulnerability":"VCID-vr6h-ymzh-1kb2"},{"vulnerability":"VCID-vyzr-dkz3-vfg6"},{"vulnerability":"VCID-xb3c-6rew-z3ba"},{"vulnerability":"VCID-xu9t-qtjz-bud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.4"}],"aliases":["PYSEC-2019-81"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-phrd-92uj-sygr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6061?format=json","vulnerability_id":"VCID-v8hg-78p1-87bh","summary":"multiple issues","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14234","reference_id":"","reference_type":"","scores":[{"value":"0.29723","scoring_system":"epss","scoring_elements":"0.96712","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14234"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-6r97-cj55-9hrq","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6r97-cj55-9hrq"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/4f5b58f5cd3c57fee9972ab074f8dc6895d8f387","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/4f5b58f5cd3c57fee9972ab074f8dc6895d8f387"},{"reference_url":"https://github.com/django/django/commit/ed682a24fca774818542757651bfba576c3fc3ef","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/ed682a24fca774818542757651bfba576c3fc3ef"},{"reference_url":"https://github.com/django/django/commit/f74b3ae3628c26e1b4f8db3d13a91d52a833a975","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/f74b3ae3628c26e1b4f8db3d13a91d52a833a975"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-13.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-13.yaml"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/"},{"reference_url":"https://seclists.org/bugtraq/2019/Aug/15","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2019/Aug/15"},{"reference_url":"https://security.gentoo.org/glsa/202004-17","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202004-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190828-0002","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190828-0002"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190828-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190828-0002/"},{"reference_url":"https://www.debian.org/security/2019/dsa-4498","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4498"},{"reference_url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases/"},{"reference_url":"https://security.archlinux.org/ASA-201908-2","reference_id":"ASA-201908-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-2"},{"reference_url":"https://security.archlinux.org/AVG-1015","reference_id":"AVG-1015","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1015"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14234","reference_id":"CVE-2019-14234","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14234"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12700?format=json","purl":"pkg:pypi/django@1.11.23","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bh9-k4at-r7hz"},{"vulnerability":"VCID-7b47-vsfh-y3gh"},{"vulnerability":"VCID-arff-yjfe-auhp"},{"vulnerability":"VCID-fynq-usj6-rfd3"},{"vulnerability":"VCID-hzcv-euwq-eqeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.23"},{"url":"http://public2.vulnerablecode.io/api/packages/12701?format=json","purl":"pkg:pypi/django@2.1.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bh9-k4at-r7hz"},{"vulnerability":"VCID-3gvv-5jbs-cfc1"},{"vulnerability":"VCID-fynq-usj6-rfd3"},{"vulnerability":"VCID-hzcv-euwq-eqeg"},{"vulnerability":"VCID-vr6h-ymzh-1kb2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.11"},{"url":"http://public2.vulnerablecode.io/api/packages/12702?format=json","purl":"pkg:pypi/django@2.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bh9-k4at-r7hz"},{"vulnerability":"VCID-2f2p-wfbs-73hz"},{"vulnerability":"VCID-3gvv-5jbs-cfc1"},{"vulnerability":"VCID-5a2y-2m62-1qfa"},{"vulnerability":"VCID-7b47-vsfh-y3gh"},{"vulnerability":"VCID-81q1-gytk-2uaq"},{"vulnerability":"VCID-9hp4-hn21-zkg8"},{"vulnerability":"VCID-arff-yjfe-auhp"},{"vulnerability":"VCID-b81v-3drw-xudf"},{"vulnerability":"VCID-bbxx-48nj-pqcd"},{"vulnerability":"VCID-dcv2-gx5a-pfe2"},{"vulnerability":"VCID-dqkn-1888-y3er"},{"vulnerability":"VCID-fc6y-y2b1-v3d5"},{"vulnerability":"VCID-fynq-usj6-rfd3"},{"vulnerability":"VCID-gxju-xjh2-z7bn"},{"vulnerability":"VCID-hzcv-euwq-eqeg"},{"vulnerability":"VCID-jzbk-uswz-8ucg"},{"vulnerability":"VCID-nxbs-37dx-rbbh"},{"vulnerability":"VCID-punr-dfy5-v3g1"},{"vulnerability":"VCID-u53d-8afk-c3gq"},{"vulnerability":"VCID-vr6h-ymzh-1kb2"},{"vulnerability":"VCID-vyzr-dkz3-vfg6"},{"vulnerability":"VCID-xb3c-6rew-z3ba"},{"vulnerability":"VCID-xu9t-qtjz-bud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.4"}],"aliases":["CVE-2019-14234","GHSA-6r97-cj55-9hrq","PYSEC-2019-13"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v8hg-78p1-87bh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6092?format=json","vulnerability_id":"VCID-wj2g-v6dz-2yeq","summary":"denial