| Affected_by_vulnerabilities |
| 0 |
| url |
VCID-42x9-8c3c-bug1 |
| vulnerability_id |
VCID-42x9-8c3c-bug1 |
| summary |
In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-31047 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00122 |
| scoring_system |
epss |
| scoring_elements |
0.31293 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00122 |
| scoring_system |
epss |
| scoring_elements |
0.31331 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.00122 |
| scoring_system |
epss |
| scoring_elements |
0.31375 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00122 |
| scoring_system |
epss |
| scoring_elements |
0.3134 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00122 |
| scoring_system |
epss |
| scoring_elements |
0.31467 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00122 |
| scoring_system |
epss |
| scoring_elements |
0.31286 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00122 |
| scoring_system |
epss |
| scoring_elements |
0.31425 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00122 |
| scoring_system |
epss |
| scoring_elements |
0.31371 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-31047 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@3.2.19 |
| purl |
pkg:pypi/django@3.2.19 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 1 |
| vulnerability |
VCID-78r4-85ms-63hm |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 4 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 5 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 6 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 7 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 8 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 9 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 10 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.19 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@4.2.1 |
| purl |
pkg:pypi/django@4.2.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 1 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 2 |
| vulnerability |
VCID-3sac-ah8j-pucd |
|
| 3 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 4 |
| vulnerability |
VCID-78r4-85ms-63hm |
|
| 5 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 6 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 7 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 8 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 9 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 10 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 11 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 12 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 13 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 14 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 15 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 16 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 17 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 18 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 19 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 20 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 21 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 22 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 23 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 24 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 25 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 26 |
| vulnerability |
VCID-rmdp-bnjj-zuf2 |
|
| 27 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 28 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 29 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 30 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 31 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 32 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 33 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 34 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 35 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 36 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 37 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.1 |
|
|
| aliases |
BIT-django-2023-31047, CVE-2023-31047, GHSA-r3xc-prgr-mg9p, PYSEC-2023-61
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-42x9-8c3c-bug1 |
|
| 1 |
| url |
VCID-4ztz-fq98-5fh1 |
| vulnerability_id |
VCID-4ztz-fq98-5fh1 |
| summary |
In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-41164 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.61071 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.61025 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.6109 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.61104 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.61083 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.61067 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.61053 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.61019 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-41164 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@4.2.5 |
| purl |
pkg:pypi/django@4.2.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 1 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 2 |
| vulnerability |
VCID-3sac-ah8j-pucd |
|
| 3 |
| vulnerability |
VCID-78r4-85ms-63hm |
|
| 4 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 5 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 8 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 9 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 10 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 11 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 12 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 13 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 14 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 15 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 16 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 17 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 18 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 19 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 20 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 21 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 22 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 23 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 24 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 25 |
| vulnerability |
VCID-rmdp-bnjj-zuf2 |
|
| 26 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 27 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 28 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 29 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 30 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 31 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 32 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 33 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 34 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 35 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.5 |
|
|
| aliases |
BIT-django-2023-41164, CVE-2023-41164, GHSA-7h4p-27mh-hmrw, PYSEC-2023-225
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4ztz-fq98-5fh1 |
|
| 2 |
| url |
VCID-66w1-4zku-gyfp |
| vulnerability_id |
VCID-66w1-4zku-gyfp |
| summary |
Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-45452 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00293 |
| scoring_system |
epss |
| scoring_elements |
0.52549 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00293 |
| scoring_system |
epss |
| scoring_elements |
0.5265 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00293 |
| scoring_system |
epss |
| scoring_elements |
0.52666 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00293 |
| scoring_system |
epss |
| scoring_elements |
0.52683 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00293 |
| scoring_system |
epss |
| scoring_elements |
0.52632 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00293 |
| scoring_system |
epss |
| scoring_elements |
0.52637 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00293 |
| scoring_system |
epss |
| scoring_elements |
0.5262 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.00293 |
| scoring_system |
epss |
| scoring_elements |
0.52586 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00293 |
| scoring_system |
epss |
| scoring_elements |
0.52593 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-45452 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/advisories/GHSA-jrh2-hc4r-7jwx |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-jrh2-hc4r-7jwx |
|
| 7 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@3.2.11 |
| purl |
pkg:pypi/django@3.2.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 1 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 2 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 3 |
| vulnerability |
VCID-78r4-85ms-63hm |
|
| 4 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 5 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 8 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 9 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 10 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 11 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 12 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 13 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 14 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 15 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 16 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 17 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 18 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 19 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 20 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.11 |
|
| 1 |
| url |
pkg:pypi/django@4.0.1 |
| purl |
