Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/django@4.1.8

Type pypi

Namespace

Name django

Version 4.1.8

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 4.2.30

Latest_non_vulnerable_version 6.0.5

Affected_by_vulnerabilities

url VCID-42x9-8c3c-bug1

vulnerability_id VCID-42x9-8c3c-bug1

summary In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31047.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31047.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-31047

reference_id

reference_type

scores

value	0.00122
scoring_system	epss
scoring_elements	0.3134
published_at	2026-04-08T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31425
published_at	2026-04-02T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31467
published_at	2026-04-04T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31331
published_at	2026-04-12T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31375
published_at	2026-04-11T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31371
published_at	2026-04-09T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31286
published_at	2026-04-07T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.30904
published_at	2026-04-29T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.30987
published_at	2026-04-26T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31109
published_at	2026-04-24T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31279
published_at	2026-04-21T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31306
published_at	2026-04-18T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31327
published_at	2026-04-16T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31293
published_at	2026-04-13T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.38309
published_at	2026-05-12T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.38283
published_at	2026-05-11T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.38372
published_at	2026-05-09T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.38362
published_at	2026-05-07T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.38291
published_at	2026-05-05T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.38383
published_at	2026-05-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-31047

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31047
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31047

reference_url

https://docs.djangoproject.com/en/4.2/releases/security

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://docs.djangoproject.com/en/4.2/releases/security

reference_url

https://docs.djangoproject.com/en/4.2/releases/security/

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-29T15:49:48Z/

url

https://docs.djangoproject.com/en/4.2/releases/security/

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/django/django

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django

reference_url

https://github.com/django/django/commit/21b1b1fc03e5f9e9f8c977ee6e35618dd3b353dd

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/21b1b1fc03e5f9e9f8c977ee6e35618dd3b353dd

reference_url

https://github.com/django/django/commit/e7c3a2ccc3a562328600be05068ed9149e12ce64

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/e7c3a2ccc3a562328600be05068ed9149e12ce64

reference_url

https://github.com/django/django/commit/eed53d0011622e70b936e203005f0e6f4ac48965

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/eed53d0011622e70b936e203005f0e6f4ac48965

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-61.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-61.yaml

reference_url

https://groups.google.com/forum/#!forum/django-announce

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!forum/django-announce

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNEHD6N435OE2XUFGDAAVAXSYWLCUBFD

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNEHD6N435OE2XUFGDAAVAXSYWLCUBFD

reference_url

https://security.netapp.com/advisory/ntap-20230609-0008

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20230609-0008

reference_url

https://www.djangoproject.com/weblog/2023/may/03/security-releases

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.djangoproject.com/weblog/2023/may/03/security-releases

reference_url

https://www.djangoproject.com/weblog/2023/may/03/security-releases/

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-29T15:49:48Z/

url

https://www.djangoproject.com/weblog/2023/may/03/security-releases/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035467
reference_id	1035467
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035467

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2192565
reference_id	2192565
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2192565

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW/

reference_id

A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-29T15:49:48Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-31047

reference_id

CVE-2023-31047

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-31047

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DNEHD6N435OE2XUFGDAAVAXSYWLCUBFD/

reference_id

DNEHD6N435OE2XUFGDAAVAXSYWLCUBFD

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-29T15:49:48Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DNEHD6N435OE2XUFGDAAVAXSYWLCUBFD/

reference_url

https://github.com/advisories/GHSA-r3xc-prgr-mg9p

reference_id

GHSA-r3xc-prgr-mg9p

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-r3xc-prgr-mg9p

reference_url

https://security.netapp.com/advisory/ntap-20230609-0008/

reference_id

ntap-20230609-0008

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-29T15:49:48Z/

url

https://security.netapp.com/advisory/ntap-20230609-0008/

reference_url	https://access.redhat.com/errata/RHSA-2023:4591
reference_id	RHSA-2023:4591
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4591

reference_url	https://access.redhat.com/errata/RHSA-2023:5931
reference_id	RHSA-2023:5931
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5931

reference_url	https://access.redhat.com/errata/RHSA-2023:6818
reference_id	RHSA-2023:6818
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6818

reference_url	https://usn.ubuntu.com/6054-1/
reference_id	USN-6054-1
reference_type
scores
url	https://usn.ubuntu.com/6054-1/

reference_url	https://usn.ubuntu.com/6054-2/
reference_id	USN-6054-2
reference_type
scores
url	https://usn.ubuntu.com/6054-2/

fixed_packages

url pkg:pypi/django@4.1.9

purl pkg:pypi/django@4.1.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4ztz-fq98-5fh1