of service","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6975","reference_id":"","reference_type":"","scores":[{"value":"0.07682","scoring_system":"epss","scoring_elements":"0.9203","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6975"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-wh4h-v3f2-r2pp","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wh4h-v3f2-r2pp"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/0bbb560183fabf0533289700845dafa94951f227","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/0bbb560183fabf0533289700845dafa94951f227"},{"reference_url":"https://github.com/django/django/commit/1f42f82566c9d2d73aff1c42790d6b1b243f7676","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/1f42f82566c9d2d73aff1c42790d6b1b243f7676"},{"reference_url":"https://github.com/django/django/commit/40cd19055773705301c3428ed5e08a036d2091f3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/40cd19055773705301c3428ed5e08a036d2091f3"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-18.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-18.yaml"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/WTwEAprR0IQ","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/django-announce/WTwEAprR0IQ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66WMXHGBXD7GSM3PEXVCMCAGLMQYHZCU","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66WMXHGBXD7GSM3PEXVCMCAGLMQYHZCU"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66WMXHGBXD7GSM3PEXVCMCAGLMQYHZCU/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66WMXHGBXD7GSM3PEXVCMCAGLMQYHZCU/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/"},{"reference_url":"https://seclists.org/bugtraq/2019/Jul/10","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2019/Jul/10"},{"reference_url":"https://usn.ubuntu.com/3890-1","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3890-1"},{"reference_url":"https://usn.ubuntu.com/3890-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3890-1/"},{"reference_url":"https://web.archive.org/web/20200227084713/http://www.securityfocus.com/bid/106964","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20200227084713/http://www.securityfocus.com/bid/106964"},{"reference_url":"https://www.debian.org/security/2019/dsa-4476","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4476"},{"reference_url":"https://www.djangoproject.com/weblog/2019/feb/11/security-releases","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2019/feb/11/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2019/feb/11/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2019/feb/11/security-releases/"},{"reference_url":"https://www.openwall.com/lists/oss-security/2019/02/11/1","reference_id":"","reference_type":"","scores":[],"url":"https://www.openwall.com/lists/oss-security/2019/02/11/1"},{"reference_url":"http://www.securityfocus.com/bid/106964","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/106964"},{"reference_url":"https://security.archlinux.org/ASA-201902-14","reference_id":"ASA-201902-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201902-14"},{"reference_url":"https://security.archlinux.org/AVG-881","reference_id":"AVG-881","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-881"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6975","reference_id":"CVE-2019-6975","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6975"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/11776?format=json","purl":"pkg:pypi/django@1.11.19","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.19"},{"url":"http://public2.vulnerablecode.io/api/packages/12239?format=json","purl":"pkg:pypi/django@1.11.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bh9-k4at-r7hz"},{"vulnerability":"VCID-6s18-ssym-1bd6"},{"vulnerability":"VCID-7b47-vsfh-y3gh"},{"vulnerability":"VCID-arff-yjfe-auhp"},{"vulnerability":"VCID-bxu2-wqcg-1ueh"},{"vulnerability":"VCID-evu1-efcj-gfc5"},{"vulnerability":"VCID-fynq-usj6-rfd3"},{"vulnerability":"VCID-had1-mb3z-23dy"},{"vulnerability":"VCID-hzcv-euwq-eqeg"},{"vulnerability":"VCID-k3fv-7e29-bfep"},{"vulnerability":"VCID-n9cz-g44c-4fht"},{"vulnerability":"VCID-phrd-92uj-sygr"},{"vulnerability":"VCID-v8hg-78p1-87bh"},{"vulnerability":"VCID-wv4b-pjet-r7d1"},{"vulnerability":"VCID-x2hp-rmcn-gbah"},{"vulnerability":"VCID-yh41-twy2-c7c5"},{"vulnerability":"VCID-ypwa-2rh9-gyex"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.20"},{"url":"http://public2.vulnerablecode.io/api/packages/56434?format=json","purl":"pkg:pypi/django@2.