pkg:pypi/django@4.0.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 1 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 2 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 3 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 4 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 5 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 6 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 7 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 8 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 9 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 10 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 11 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 12 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 13 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 14 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 15 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.1 |
|
|
| aliases |
BIT-django-2021-45452, CVE-2021-45452, GHSA-jrh2-hc4r-7jwx, PYSEC-2022-3
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-66w1-4zku-gyfp |
|
| 3 |
| url |
VCID-6gss-ppm5-3yc9 |
| vulnerability_id |
VCID-6gss-ppm5-3yc9 |
| summary |
An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-36359 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00789 |
| scoring_system |
epss |
| scoring_elements |
0.73852 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.00789 |
| scoring_system |
epss |
| scoring_elements |
0.73865 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00789 |
| scoring_system |
epss |
| scoring_elements |
0.73873 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00789 |
| scoring_system |
epss |
| scoring_elements |
0.73828 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00789 |
| scoring_system |
epss |
| scoring_elements |
0.73892 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00789 |
| scoring_system |
epss |
| scoring_elements |
0.7387 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00789 |
| scoring_system |
epss |
| scoring_elements |
0.73857 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00789 |
| scoring_system |
epss |
| scoring_elements |
0.73823 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-36359 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@3.2.15 |
| purl |
pkg:pypi/django@3.2.15 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 1 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 2 |
| vulnerability |
VCID-78r4-85ms-63hm |
|
| 3 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 4 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 5 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 6 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 7 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 8 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 9 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 10 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 11 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 12 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 13 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 14 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.15 |
|
| 1 |
| url |
pkg:pypi/django@4.0.7 |
| purl |
pkg:pypi/django@4.0.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 1 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 6 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 7 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 8 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 9 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.7 |
|
|
| aliases |
BIT-django-2022-36359, CVE-2022-36359, GHSA-8x94-hmjh-97hq, PYSEC-2022-245
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6gss-ppm5-3yc9 |
|
| 4 |
| url |
VCID-78r4-85ms-63hm |
| vulnerability_id |
VCID-78r4-85ms-63hm |
| summary |
An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-46695 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.03582 |
| scoring_system |
epss |
| scoring_elements |
0.87745 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.03582 |
| scoring_system |
epss |
| scoring_elements |
0.87714 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.03582 |
| scoring_system |
epss |
| scoring_elements |
0.87746 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.03582 |
| scoring_system |
epss |
| scoring_elements |
0.87752 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.03582 |
| scoring_system |
epss |
| scoring_elements |
0.87741 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.03582 |
| scoring_system |
epss |
| scoring_elements |
0.87735 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.03582 |
| scoring_system |
epss |
| scoring_elements |
0.87712 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.03582 |
| scoring_system |
epss |
| scoring_elements |
0.877 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-46695 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@4.2.7 |
| purl |
pkg:pypi/django@4.2.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 1 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 2 |
| vulnerability |
VCID-3sac-ah8j-pucd |
|
| 3 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 4 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 5 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 6 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 7 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 8 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 9 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 10 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 11 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 12 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 13 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 14 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 15 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 16 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 17 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 18 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 19 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 20 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 21 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 22 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 23 |
| vulnerability |
VCID-rmdp-bnjj-zuf2 |
|
| 24 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 25 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 26 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 27 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 28 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 29 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 30 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 31 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 32 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 33 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.7 |
|
|
| aliases |
BIT-django-2023-46695, CVE-2023-46695, GHSA-qmf9-6jqf-j8fq, PYSEC-2023-222
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-78r4-85ms-63hm |
|
| 5 |
| url |
VCID-7tca-pgcs-cuhd |
| vulnerability_id |
VCID-7tca-pgcs-cuhd |
| summary |
In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-41323 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.07863 |
| scoring_system |
epss |
| scoring_elements |
0.91991 |
| published_at |
2026-04-07T12:55:00Z |
|
| 1 |
| value |
0.07863 |
| scoring_system |
epss |
| scoring_elements |
0.91985 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.07863 |
| scoring_system |
epss |
| scoring_elements |
0.91977 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.07863 |
| scoring_system |
epss |
| scoring_elements |
0.92011 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.07863 |
| scoring_system |
epss |
| scoring_elements |
0.9201 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.07863 |
| scoring_system |
epss |
| scoring_elements |
0.92007 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.07863 |
| scoring_system |
epss |
| scoring_elements |
0.92003 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-41323 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@3.2.16 |
| purl |
pkg:pypi/django@3.2.16 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 1 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 2 |
| vulnerability |
VCID-78r4-85ms-63hm |
|
| 3 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 4 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 5 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 6 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 7 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 8 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 9 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 10 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 11 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 12 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 13 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.16 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@4.1.2 |
| purl |
pkg:pypi/django@4.1.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 1 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 2 |
| vulnerability |
VCID-78r4-85ms-63hm |
|
| 3 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 4 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 5 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 6 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 7 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 8 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 9 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 10 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 11 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.2 |
|
|
| aliases |
BIT-django-2022-41323, CVE-2022-41323, GHSA-qrw5-5h28-6cmg, PYSEC-2022-304
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7tca-pgcs-cuhd |
|
| 6 |
| url |
VCID-84mm-45p6-xkau |
| vulnerability_id |
VCID-84mm-45p6-xkau |
| summary |
Django has a denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on Windows
An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.