vulnerability	VCID-78r4-85ms-63hm

vulnerability	VCID-84mm-45p6-xkau

vulnerability	VCID-896g-hqec-ryb9

vulnerability	VCID-8m4b-y4va-kqgm

vulnerability	VCID-9uzd-mmyv-mfh4

vulnerability	VCID-e2jd-yd4j-kqgt

vulnerability	VCID-w4pr-k5nj-ckgy

vulnerability	VCID-wz1q-1tjp-4qhw

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.9

url pkg:pypi/django@4.2.1

purl pkg:pypi/django@4.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1adz-zw3h-pqek

vulnerability	VCID-28g3-ubx6-ebff

vulnerability	VCID-2tfv-rtq7-2fg9

vulnerability	VCID-3sac-ah8j-pucd

vulnerability	VCID-46pv-pzsu-jucd

vulnerability	VCID-4ztz-fq98-5fh1

vulnerability	VCID-78r4-85ms-63hm

vulnerability	VCID-7tph-k8q2-bue2

vulnerability	VCID-84mm-45p6-xkau

vulnerability	VCID-896g-hqec-ryb9

vulnerability	VCID-8m4b-y4va-kqgm

vulnerability	VCID-8qu1-45n9-gyb1

vulnerability	VCID-8xgs-8xjr-cber

vulnerability	VCID-9abh-apwm-ebab

vulnerability	VCID-9uzd-mmyv-mfh4

vulnerability	VCID-ac4c-321h-tqfk

vulnerability	VCID-c6xy-v4sf-u3hn

vulnerability	VCID-e2jd-yd4j-kqgt

vulnerability	VCID-e87q-1j8h-93hh

vulnerability	VCID-e9k9-1s9f-dbgv

vulnerability	VCID-ff2a-at5f-2qa8

vulnerability	VCID-gfym-spzk-w7gk

vulnerability	VCID-jh1e-72hp-fuf4

vulnerability	VCID-jzae-1awh-k7cm

vulnerability	VCID-m91a-6235-nye9

vulnerability	VCID-mga4-an1w-qqf9

vulnerability	VCID-msge-1mfu-7qfa

vulnerability	VCID-mux4-uv98-hbbw

vulnerability	VCID-nda7-9219-6kce

vulnerability	VCID-q12d-kv8p-8ff7

vulnerability	VCID-rmdp-bnjj-zuf2

vulnerability	VCID-ssut-reka-r3f8

vulnerability	VCID-u3zk-tff2-aua9

vulnerability	VCID-ukkt-wgau-t3et

vulnerability	VCID-v1xr-z4zu-yfb4

vulnerability	VCID-vwt9-q3dt-vbfg

vulnerability	VCID-w4pr-k5nj-ckgy

vulnerability	VCID-wwa5-mhgu-9khz

vulnerability	VCID-wz1q-1tjp-4qhw

vulnerability	VCID-xgv1-s2ek-q3dp

vulnerability	VCID-xhpa-mffz-syfy

vulnerability	VCID-ysyp-h7ja-yff3

vulnerability	VCID-z27q-zfpz-ckby

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.1

aliases BIT-django-2023-31047, CVE-2023-31047, GHSA-r3xc-prgr-mg9p, PYSEC-2023-61

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-42x9-8c3c-bug1

url VCID-4ztz-fq98-5fh1

vulnerability_id VCID-4ztz-fq98-5fh1

summary In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41164.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41164.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-41164

reference_id

reference_type

scores

value	0.00406
scoring_system	epss
scoring_elements	0.61202
published_at	2026-05-14T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61025
published_at	2026-04-02T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61143
published_at	2026-05-12T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61116
published_at	2026-05-11T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61154
published_at	2026-05-09T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61095
published_at	2026-05-07T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61045
published_at	2026-05-05T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61097
published_at	2026-04-29T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61092
published_at	2026-04-24T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61053
published_at	2026-04-04T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61019
published_at	2026-04-07T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61067
published_at	2026-04-08T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61083
published_at	2026-04-09T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61104
published_at	2026-04-26T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.6109
published_at	2026-04-12T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61103
published_at	2026-04-21T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.6112
published_at	2026-04-18T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61113
published_at	2026-04-16T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61071
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-41164

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460

reference_url

https://docs.djangoproject.com/en/4.2/releases/security

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://docs.djangoproject.com/en/4.2/releases/security

reference_url	https://docs.djangoproject.com/en/4.2/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.2/releases/security/

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/django/django

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django

reference_url

https://github.com/django/django/commit/6f030b1149bd8fa4ba90452e77cb3edc095ce54e

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/6f030b1149bd8fa4ba90452e77cb3edc095ce54e

reference_url

https://github.com/django/django/commit/9c51b4dcfa0cefcb48231f4d71cafa80821f87b9

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/9c51b4dcfa0cefcb48231f4d71cafa80821f87b9

reference_url

https://github.com/django/django/commit/ba00bc5ec6a7eff5e08be438f7b5b0e9574e8ff0

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/ba00bc5ec6a7eff5e08be438f7b5b0e9574e8ff0