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.0.11"},{"url":"http://public2.vulnerablecode.io/api/packages/11777?format=json","purl":"pkg:pypi/django@2.0.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bh9-k4at-r7hz"},{"vulnerability":"VCID-795n-caf2-fbcq"},{"vulnerability":"VCID-fynq-usj6-rfd3"},{"vulnerability":"VCID-hzcv-euwq-eqeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.0.12"},{"url":"http://public2.vulnerablecode.io/api/packages/56435?format=json","purl":"pkg:pypi/django@2.1.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.6"},{"url":"http://public2.vulnerablecode.io/api/packages/11778?format=json","purl":"pkg:pypi/django@2.1.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bh9-k4at-r7hz"},{"vulnerability":"VCID-3gvv-5jbs-cfc1"},{"vulnerability":"VCID-6s18-ssym-1bd6"},{"vulnerability":"VCID-795n-caf2-fbcq"},{"vulnerability":"VCID-bxu2-wqcg-1ueh"},{"vulnerability":"VCID-evu1-efcj-gfc5"},{"vulnerability":"VCID-fynq-usj6-rfd3"},{"vulnerability":"VCID-had1-mb3z-23dy"},{"vulnerability":"VCID-hzcv-euwq-eqeg"},{"vulnerability":"VCID-k3fv-7e29-bfep"},{"vulnerability":"VCID-n9cz-g44c-4fht"},{"vulnerability":"VCID-phrd-92uj-sygr"},{"vulnerability":"VCID-v8hg-78p1-87bh"},{"vulnerability":"VCID-vr6h-ymzh-1kb2"},{"vulnerability":"VCID-wv4b-pjet-r7d1"},{"vulnerability":"VCID-x2hp-rmcn-gbah"},{"vulnerability":"VCID-yh41-twy2-c7c5"},{"vulnerability":"VCID-ypwa-2rh9-gyex"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.7"}],"aliases":["CVE-2019-6975","GHSA-wh4h-v3f2-r2pp","PYSEC-2019-18"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wj2g-v6dz-2yeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6108?format=json","vulnerability_id":"VCID-wsx7-6bfa-pugr","summary":"content spoofing","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3498","reference_id":"","reference_type":"","scores":[{"value":"0.00522","scoring_system":"epss","scoring_elements":"0.67199","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3498"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-337x-4q8g-prc5","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-337x-4q8g-prc5"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-17.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-17.yaml"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/VYU7xQQTEPQ","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/django-announce/VYU7xQQTEPQ"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/01/msg00005.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2019/01/msg00005.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/"},{"reference_url":"https://usn.ubuntu.com/3851-1","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3851-1"},{"reference_url":"https://usn.ubuntu.com/3851-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3851-1/"},{"reference_url":"https://web.archive.org/web/20200227094237/http://www.securityfocus.com/bid/106453","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20200227094237/http://www.securityfocus.com/bid/106453"},{"reference_url":"https://www.debian.org/security/2019/dsa-4363","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4363"},{"reference_url":"https://www.djangoproject.com/weblog/2019/jan/04/security-releases","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2019/jan/04/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2019/jan/04/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2019/jan/04/security-releases/"},{"reference_url":"http://www.securityfocus.com/bid/106453","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/106453"},{"reference_url":"https://security.archlinux.org/ASA-201901-6","reference_id":"ASA-201901-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201901-6"},{"reference_url":"https://security.archlinux.org/AVG-839","reference_id":"AVG-839","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-839"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3498","reference_id":"CVE-2019-3498","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3498"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/11480?format=json","purl":"pkg:pypi/django@1.11.