NFKC normalization in Python is slow on Windows. As a consequence, `django.http.HttpResponseRedirect`, `django.http.HttpResponsePermanentRedirect`, and the shortcut `django.shortcuts.redirect` were subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Seokchan Yoon for reporting this issue. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-64458 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05432 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05438 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05452 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.0548 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05424 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05417 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05459 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00026 |
| scoring_system |
epss |
| scoring_elements |
0.07235 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-64458 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@5.2.8 |
| purl |
pkg:pypi/django@5.2.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 1 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 2 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 3 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 4 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 5 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 6 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 7 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 8 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 9 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.8 |
|
| 3 |
|
|
| aliases |
CVE-2025-64458, GHSA-qw25-v68c-qjf3
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-84mm-45p6-xkau |
|
| 7 |
| url |
VCID-896g-hqec-ryb9 |
| vulnerability_id |
VCID-896g-hqec-ryb9 |
| summary |
An issue was discovered in Django 5.2 before 5.2.2, 5.1 before 5.1.10, and 4.2 before 4.2.22. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-48432 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61428 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61446 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.6146 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61439 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61423 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61377 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61407 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61378 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-48432 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
| reference_url |
https://groups.google.com/g/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N |
|
| 1 |
| value |
4.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/ |
|
|
| url |
https://groups.google.com/g/django-announce |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@4.2.22 |
| purl |
pkg:pypi/django@4.2.22 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 1 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 6 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 7 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 8 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 9 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 10 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 11 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 12 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 13 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 14 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.22 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@5.2.2 |
| purl |
pkg:pypi/django@5.2.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 1 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 6 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 7 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 8 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 9 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 10 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 11 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 12 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 13 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 14 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.2 |
|
|
| aliases |
BIT-django-2025-48432, CVE-2025-48432, GHSA-7xr5-9hcq-chf9, PYSEC-2025-47
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-896g-hqec-ryb9 |
|
| 8 |
| url |
VCID-8m4b-y4va-kqgm |
| vulnerability_id |
VCID-8m4b-y4va-kqgm |
| summary |
In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-43665 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02194 |
| scoring_system |
epss |
| scoring_elements |
0.84404 |
| published_at |
2026-04-12T12:55:00Z |
|
| 1 |
| value |
0.02194 |
| scoring_system |
epss |
| scoring_elements |
0.844 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.0279 |
| scoring_system |
epss |
| scoring_elements |
0.8603 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.0279 |
| scoring_system |
epss |
| scoring_elements |
0.86066 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.0279 |
| scoring_system |
epss |
| scoring_elements |
0.86047 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.0279 |
| scoring_system |
epss |
| scoring_elements |
0.86046 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.0279 |
| scoring_system |
epss |
| scoring_elements |
0.86091 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.0279 |
| scoring_system |
epss |
| scoring_elements |
0.86076 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-43665 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@4.2.6 |
| purl |
pkg:pypi/django@4.2.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 1 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 2 |
| vulnerability |
VCID-3sac-ah8j-pucd |
|
| 3 |
| vulnerability |
VCID-78r4-85ms-63hm |
|
| 4 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 5 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 8 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 9 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 10 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 11 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 12 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 13 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 14 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 15 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 16 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 17 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 18 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 19 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 20 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 21 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 22 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 23 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 24 |
| vulnerability |
VCID-rmdp-bnjj-zuf2 |
|
| 25 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 26 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 27 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 28 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 29 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 30 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 31 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 32 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 33 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 34 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.6 |
|
|
| aliases |
BIT-django-2023-43665, CVE-2023-43665, GHSA-h8gc-pgj2-vjm3, PYSEC-2023-226
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8m4b-y4va-kqgm |
|
| 9 |
| url |
VCID-8xgs-8xjr-cber |
| vulnerability_id |
VCID-8xgs-8xjr-cber |
| summary |
An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-24680 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01394 |
| scoring_system |
epss |
| scoring_elements |
0.80379 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.01394 |
| scoring_system |
epss |
| scoring_elements |
0.80386 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.01394 |
| scoring_system |
epss |
| scoring_elements |
0.80402 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.01394 |
| scoring_system |
epss |
| scoring_elements |
0.80355 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.01394 |
| scoring_system |
epss |
| scoring_elements |
0.80383 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.01394 |
| scoring_system |
epss |
| scoring_elements |
0.80372 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.01394 |
| scoring_system |
epss |
| scoring_elements |
0.80343 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.01394 |
| scoring_system |
epss |
| scoring_elements |
0.80335 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-24680 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
| reference_url |
https://groups.google.com/forum/#%21forum/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 2 |
| value |
8.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:36Z/ |
|
|
| url |
https://groups.google.com/forum/#%21forum/django-announce |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:pypi/django@4.2.10 |
| purl |
pkg:pypi/django@4.2.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 1 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 2 |
| vulnerability |
VCID-3sac-ah8j-pucd |
|
| 3 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 4 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 5 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 6 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 7 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 8 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 9 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 10 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 11 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 12 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 13 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 14 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 15 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 16 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 17 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 18 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 19 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 20 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 21 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 22 |
| vulnerability |
VCID-rmdp-bnjj-zuf2 |
|
| 23 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 24 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 25 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 26 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 27 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 28 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 29 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 30 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 31 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 32 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.10 |
|
| 2 |
| url |
pkg:pypi/django@5.0.2 |
| purl |
pkg:pypi/django@5.0.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3sac-ah8j-pucd |
|
| 1 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 6 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 7 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 8 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 9 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 10 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 11 |
| vulnerability |
VCID-p9fd-1qx2-8ubc |
|
| 12 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 13 |
| vulnerability |
VCID-rmdp-bnjj-zuf2 |
|
| 14 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 15 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 16 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 17 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 18 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 19 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 20 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.2 |
|
|
| aliases |
BIT-django-2024-24680, CVE-2024-24680, GHSA-xxj9-f6rv-m3x4, PYSEC-2024-28
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8xgs-8xjr-cber |
|
| 10 |
| url |
VCID-9uzd-mmyv-mfh4 |
| vulnerability_id |
VCID-9uzd-mmyv-mfh4 |
| summary |
Django vulnerable to SQL injection via _connector keyword argument in QuerySet and Q objects.