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-225.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-225.yaml

reference_url

https://groups.google.com/forum/#%21forum/django-announce

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#%21forum/django-announce

reference_url

https://groups.google.com/forum/#!forum/django-announce

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!forum/django-announce

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D

reference_url

https://security.netapp.com/advisory/ntap-20231214-0002

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20231214-0002

reference_url

https://www.djangoproject.com/weblog/2023/sep/04/security-releases

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.djangoproject.com/weblog/2023/sep/04/security-releases

reference_url	https://www.djangoproject.com/weblog/2023/sep/04/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2023/sep/04/security-releases/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051226
reference_id	1051226
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051226

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2237258
reference_id	2237258
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2237258

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-41164

reference_id

CVE-2023-41164

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-41164

reference_url

https://github.com/advisories/GHSA-7h4p-27mh-hmrw

reference_id

GHSA-7h4p-27mh-hmrw

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7h4p-27mh-hmrw

reference_url	https://security.gentoo.org/glsa/202509-03
reference_id	GLSA-202509-03
reference_type
scores
url	https://security.gentoo.org/glsa/202509-03

reference_url	https://access.redhat.com/errata/RHSA-2023:5208
reference_id	RHSA-2023:5208
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5208

reference_url	https://access.redhat.com/errata/RHSA-2024:1878
reference_id	RHSA-2024:1878
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1878

reference_url	https://usn.ubuntu.com/6378-1/
reference_id	USN-6378-1
reference_type
scores
url	https://usn.ubuntu.com/6378-1/

reference_url	https://usn.ubuntu.com/6414-2/
reference_id	USN-6414-2
reference_type
scores
url	https://usn.ubuntu.com/6414-2/

fixed_packages

url pkg:pypi/django@4.1.11

purl pkg:pypi/django@4.1.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-78r4-85ms-63hm

vulnerability	VCID-84mm-45p6-xkau

vulnerability	VCID-896g-hqec-ryb9

vulnerability	VCID-8m4b-y4va-kqgm

vulnerability	VCID-9uzd-mmyv-mfh4

vulnerability	VCID-e2jd-yd4j-kqgt

vulnerability	VCID-w4pr-k5nj-ckgy

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.11

url pkg:pypi/django@4.2.5

purl pkg:pypi/django@4.2.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1adz-zw3h-pqek

vulnerability	VCID-28g3-ubx6-ebff

vulnerability	VCID-2tfv-rtq7-2fg9

vulnerability	VCID-3sac-ah8j-pucd

vulnerability	VCID-46pv-pzsu-jucd

vulnerability	VCID-78r4-85ms-63hm

vulnerability	VCID-7tph-k8q2-bue2

vulnerability	VCID-84mm-45p6-xkau

vulnerability	VCID-896g-hqec-ryb9

vulnerability	VCID-8m4b-y4va-kqgm

vulnerability	VCID-8qu1-45n9-gyb1

vulnerability	VCID-8xgs-8xjr-cber

vulnerability	VCID-9abh-apwm-ebab

vulnerability	VCID-9uzd-mmyv-mfh4

vulnerability	VCID-ac4c-321h-tqfk

vulnerability	VCID-c6xy-v4sf-u3hn

vulnerability	VCID-e2jd-yd4j-kqgt

vulnerability	VCID-e87q-1j8h-93hh

vulnerability	VCID-e9k9-1s9f-dbgv

vulnerability	VCID-ff2a-at5f-2qa8

vulnerability	VCID-gfym-spzk-w7gk

vulnerability	VCID-jh1e-72hp-fuf4

vulnerability	VCID-jzae-1awh-k7cm

vulnerability	VCID-m91a-6235-nye9

vulnerability	VCID-mga4-an1w-qqf9

vulnerability	VCID-msge-1mfu-7qfa

vulnerability	VCID-mux4-uv98-hbbw

vulnerability	VCID-nda7-9219-6kce

vulnerability	VCID-q12d-kv8p-8ff7

vulnerability	VCID-rmdp-bnjj-zuf2

vulnerability	VCID-ssut-reka-r3f8

vulnerability	VCID-u3zk-tff2-aua9

vulnerability	VCID-ukkt-wgau-t3et

vulnerability	VCID-v1xr-z4zu-yfb4

vulnerability	VCID-vwt9-q3dt-vbfg

vulnerability	VCID-w4pr-k5nj-ckgy

vulnerability	VCID-wwa5-mhgu-9khz

vulnerability	VCID-xgv1-s2ek-q3dp

vulnerability	VCID-xhpa-mffz-syfy

vulnerability	VCID-ysyp-h7ja-yff3

vulnerability	VCID-z27q-zfpz-ckby

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.5

aliases BIT-django-2023-41164, CVE-2023-41164, GHSA-7h4p-27mh-hmrw, PYSEC-2023-225