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bh9-k4at-r7hz"},{"vulnerability":"VCID-6s18-ssym-1bd6"},{"vulnerability":"VCID-7b47-vsfh-y3gh"},{"vulnerability":"VCID-arff-yjfe-auhp"},{"vulnerability":"VCID-bxu2-wqcg-1ueh"},{"vulnerability":"VCID-evu1-efcj-gfc5"},{"vulnerability":"VCID-fynq-usj6-rfd3"},{"vulnerability":"VCID-had1-mb3z-23dy"},{"vulnerability":"VCID-hzcv-euwq-eqeg"},{"vulnerability":"VCID-k3fv-7e29-bfep"},{"vulnerability":"VCID-n9cz-g44c-4fht"},{"vulnerability":"VCID-phrd-92uj-sygr"},{"vulnerability":"VCID-v8hg-78p1-87bh"},{"vulnerability":"VCID-wj2g-v6dz-2yeq"},{"vulnerability":"VCID-wv4b-pjet-r7d1"},{"vulnerability":"VCID-x2hp-rmcn-gbah"},{"vulnerability":"VCID-yc5g-k96t-qub7"},{"vulnerability":"VCID-yh41-twy2-c7c5"},{"vulnerability":"VCID-ypwa-2rh9-gyex"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.18"},{"url":"http://public2.vulnerablecode.io/api/packages/11481?format=json","purl":"pkg:pypi/django@2.0.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bh9-k4at-r7hz"},{"vulnerability":"VCID-795n-caf2-fbcq"},{"vulnerability":"VCID-fynq-usj6-rfd3"},{"vulnerability":"VCID-hzcv-euwq-eqeg"},{"vulnerability":"VCID-wj2g-v6dz-2yeq"},{"vulnerability":"VCID-yc5g-k96t-qub7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.0.10"},{"url":"http://public2.vulnerablecode.io/api/packages/11482?format=json","purl":"pkg:pypi/django@2.1.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bh9-k4at-r7hz"},{"vulnerability":"VCID-3gvv-5jbs-cfc1"},{"vulnerability":"VCID-6s18-ssym-1bd6"},{"vulnerability":"VCID-795n-caf2-fbcq"},{"vulnerability":"VCID-bxu2-wqcg-1ueh"},{"vulnerability":"VCID-evu1-efcj-gfc5"},{"vulnerability":"VCID-fynq-usj6-rfd3"},{"vulnerability":"VCID-had1-mb3z-23dy"},{"vulnerability":"VCID-hzcv-euwq-eqeg"},{"vulnerability":"VCID-k3fv-7e29-bfep"},{"vulnerability":"VCID-n9cz-g44c-4fht"},{"vulnerability":"VCID-phrd-92uj-sygr"},{"vulnerability":"VCID-v8hg-78p1-87bh"},{"vulnerability":"VCID-vr6h-ymzh-1kb2"},{"vulnerability":"VCID-wj2g-v6dz-2yeq"},{"vulnerability":"VCID-wv4b-pjet-r7d1"},{"vulnerability":"VCID-x2hp-rmcn-gbah"},{"vulnerability":"VCID-yc5g-k96t-qub7"},{"vulnerability":"VCID-yh41-twy2-c7c5"},{"vulnerability":"VCID-ypwa-2rh9-gyex"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.5"}],"aliases":["CVE-2019-3498","GHSA-337x-4q8g-prc5","PYSEC-2019-17"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wsx7-6bfa-pugr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/345509?format=json","vulnerability_id":"VCID-wv4b-pjet-r7d1","summary":"An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of \"OR 1=1\" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/"},{"reference_url":"https://seclists.org/bugtraq/2019/Aug/15","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2019/Aug/15"},{"reference_url":"https://security.gentoo.org/glsa/202004-17","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202004-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190828-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190828-0002/"},{"reference_url":"https://www.debian.org/security/2019/dsa-4498","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4498"},{"reference_url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12700?format=json","purl":"pkg:pypi/django@1.11.23","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bh9-k4at-r7hz"},{"vulnerability":"VCID-7b47-vsfh-y3gh"},{"vulnerability":"VCID-arff-yjfe-auhp"},{"vulnerability":"VCID-fynq-usj6-rfd3"},{"vulnerability":"VCID-hzcv-euwq-eqeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.23"},{"url":"http://public2.vulnerablecode.io/api/packages/12701?format=json","purl":"pkg:pypi/django@2.1.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bh9-k4at-r7hz"},{"vulnerability":"VCID-3gvv-5jbs-cfc1"},{"vulnerability":"VCID-fynq-usj6-rfd3"},{"vulnerability":"VCID-hzcv-euwq-eqeg"},{"vulnerability":"VCID-vr6h-ymzh-1kb2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.11"},{"url":"http://public2.vulnerablecode.io/api/packages/12702?format=json","purl":"pkg:pypi/django@2.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bh9-k4at-r7hz"},{"vulnerability":"VCID-2f2p-wfbs-73hz"},{"vulnerability":"VCID-3gvv-5jbs-cfc1"},{"vulnerability":"VCID-5a2y-2m62-1qfa"},{"vulnerability":"VCID-7b47-vsfh-y3gh"},{"vulnerability":"VCID-81q1-gytk-2uaq"},{"vulnerability":"VCID-9hp4-hn21-zkg8"},{"vulnerability":"VCID-arff-yjfe-auhp"},{"vulnerability":"VCID-b81v-3drw-xudf"},{"vulnerability":"VCID-bbxx-48nj-pqcd"},{"vulnerability":"VCID-dcv2-gx5a-pfe2"},{"vulnerability":"VCID-dqkn-1888-y3er"},{"vulnerability":"VCID-fc6y-y2b1-v3d5"},{"vulnerability":"VCID-fynq-usj6-rfd3"},{"vulnerability":"VCID-gxju-xjh2-z7bn"},{"vulnerability":"VCID-hzcv-euwq-eqeg"},{"vulnerability":"VCID-jzbk-uswz-8ucg"},{"vulnerability":"VCID-nxbs-37dx-rbbh"},{"vulnerability":"VCID-punr-dfy5-v3g1"},{"vulnerability":"VCID-u53d-8afk-c3gq"},{"vulnerability":"VCID-vr6h-ymzh-1kb2"},{"vulnerability":"VCID-vyzr-dkz3-vfg6"},{"vulnerability":"VCID-xb3c-6rew-z3ba"},{"vulnerability":"VCID-xu9t-qtjz-bud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.4"}],"aliases":["PYSEC-2019-83"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wv4b-pjet-r7d1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6063?format=json","vulnerability_id":"VCID-x2hp-rmcn-gbah","summary":"multiple