An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.
The methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank cyberstan for reporting this issue. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-64459 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00191 |
| scoring_system |
epss |
| scoring_elements |
0.41087 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00576 |
| scoring_system |
epss |
| scoring_elements |
0.68804 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.00576 |
| scoring_system |
epss |
| scoring_elements |
0.68818 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00576 |
| scoring_system |
epss |
| scoring_elements |
0.68795 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.00576 |
| scoring_system |
epss |
| scoring_elements |
0.68776 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00576 |
| scoring_system |
epss |
| scoring_elements |
0.68724 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00576 |
| scoring_system |
epss |
| scoring_elements |
0.68747 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.00576 |
| scoring_system |
epss |
| scoring_elements |
0.68774 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-64459 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@5.2.8 |
| purl |
pkg:pypi/django@5.2.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 1 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 2 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 3 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 4 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 5 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 6 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 7 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 8 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 9 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.8 |
|
| 3 |
|
|
| aliases |
CVE-2025-64459, GHSA-frmv-pr5f-9mcr
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9uzd-mmyv-mfh4 |
|
| 11 |
| url |
VCID-e2jd-yd4j-kqgt |
| vulnerability_id |
VCID-e2jd-yd4j-kqgt |
| summary |
Django allows enumeration of user e-mail addresses
An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing). |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-45231 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46361 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.4635 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46331 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46379 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46355 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46299 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46351 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-45231 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
| reference_url |
https://groups.google.com/forum/#%21forum/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 2 |
| value |
6.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:35:34Z/ |
|
|
| url |
https://groups.google.com/forum/#%21forum/django-announce |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@4.2.16 |
| purl |
pkg:pypi/django@4.2.16 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 1 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 2 |
| vulnerability |
VCID-3sac-ah8j-pucd |
|
| 3 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 4 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 5 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 6 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 7 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 8 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 9 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 10 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 11 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 12 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 13 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 14 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 15 |
| vulnerability |
VCID-rmdp-bnjj-zuf2 |
|
| 16 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 17 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 18 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 19 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 20 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 21 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.16 |
|
| 1 |
| url |
pkg:pypi/django@5.0.9 |
| purl |
pkg:pypi/django@5.0.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3sac-ah8j-pucd |
|
| 1 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 2 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 3 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 4 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 5 |
| vulnerability |
VCID-p9fd-1qx2-8ubc |
|
| 6 |
| vulnerability |
VCID-rmdp-bnjj-zuf2 |
|
| 7 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 8 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 9 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.9 |
|
| 2 |
| url |
pkg:pypi/django@5.1.1 |
| purl |
pkg:pypi/django@5.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3sac-ah8j-pucd |
|
| 1 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 2 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 3 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 6 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 7 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 8 |
| vulnerability |
VCID-p9fd-1qx2-8ubc |
|
| 9 |
| vulnerability |
VCID-rmdp-bnjj-zuf2 |
|
| 10 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 11 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 12 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 13 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 14 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.1 |
|
|
| aliases |
CVE-2024-45231, GHSA-rrqc-c2jx-6jgv
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-e2jd-yd4j-kqgt |
|
| 12 |
| url |
VCID-gp5e-nguh-5fdk |
| vulnerability_id |
VCID-gp5e-nguh-5fdk |
| summary |
An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-23833 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.03594 |
| scoring_system |
epss |
| scoring_elements |
0.87731 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.03594 |
| scoring_system |
epss |
| scoring_elements |
0.8776 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.03594 |
| scoring_system |
epss |
| scoring_elements |
0.87754 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.03594 |
| scoring_system |
epss |
| scoring_elements |
0.87733 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.03594 |
| scoring_system |
epss |
| scoring_elements |
0.87718 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.03594 |
| scoring_system |
epss |
| scoring_elements |
0.87764 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.03594 |
| scoring_system |
epss |
| scoring_elements |
0.87766 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.03594 |
| scoring_system |
epss |
| scoring_elements |
0.87771 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-23833 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@3.2.12 |
| purl |
pkg:pypi/django@3.2.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 1 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 2 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 3 |
| vulnerability |
VCID-78r4-85ms-63hm |
|
| 4 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 5 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 8 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 9 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 10 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 11 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 12 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 13 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 14 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 15 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 16 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 17 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 18 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.12 |
|
| 1 |
| url |
pkg:pypi/django@4.0.2 |
| purl |
pkg:pypi/django@4.0.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 1 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 2 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 3 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 4 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 5 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 6 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 7 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 8 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 9 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 10 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 11 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 12 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 13 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.2 |
|
|
| aliases |
BIT-django-2022-23833, CVE-2022-23833, GHSA-6cw3-g6wv-c2xv, PYSEC-2022-20
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gp5e-nguh-5fdk |
|
| 13 |
| url |
VCID-hwa2-n7a2-pyg1 |
| vulnerability_id |
VCID-hwa2-n7a2-pyg1 |
| summary |
An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-45116 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00346 |
| scoring_system |
epss |
| scoring_elements |
0.57157 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.00346 |
| scoring_system |
epss |
| scoring_elements |
0.57158 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00346 |
| scoring_system |
epss |
| scoring_elements |
0.57178 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00346 |
| scoring_system |
epss |
| scoring_elements |
0.57199 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00346 |
| scoring_system |
epss |
| scoring_elements |
0.57187 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00346 |
| scoring_system |
epss |
| scoring_elements |
0.57185 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00346 |
| scoring_system |
epss |
| scoring_elements |
0.57133 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00346 |
| scoring_system |
epss |
| scoring_elements |
0.57135 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.00346 |
| scoring_system |
epss |
| scoring_elements |
0.5704 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-45116 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@3.2.11 |
| purl |
pkg:pypi/django@3.2.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 1 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 2 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 3 |
| vulnerability |
VCID-78r4-85ms-63hm |
|
| 4 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 5 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 8 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 9 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 10 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 11 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 12 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 13 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 14 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 15 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 16 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 17 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 18 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 19 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 20 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.11 |
|
| 1 |
| url |
pkg:pypi/django@4.0.1 |
| purl |
pkg:pypi/django@4.0.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 1 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 2 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 3 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 4 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 5 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 6 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 7 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 8 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 9 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 10 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 11 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 12 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 13 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 14 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 15 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.1 |
|
|
| aliases |
BIT-django-2021-45116, CVE-2021-45116, GHSA-8c5j-9r9f-c6w8, PYSEC-2022-2
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hwa2-n7a2-pyg1 |
|
| 14 |
| url |
VCID-jh1e-72hp-fuf4 |
| vulnerability_id |
VCID-jh1e-72hp-fuf4 |
| summary |
In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-27351 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01855 |
| scoring_system |
epss |
| scoring_elements |
0.82977 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.02611 |
| scoring_system |
epss |
| scoring_elements |
0.85646 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.02611 |
| scoring_system |
epss |
| scoring_elements |
0.8565 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.02611 |
| scoring_system |
epss |
| scoring_elements |
0.85635 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.02611 |
| scoring_system |
epss |
| scoring_elements |
0.85624 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.02611 |
| scoring_system |
epss |
| scoring_elements |
0.85604 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.02611 |
| scoring_system |
epss |
| scoring_elements |
0.85599 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.02611 |
| scoring_system |
epss |
| scoring_elements |
0.85642 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-27351 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:pypi/django@4.2.11 |
| purl |
pkg:pypi/django@4.2.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 1 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 2 |
| vulnerability |
VCID-3sac-ah8j-pucd |
|
| 3 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 4 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 5 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 6 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 7 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 8 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 9 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 10 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 11 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 12 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 13 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 14 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 15 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 16 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 17 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 18 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 19 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 20 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 21 |
| vulnerability |
VCID-rmdp-bnjj-zuf2 |
|
| 22 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 23 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 24 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 25 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 26 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 27 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 28 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 29 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 30 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 31 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.11 |
|
| 2 |
| url |
pkg:pypi/django@5.0.3 |
| purl |
pkg:pypi/django@5.0.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3sac-ah8j-pucd |
|
| 1 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 6 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 7 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 8 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 9 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 10 |
| vulnerability |
VCID-p9fd-1qx2-8ubc |
|
| 11 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 12 |
| vulnerability |
VCID-rmdp-bnjj-zuf2 |
|
| 13 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 14 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 15 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 16 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 17 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 18 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 19 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.3 |
|
|
| aliases |
BIT-django-2024-27351, CVE-2024-27351, GHSA-vm8q-m57g-pff3, PYSEC-2024-47
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jh1e-72hp-fuf4 |
|
| 15 |
| url |
VCID-mzdk-m12w-q3fc |
| vulnerability_id |
VCID-mzdk-m12w-q3fc |
| summary |
In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-44420 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0012 |
| scoring_system |
epss |
| scoring_elements |
0.30919 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.0012 |
| scoring_system |
epss |
| scoring_elements |
0.30964 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.0012 |
| scoring_system |
epss |
| scoring_elements |
0.31007 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.0012 |
| scoring_system |
epss |
| scoring_elements |
0.31002 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.0012 |
| scoring_system |
epss |
| scoring_elements |
0.30973 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.0012 |
| scoring_system |
epss |
| scoring_elements |
0.30915 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.0012 |
| scoring_system |
epss |
| scoring_elements |
0.31097 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.0012 |
| scoring_system |
epss |
| scoring_elements |
0.30921 |
| published_at |
2026-04-01T12:55:00Z |
|
| 8 |
| value |
0.0012 |
| scoring_system |
epss |
| scoring_elements |
0.3105 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-44420 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/advisories/GHSA-v6rh-hp5x-86rv |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-v6rh-hp5x-86rv |
|
| 7 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@3.2.10 |
| purl |
pkg:pypi/django@3.2.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 1 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 2 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 3 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 4 |
| vulnerability |
VCID-78r4-85ms-63hm |
|
| 5 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 6 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 7 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 8 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 9 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 10 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 11 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 12 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 13 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 14 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 15 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 16 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 17 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 18 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 19 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 20 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 21 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 22 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 23 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.10 |