issues","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14232","reference_id":"","reference_type":"","scores":[{"value":"0.0297","scoring_system":"epss","scoring_elements":"0.86745","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14232"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-c4qh-4vgv-qc6g","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c4qh-4vgv-qc6g"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-11.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-11.yaml"},{"reference_url":"https://github.com/pypa/advisory-db/tree/main/vulns/django/PYSEC-2019-11.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-db/tree/main/vulns/django/PYSEC-2019-11.yaml"},{"reference_url":"https://groups.google.com/forum/#%21topic/django-announce/jIoju2-KLDs","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#%21topic/django-announce/jIoju2-KLDs"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/"},{"reference_url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/3LGJSPCN3VEG2UJPYCUB6TU75JTIV2TQ","reference_id":"","reference_type":"","scores":[],"url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/3LGJSPCN3VEG2UJPYCUB6TU75JTIV2TQ"},{"reference_url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/5XTP44JEOSNXRVW4JDZXA5XGMBDZLWSW","reference_id":"","reference_type":"","scores":[],"url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/5XTP44JEOSNXRVW4JDZXA5XGMBDZLWSW"},{"reference_url":"https://seclists.org/bugtraq/2019/Aug/15","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2019/Aug/15"},{"reference_url":"https://security.gentoo.org/glsa/202004-17","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202004-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190828-0002","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190828-0002"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190828-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190828-0002/"},{"reference_url":"https://www.debian.org/security/2019/dsa-4498","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4498"},{"reference_url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2019/aug/01/security-releases/"},{"reference_url":"https://www.openwall.com/lists/oss-security/2023/10/04/6","reference_id":"","reference_type":"","scores":[],"url":"https://www.openwall.com/lists/oss-security/2023/10/04/6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/10/04/6","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2023/10/04/6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/03/04/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2024/03/04/1"},{"reference_url":"https://security.archlinux.org/ASA-201908-2","reference_id":"ASA-201908-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-2"},{"reference_url":"https://security.archlinux.org/AVG-1015","reference_id":"AVG-1015","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1015"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14232","reference_id":"CVE-2019-14232","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14232"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12700?format=json","purl":"pkg:pypi/django@1.11.23","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bh9-k4at-r7hz"},{"vulnerability":"VCID-7b47-vsfh-y3gh"},{"vulnerability":"VCID-arff-yjfe-auhp"},{"vulnerability":"VCID-fynq-usj6-rfd3"},{"vulnerability":"VCID-hzcv-euwq-eqeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.23"},{"url":"http://public2.vulnerablecode.io/api/packages/12701?format=json","purl":"pkg:pypi/django@2.1.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bh9-k4at-r7hz"},{"vulnerability":"VCID-3gvv-5jbs-cfc1"},{"vulnerability":"VCID-fynq-usj6-rfd3"},{"vulnerability":"VCID-hzcv-euwq-eqeg"},{"vulnerability":"VCID-vr6h-ymzh-1kb2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.11"},{"url":"http://public2.vulnerablecode.io/api/packages/12702?format=json","purl":"pkg:pypi/django@2.