|
|
| aliases |
BIT-django-2021-44420, CVE-2021-44420, GHSA-v6rh-hp5x-86rv, PYSEC-2021-439
|
| risk_score |
3.3 |
| exploitability |
0.5 |
| weighted_severity |
6.6 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mzdk-m12w-q3fc |
|
| 16 |
| url |
VCID-nese-5485-hkbs |
| vulnerability_id |
VCID-nese-5485-hkbs |
| summary |
In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-23969 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.06091 |
| scoring_system |
epss |
| scoring_elements |
0.90732 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.06091 |
| scoring_system |
epss |
| scoring_elements |
0.90743 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.06091 |
| scoring_system |
epss |
| scoring_elements |
0.90777 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.06091 |
| scoring_system |
epss |
| scoring_elements |
0.9078 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.06091 |
| scoring_system |
epss |
| scoring_elements |
0.90771 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.06091 |
| scoring_system |
epss |
| scoring_elements |
0.90754 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.06091 |
| scoring_system |
epss |
| scoring_elements |
0.90765 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-23969 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@3.2.17 |
| purl |
pkg:pypi/django@3.2.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 1 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 2 |
| vulnerability |
VCID-78r4-85ms-63hm |
|
| 3 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 4 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 5 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 6 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 7 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 8 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 9 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 10 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 11 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 12 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.17 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@4.1.6 |
| purl |
pkg:pypi/django@4.1.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 1 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 2 |
| vulnerability |
VCID-78r4-85ms-63hm |
|
| 3 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 4 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 5 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 6 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 7 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 8 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 9 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 10 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.6 |
|
| 3 |
| url |
pkg:pypi/django@4.2a1 |
| purl |
pkg:pypi/django@4.2a1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 1 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 2 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 3 |
| vulnerability |
VCID-78r4-85ms-63hm |
|
| 4 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 5 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 6 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 7 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 8 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 9 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 10 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 11 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 12 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 13 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 14 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 15 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 16 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2a1 |
|
|
| aliases |
BIT-django-2023-23969, CVE-2023-23969, GHSA-q2jf-h9jm-m7p4, PYSEC-2023-12
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nese-5485-hkbs |
|
| 17 |
| url |
VCID-pa75-6avj-duf7 |
| vulnerability_id |
VCID-pa75-6avj-duf7 |
| summary |
An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-28346 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01971 |
| scoring_system |
epss |
| scoring_elements |
0.83484 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.01971 |
| scoring_system |
epss |
| scoring_elements |
0.83547 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.01971 |
| scoring_system |
epss |
| scoring_elements |
0.83532 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.01971 |
| scoring_system |
epss |
| scoring_elements |
0.83522 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.01971 |
| scoring_system |
epss |
| scoring_elements |
0.83498 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.01971 |
| scoring_system |
epss |
| scoring_elements |
0.83536 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.01971 |
| scoring_system |
epss |
| scoring_elements |
0.83541 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-28346 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
| reference_url |
https://github.com/advisories/GHSA-2gwj-7jmv-h26r |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
CRITICAL |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-2gwj-7jmv-h26r |
|
| 13 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@3.2.13 |
| purl |
pkg:pypi/django@3.2.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 1 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 2 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 3 |
| vulnerability |
VCID-78r4-85ms-63hm |
|
| 4 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 5 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 8 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 9 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 10 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 11 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 12 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 13 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 14 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 15 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 16 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.13 |
|
| 1 |
| url |
pkg:pypi/django@4.0.4 |
| purl |
pkg:pypi/django@4.0.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 1 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 2 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 3 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 4 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 5 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 6 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 7 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 8 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 9 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 10 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 11 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.4 |
|
|
| aliases |
BIT-django-2022-28346, CVE-2022-28346, GHSA-2gwj-7jmv-h26r, PYSEC-2022-190
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pa75-6avj-duf7 |
|
| 18 |
| url |
VCID-t6uc-dfrd-jyfg |
| vulnerability_id |
VCID-t6uc-dfrd-jyfg |
| summary |
An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
| reference_url |
https://github.com/advisories/GHSA-p64x-8rxx-wf6q |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
CRITICAL |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-p64x-8rxx-wf6q |
|
| 13 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@3.2.14 |
| purl |
pkg:pypi/django@3.2.14 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 1 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 2 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 3 |
| vulnerability |
VCID-78r4-85ms-63hm |
|
| 4 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 5 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 8 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 9 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 10 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 11 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 12 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 13 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 14 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 15 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.14 |
|
| 1 |
| url |
pkg:pypi/django@4.0.6 |
| purl |
pkg:pypi/django@4.0.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 1 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 2 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 3 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 4 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 5 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 6 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 7 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 8 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 9 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 10 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.6 |
|
|
| aliases |
BIT-django-2022-34265, CVE-2022-34265, GHSA-p64x-8rxx-wf6q, PYSEC-2022-213
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-t6uc-dfrd-jyfg |
|
| 19 |
| url |
VCID-th9v-dk98-3kea |
| vulnerability_id |
VCID-th9v-dk98-3kea |
| summary |
A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-28347 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01101 |
| scoring_system |
epss |
| scoring_elements |
0.78054 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.01101 |
| scoring_system |
epss |
| scoring_elements |
0.78057 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.01101 |
| scoring_system |
epss |
| scoring_elements |
0.78075 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.01101 |
| scoring_system |
epss |
| scoring_elements |
0.78048 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.01101 |
| scoring_system |
epss |
| scoring_elements |
0.78043 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.01101 |
| scoring_system |
epss |
| scoring_elements |
0.78005 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.01101 |
| scoring_system |
epss |
| scoring_elements |
0.78017 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.01101 |
| scoring_system |
epss |
| scoring_elements |
0.78034 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-28347 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
| reference_url |
https://github.com/advisories/GHSA-w24h-v9qh-8gxj |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
CRITICAL |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-w24h-v9qh-8gxj |
|
| 13 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@3.2.13 |
| purl |
pkg:pypi/django@3.2.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 1 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 2 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 3 |
| vulnerability |
VCID-78r4-85ms-63hm |
|
| 4 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 5 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 8 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 9 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 10 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 11 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 12 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 13 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 14 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 15 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 16 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.13 |
|
| 1 |
| url |
pkg:pypi/django@4.0.4 |
| purl |
pkg:pypi/django@4.0.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 1 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 2 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 3 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 4 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 5 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 6 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 7 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 8 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 9 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 10 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 11 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.4 |
|
|
| aliases |
BIT-django-2022-28347, CVE-2022-28347, GHSA-w24h-v9qh-8gxj, PYSEC-2022-191
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-th9v-dk98-3kea |
|
| 20 |
| url |
VCID-ume2-wt6y-jye7 |
| vulnerability_id |
VCID-ume2-wt6y-jye7 |
| summary |
The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-22818 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00601 |
| scoring_system |
epss |
| scoring_elements |
0.69478 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00601 |
| scoring_system |
epss |
| scoring_elements |
0.69424 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00601 |
| scoring_system |
epss |
| scoring_elements |
0.69492 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00601 |
| scoring_system |
epss |
| scoring_elements |
0.69507 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00601 |
| scoring_system |
epss |
| scoring_elements |
0.69486 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00601 |
| scoring_system |
epss |
| scoring_elements |
0.6944 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00601 |
| scoring_system |
epss |
| scoring_elements |
0.6942 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00601 |
| scoring_system |
epss |
| scoring_elements |
0.6947 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-22818 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
| reference_url |
https://github.com/advisories/GHSA-95rw-fx8r-36v6 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-95rw-fx8r-36v6 |
|
| 13 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@3.2.12 |
| purl |
pkg:pypi/django@3.2.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 1 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 2 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 3 |
| vulnerability |
VCID-78r4-85ms-63hm |
|
| 4 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 5 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 8 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 9 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 10 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 11 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 12 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 13 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 14 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 15 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 16 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 17 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 18 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.12 |
|
| 1 |
| url |
pkg:pypi/django@4.0.2 |
| purl |
pkg:pypi/django@4.0.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 1 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 2 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 3 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 4 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 5 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 6 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 7 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 8 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 9 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 10 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 11 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 12 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 13 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.2 |
|
|
| aliases |
BIT-django-2022-22818, CVE-2022-22818, GHSA-95rw-fx8r-36v6, PYSEC-2022-19
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ume2-wt6y-jye7 |
|
| 21 |
| url |
VCID-w4pr-k5nj-ckgy |
| vulnerability_id |
VCID-w4pr-k5nj-ckgy |
| summary |
Django is subject to SQL injection through its column aliases
An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed QuerySet.annotate() or QuerySet.alias(). |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-57833 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05586 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05593 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05603 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05631 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.00022 |
| scoring_system |
epss |
| scoring_elements |
0.05868 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00022 |
| scoring_system |
epss |
| scoring_elements |
0.05828 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00022 |
| scoring_system |
epss |
| scoring_elements |
0.05834 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.00022 |
| scoring_system |
epss |
| scoring_elements |
0.05798 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-57833 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@4.2.24 |
| purl |
pkg:pypi/django@4.2.24 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 1 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 6 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 7 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 8 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 9 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 10 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 11 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 12 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 13 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.24 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@5.2.6 |
| purl |
pkg:pypi/django@5.2.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 1 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 6 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 7 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 8 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 9 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 10 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 11 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 12 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 13 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.6 |
|
|
| aliases |
CVE-2025-57833, GHSA-6w2r-r2m5-xq5w
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w4pr-k5nj-ckgy |
|
| 22 |
| url |
VCID-wz1q-1tjp-4qhw |
| vulnerability_id |
VCID-wz1q-1tjp-4qhw |
| summary |
In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-36053 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.09595 |
| scoring_system |
epss |
| scoring_elements |
0.92859 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.09595 |