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bh9-k4at-r7hz"},{"vulnerability":"VCID-2f2p-wfbs-73hz"},{"vulnerability":"VCID-3gvv-5jbs-cfc1"},{"vulnerability":"VCID-5a2y-2m62-1qfa"},{"vulnerability":"VCID-7b47-vsfh-y3gh"},{"vulnerability":"VCID-81q1-gytk-2uaq"},{"vulnerability":"VCID-9hp4-hn21-zkg8"},{"vulnerability":"VCID-arff-yjfe-auhp"},{"vulnerability":"VCID-b81v-3drw-xudf"},{"vulnerability":"VCID-bbxx-48nj-pqcd"},{"vulnerability":"VCID-dcv2-gx5a-pfe2"},{"vulnerability":"VCID-dqkn-1888-y3er"},{"vulnerability":"VCID-fc6y-y2b1-v3d5"},{"vulnerability":"VCID-fynq-usj6-rfd3"},{"vulnerability":"VCID-gxju-xjh2-z7bn"},{"vulnerability":"VCID-hzcv-euwq-eqeg"},{"vulnerability":"VCID-jzbk-uswz-8ucg"},{"vulnerability":"VCID-nxbs-37dx-rbbh"},{"vulnerability":"VCID-punr-dfy5-v3g1"},{"vulnerability":"VCID-u53d-8afk-c3gq"},{"vulnerability":"VCID-vr6h-ymzh-1kb2"},{"vulnerability":"VCID-vyzr-dkz3-vfg6"},{"vulnerability":"VCID-xb3c-6rew-z3ba"},{"vulnerability":"VCID-xu9t-qtjz-bud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.4"}],"aliases":["CVE-2019-14232","GHSA-c4qh-4vgv-qc6g","PYSEC-2019-11"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x2hp-rmcn-gbah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/345479?format=json","vulnerability_id":"VCID-yc5g-k96t-qub7","summary":"Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function.","references":[{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/WTwEAprR0IQ","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/django-announce/WTwEAprR0IQ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66WMXHGBXD7GSM3PEXVCMCAGLMQYHZCU/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66WMXHGBXD7GSM3PEXVCMCAGLMQYHZCU/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/"},{"reference_url":"https://seclists.org/bugtraq/2019/Jul/10","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2019/Jul/10"},{"reference_url":"https://usn.ubuntu.com/3890-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3890-1/"},{"reference_url":"https://www.debian.org/security/2019/dsa-4476","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4476"},{"reference_url":"https://www.djangoproject.com/weblog/2019/feb/11/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2019/feb/11/security-releases/"},{"reference_url":"https://www.openwall.com/lists/oss-security/2019/02/11/1","reference_id":"","reference_type":"","scores":[],"url":"https://www.openwall.com/lists/oss-security/2019/02/11/1"},{"reference_url":"http://www.securityfocus.com/bid/106964","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/106964"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/11776?format=json","purl":"pkg:pypi/django@1.11.19","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.19"},{"url":"http://public2.vulnerablecode.io/api/packages/11777?format=json","purl":"pkg:pypi/django@2.0.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bh9-k4at-r7hz"},{"vulnerability":"VCID-795n-caf2-fbcq"},{"vulnerability":"VCID-fynq-usj6-rfd3"},{"vulnerability":"VCID-hzcv-euwq-eqeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.0.12"},{"url":"http://public2.vulnerablecode.io/api/packages/11778?format=json","purl":"pkg:pypi/django@2.1.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bh9-k4at-r7hz"},{"vulnerability":"VCID-3gvv-5jbs-cfc1"},{"vulnerability":"VCID-6s18-ssym-1bd6"},{"vulnerability":"VCID-795n-caf2-fbcq"},{"vulnerability":"VCID-bxu2-wqcg-1ueh"},{"vulnerability":"VCID-evu1-efcj-gfc5"},{"vulnerability":"VCID-fynq-usj6-rfd3"},{"vulnerability":"VCID-had1-mb3z-23dy"},{"vulnerability":"VCID-hzcv-euwq-eqeg"},{"vulnerability":"VCID-k3fv-7e29-bfep"},{"vulnerability":"VCID-n9cz-g44c-4fht"},{"vulnerability":"VCID-phrd-92uj-sygr"},{"vulnerability":"VCID-v8hg-78p1-87bh"},{"vulnerability":"VCID-vr6h-ymzh-1kb2"},{"vulnerability":"VCID-wv4b-pjet-r7d1"},{"vulnerability":"VCID-x2hp-rmcn-gbah"},{"vulnerability":"VCID-yh41-twy2-c7c5"},{"vulnerability":"VCID-ypwa-2rh9-gyex"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.7"}],"aliases":["PYSEC-2019-88"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yc5g-k96t-qub7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/345496?format=json","vulnerability_id":"VCID-yh41-twy2-c7c5","summary":"An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/Is4kLY9ZcZQ","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/django-announce/Is4kLY9ZcZQ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5VXXWIOQGXOB7JCGJ3CVUW673LDHKEYL/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5VXXWIOQGXOB7JCGJ3CVUW673LDHKEYL/"},{"reference_url":"https://seclists.org/bugtraq/2019/Jul/10","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2019/Jul/10"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190705-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190705-0002/"},{"reference_url":"https://usn.ubuntu.com/4043-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4043-1/"},{"reference_url":"https://www.debian.org/security/2019/dsa-4476","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4476"},{"reference_url":"https://www.djangoproject.com/weblog/2019/jul/01/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2019/jul/01/security-releases/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/07/01/3","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2019/07/01/3"},{"reference_url":"http://www.securityfocus.com/bid/109018","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/109018"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12372?format=json","purl":"pkg:pypi/django@1.11.