| scoring_system |
epss |
| scoring_elements |
0.92875 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.09595 |
| scoring_system |
epss |
| scoring_elements |
0.9287 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.09595 |
| scoring_system |
epss |
| scoring_elements |
0.92856 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.09595 |
| scoring_system |
epss |
| scoring_elements |
0.92857 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.09595 |
| scoring_system |
epss |
| scoring_elements |
0.92866 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-36053 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
| reference_url |
https://www.debian.org/security/2023/dsa-5465 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:03:28Z/ |
|
|
| url |
https://www.debian.org/security/2023/dsa-5465 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@4.2.3 |
| purl |
pkg:pypi/django@4.2.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 1 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 2 |
| vulnerability |
VCID-3sac-ah8j-pucd |
|
| 3 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 4 |
| vulnerability |
VCID-78r4-85ms-63hm |
|
| 5 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 6 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 7 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 8 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 9 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 10 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 11 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 12 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 13 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 14 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 15 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 16 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 17 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 18 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 19 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 20 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 21 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 22 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 23 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 24 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 25 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 26 |
| vulnerability |
VCID-rmdp-bnjj-zuf2 |
|
| 27 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 28 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 29 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 30 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 31 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 32 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 33 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 34 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 35 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 36 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.3 |
|
|
| aliases |
BIT-django-2023-36053, CVE-2023-36053, GHSA-jh3w-4vvf-mjgr, PYSEC-2023-100
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wz1q-1tjp-4qhw |
|
| 23 |
| url |
VCID-ypub-ukuh-p3aw |
| vulnerability_id |
VCID-ypub-ukuh-p3aw |
| summary |
An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-24580 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.25408 |
| scoring_system |
epss |
| scoring_elements |
0.96191 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.25408 |
| scoring_system |
epss |
| scoring_elements |
0.96195 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.25408 |
| scoring_system |
epss |
| scoring_elements |
0.96205 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.25408 |
| scoring_system |
epss |
| scoring_elements |
0.96213 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.25408 |
| scoring_system |
epss |
| scoring_elements |
0.96211 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.25408 |
| scoring_system |
epss |
| scoring_elements |
0.96212 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.25408 |
| scoring_system |
epss |
| scoring_elements |
0.96208 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.25408 |
| scoring_system |
epss |
| scoring_elements |
0.96184 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-24580 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@3.2.18 |
| purl |
pkg:pypi/django@3.2.18 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 1 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 2 |
| vulnerability |
VCID-78r4-85ms-63hm |
|
| 3 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 4 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 5 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 6 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 7 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 8 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 9 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 10 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 11 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.18 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@4.1.7 |
| purl |
pkg:pypi/django@4.1.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 1 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 2 |
| vulnerability |
VCID-78r4-85ms-63hm |
|
| 3 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 4 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 5 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 6 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 7 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 8 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 9 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.7 |
|
|
| aliases |
BIT-django-2023-24580, CVE-2023-24580, GHSA-2hrw-hx67-34x6, PYSEC-2023-13
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ypub-ukuh-p3aw |
|
| 24 |
| url |
VCID-z8z1-cjee-kfeg |
| vulnerability_id |
VCID-z8z1-cjee-kfeg |
| summary |
An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where access to user registration was unrestricted, this provided a potential vector for a denial-of-service attack. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-45115 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00428 |
| scoring_system |
epss |
| scoring_elements |
0.62355 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00428 |
| scoring_system |
epss |
| scoring_elements |
0.62461 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00428 |
| scoring_system |
epss |
| scoring_elements |
0.62483 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00428 |
| scoring_system |
epss |
| scoring_elements |
0.62494 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00428 |
| scoring_system |
epss |
| scoring_elements |
0.62475 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00428 |
| scoring_system |
epss |
| scoring_elements |
0.62413 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.00428 |
| scoring_system |
epss |
| scoring_elements |
0.62444 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.00428 |
| scoring_system |
epss |
| scoring_elements |
0.62459 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00428 |
| scoring_system |
epss |
| scoring_elements |
0.62411 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-45115 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@3.2.11 |
| purl |
pkg:pypi/django@3.2.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 1 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 2 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 3 |
| vulnerability |
VCID-78r4-85ms-63hm |
|
| 4 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 5 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 8 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 9 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 10 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 11 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 12 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 13 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 14 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 15 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 16 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 17 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 18 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 19 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 20 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.11 |
|
| 1 |
| url |
pkg:pypi/django@4.0.1 |
| purl |
pkg:pypi/django@4.0.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 1 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 2 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 3 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 4 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 5 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 6 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 7 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 8 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 9 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 10 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 11 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 12 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 13 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 14 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 15 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.1 |
|
|
| aliases |
BIT-django-2021-45115, CVE-2021-45115, GHSA-53qw-q765-4fww, PYSEC-2022-1
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-z8z1-cjee-kfeg |
|
|
|---|