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bh9-k4at-r7hz"},{"vulnerability":"VCID-6s18-ssym-1bd6"},{"vulnerability":"VCID-7b47-vsfh-y3gh"},{"vulnerability":"VCID-arff-yjfe-auhp"},{"vulnerability":"VCID-evu1-efcj-gfc5"},{"vulnerability":"VCID-fynq-usj6-rfd3"},{"vulnerability":"VCID-had1-mb3z-23dy"},{"vulnerability":"VCID-hzcv-euwq-eqeg"},{"vulnerability":"VCID-n9cz-g44c-4fht"},{"vulnerability":"VCID-phrd-92uj-sygr"},{"vulnerability":"VCID-v8hg-78p1-87bh"},{"vulnerability":"VCID-wv4b-pjet-r7d1"},{"vulnerability":"VCID-x2hp-rmcn-gbah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.22"},{"url":"http://public2.vulnerablecode.io/api/packages/12370?format=json","purl":"pkg:pypi/django@2.1.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bh9-k4at-r7hz"},{"vulnerability":"VCID-3gvv-5jbs-cfc1"},{"vulnerability":"VCID-6s18-ssym-1bd6"},{"vulnerability":"VCID-evu1-efcj-gfc5"},{"vulnerability":"VCID-fynq-usj6-rfd3"},{"vulnerability":"VCID-had1-mb3z-23dy"},{"vulnerability":"VCID-hzcv-euwq-eqeg"},{"vulnerability":"VCID-n9cz-g44c-4fht"},{"vulnerability":"VCID-phrd-92uj-sygr"},{"vulnerability":"VCID-v8hg-78p1-87bh"},{"vulnerability":"VCID-vr6h-ymzh-1kb2"},{"vulnerability":"VCID-wv4b-pjet-r7d1"},{"vulnerability":"VCID-x2hp-rmcn-gbah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.10"},{"url":"http://public2.vulnerablecode.io/api/packages/12371?format=json","purl":"pkg:pypi/django@2.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bh9-k4at-r7hz"},{"vulnerability":"VCID-2f2p-wfbs-73hz"},{"vulnerability":"VCID-3gvv-5jbs-cfc1"},{"vulnerability":"VCID-5a2y-2m62-1qfa"},{"vulnerability":"VCID-6s18-ssym-1bd6"},{"vulnerability":"VCID-7b47-vsfh-y3gh"},{"vulnerability":"VCID-81q1-gytk-2uaq"},{"vulnerability":"VCID-9hp4-hn21-zkg8"},{"vulnerability":"VCID-arff-yjfe-auhp"},{"vulnerability":"VCID-b81v-3drw-xudf"},{"vulnerability":"VCID-bbxx-48nj-pqcd"},{"vulnerability":"VCID-dcv2-gx5a-pfe2"},{"vulnerability":"VCID-dqkn-1888-y3er"},{"vulnerability":"VCID-evu1-efcj-gfc5"},{"vulnerability":"VCID-fc6y-y2b1-v3d5"},{"vulnerability":"VCID-fynq-usj6-rfd3"},{"vulnerability":"VCID-gxju-xjh2-z7bn"},{"vulnerability":"VCID-had1-mb3z-23dy"},{"vulnerability":"VCID-hzcv-euwq-eqeg"},{"vulnerability":"VCID-jzbk-uswz-8ucg"},{"vulnerability":"VCID-n9cz-g44c-4fht"},{"vulnerability":"VCID-nxbs-37dx-rbbh"},{"vulnerability":"VCID-phrd-92uj-sygr"},{"vulnerability":"VCID-punr-dfy5-v3g1"},{"vulnerability":"VCID-u53d-8afk-c3gq"},{"vulnerability":"VCID-v8hg-78p1-87bh"},{"vulnerability":"VCID-vr6h-ymzh-1kb2"},{"vulnerability":"VCID-vyzr-dkz3-vfg6"},{"vulnerability":"VCID-wv4b-pjet-r7d1"},{"vulnerability":"VCID-x2hp-rmcn-gbah"},{"vulnerability":"VCID-xb3c-6rew-z3ba"},{"vulnerability":"VCID-xu9t-qtjz-bud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.3"}],"aliases":["PYSEC-2019-80"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yh41-twy2-c7c5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4315?format=json","vulnerability_id":"VCID-ypwa-2rh9-gyex","summary":"silent downgrade","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12781","reference_id":"","reference_type":"","scores":[{"value":"0.04284","scoring_system":"epss","scoring_elements":"0.89026","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12781"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-6c7v-2f49-8h26","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6c7v-2f49-8h26"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-10.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-10.yaml"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/Is4kLY9ZcZQ","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/django-announce/Is4kLY9ZcZQ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5VXXWIOQGXOB7JCGJ3CVUW673LDHKEYL","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5VXXWIOQGXOB7JCGJ3CVUW673LDHKEYL"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5VXXWIOQGXOB7JCGJ3CVUW673LDHKEYL/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5VXXWIOQGXOB7JCGJ3CVUW673LDHKEYL/"},{"reference_url":"https://seclists.org/bugtraq/2019/Jul/10","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2019/Jul/10"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190705-0002","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190705-0002"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190705-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190705-0002/"},{"reference_url":"https://usn.ubuntu.com/4043-1","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4043-1"},{"reference_url":"https://usn.ubuntu.com/4043-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4043-1/"},{"reference_url":"https://www.debian.org/security/2019/dsa-4476","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4476"},{"reference_url":"https://www.djangoproject.com/weblog/2019/jul/01/security-releases","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2019/jul/01/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2019/jul/01/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2019/jul/01/security-releases/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/07/01/3","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2019/07/01/3"},{"reference_url":"http://www.securityfocus.com/bid/109018","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/109018"},{"reference_url":"https://security.archlinux.org/ASA-201907-2","reference_id":"ASA-201907-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201907-2"},{"reference_url":"https://security.archlinux.org/AVG-1000","reference_id":"AVG-1000","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1000"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12781","reference_id":"CVE-2019-12781","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12781"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12372?format=json","purl":"pkg:pypi/django@1.11.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bh9-k4at-r7hz"},{"vulnerability":"VCID-6s18-ssym-1bd6"},{"vulnerability":"VCID-7b47-vsfh-y3gh"},{"vulnerability":"VCID-arff-yjfe-auhp"},{"vulnerability":"VCID-evu1-efcj-gfc5"},{"vulnerability":"VCID-fynq-usj6-rfd3"},{"vulnerability":"VCID-had1-mb3z-23dy"},{"vulnerability":"VCID-hzcv-euwq-eqeg"},{"vulnerability":"VCID-n9cz-g44c-4fht"},{"vulnerability":"VCID-phrd-92uj-sygr"},{"vulnerability":"VCID-v8hg-78p1-87bh"},{"vulnerability":"VCID-wv4b-pjet-r7d1"},{"vulnerability":"VCID-x2hp-rmcn-gbah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.22"},{"url":"http://public2.vulnerablecode.io/api/packages/12370?format=json","purl":"pkg:pypi/django@2.1.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bh9-k4at-r7hz"},{"vulnerability":"VCID-3gvv-5jbs-cfc1"},{"vulnerability":"VCID-6s18-ssym-1bd6"},{"vulnerability":"VCID-evu1-efcj-gfc5"},{"vulnerability":"VCID-fynq-usj6-rfd3"},{"vulnerability":"VCID-had1-mb3z-23dy"},{"vulnerability":"VCID-hzcv-euwq-eqeg"},{"vulnerability":"VCID-n9cz-g44c-4fht"},{"vulnerability":"VCID-phrd-92uj-sygr"},{"vulnerability":"VCID-v8hg-78p1-87bh"},{"vulnerability":"VCID-vr6h-ymzh-1kb2"},{"vulnerability":"VCID-wv4b-pjet-r7d1"},{"vulnerability":"VCID-x2hp-rmcn-gbah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.10"},{"url":"http://public2.vulnerablecode.io/api/packages/12371?format=json","purl":"pkg:pypi/django@2.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bh9-k4at-r7hz"},{"vulnerability":"VCID-2f2p-wfbs-73hz"},{"vulnerability":"VCID-3gvv-5jbs-cfc1"},{"vulnerability":"VCID-5a2y-2m62-1qfa"},{"vulnerability":"VCID-6s18-ssym-1bd6"},{"vulnerability":"VCID-7b47-vsfh-y3gh"},{"vulnerability":"VCID-81q1-gytk-2uaq"},{"vulnerability":"VCID-9hp4-hn21-zkg8"},{"vulnerability":"VCID-arff-yjfe-auhp"},{"vulnerability":"VCID-b81v-3drw-xudf"},{"vulnerability":"VCID-bbxx-48nj-pqcd"},{"vulnerability":"VCID-dcv2-gx5a-pfe2"},{"vulnerability":"VCID-dqkn-1888-y3er"},{"vulnerability":"VCID-evu1-efcj-gfc5"},{"vulnerability":"VCID-fc6y-y2b1-v3d5"},{"vulnerability":"VCID-fynq-usj6-rfd3"},{"vulnerability":"VCID-gxju-xjh2-z7bn"},{"vulnerability":"VCID-had1-mb3z-23dy"},{"vulnerability":"VCID-hzcv-euwq-eqeg"},{"vulnerability":"VCID-jzbk-uswz-8ucg"},{"vulnerability":"VCID-n9cz-g44c-4fht"},{"vulnerability":"VCID-nxbs-37dx-rbbh"},{"vulnerability":"VCID-phrd-92uj-sygr"},{"vulnerability":"VCID-punr-dfy5-v3g1"},{"vulnerability":"VCID-u53d-8afk-c3gq"},{"vulnerability":"VCID-v8hg-78p1-87bh"},{"vulnerability":"VCID-vr6h-ymzh-1kb2"},{"vulnerability":"VCID-vyzr-dkz3-vfg6"},{"vulnerability":"VCID-wv4b-pjet-r7d1"},{"vulnerability":"VCID-x2hp-rmcn-gbah"},{"vulnerability":"VCID-xb3c-6rew-z3ba"},{"vulnerability":"VCID-xu9t-qtjz-bud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.3"}],"aliases":["CVE-2019-12781","GHSA-6c7v-2f49-8h26","PYSEC-2019-10"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ypwa-2rh9-gyex"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.17"}