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4ztz-fq98-5fh1

url VCID-78r4-85ms-63hm

vulnerability_id VCID-78r4-85ms-63hm

summary An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46695.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46695.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-46695

reference_id

reference_type

scores

value	0.03582
scoring_system	epss
scoring_elements	0.87868
published_at	2026-05-14T12:55:00Z

value	0.03582
scoring_system	epss
scoring_elements	0.877
published_at	2026-04-02T12:55:00Z

value	0.03582
scoring_system	epss
scoring_elements	0.87836
published_at	2026-05-12T12:55:00Z

value	0.03582
scoring_system	epss
scoring_elements	0.87822
published_at	2026-05-11T12:55:00Z

value	0.03582
scoring_system	epss
scoring_elements	0.87825
published_at	2026-05-09T12:55:00Z

value	0.03582
scoring_system	epss
scoring_elements	0.87807
published_at	2026-05-07T12:55:00Z

value	0.03582
scoring_system	epss
scoring_elements	0.87792
published_at	2026-05-05T12:55:00Z

value	0.03582
scoring_system	epss
scoring_elements	0.87714
published_at	2026-04-07T12:55:00Z

value	0.03582
scoring_system	epss
scoring_elements	0.87752
published_at	2026-04-11T12:55:00Z

value	0.03582
scoring_system	epss
scoring_elements	0.87741
published_at	2026-04-09T12:55:00Z

value	0.03582
scoring_system	epss
scoring_elements	0.87735
published_at	2026-04-08T12:55:00Z

value	0.03582
scoring_system	epss
scoring_elements	0.87778
published_at	2026-04-29T12:55:00Z

value	0.03582
scoring_system	epss
scoring_elements	0.8778
published_at	2026-04-26T12:55:00Z

value	0.03582
scoring_system	epss
scoring_elements	0.87774
published_at	2026-04-24T12:55:00Z

value	0.03582
scoring_system	epss
scoring_elements	0.87712
published_at	2026-04-04T12:55:00Z

value	0.03582
scoring_system	epss
scoring_elements	0.87757
published_at	2026-04-21T12:55:00Z

value	0.03582
scoring_system	epss
scoring_elements	0.87758
published_at	2026-04-18T12:55:00Z

value	0.03582
scoring_system	epss
scoring_elements	0.87759
published_at	2026-04-16T12:55:00Z

value	0.03582
scoring_system	epss
scoring_elements	0.87745
published_at	2026-04-13T12:55:00Z

value	0.03582
scoring_system	epss
scoring_elements	0.87746
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-46695

reference_url

https://docs.djangoproject.com/en/4.2/releases/security

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://docs.djangoproject.com/en/4.2/releases/security

reference_url	https://docs.djangoproject.com/en/4.2/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.2/releases/security/

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/django/django

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django

reference_url

https://github.com/django/django/commit/048a9ebb6ea468426cb4e57c71572cbbd975517f

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/048a9ebb6ea468426cb4e57c71572cbbd975517f

reference_url

https://github.com/django/django/commit/4965bfdde2e5a5c883685019e57d123a3368a75e

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/4965bfdde2e5a5c883685019e57d123a3368a75e

reference_url

https://github.com/django/django/commit/f9a7fb8466a7ba4857eaf930099b5258f3eafb2b

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/f9a7fb8466a7ba4857eaf930099b5258f3eafb2b

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-222.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-222.yaml

reference_url

https://groups.google.com/forum/#%21forum/django-announce

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#%21forum/django-announce

reference_url

https://groups.google.com/forum/#!forum/django-announce

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!forum/django-announce

reference_url

https://security.netapp.com/advisory/ntap-20231214-0001

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20231214-0001

reference_url

https://www.djangoproject.com/weblog/2023/nov/01/security-releases

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.djangoproject.com/weblog/2023/nov/01/security-releases

reference_url	https://www.djangoproject.com/weblog/2023/nov/01/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2023/nov/01/security-releases/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2247097
reference_id	2247097
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2247097

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-46695

reference_id

CVE-2023-46695

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-46695

reference_url

https://github.com/advisories/GHSA-qmf9-6jqf-j8fq

reference_id

GHSA-qmf9-6jqf-j8fq

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qmf9-6jqf-j8fq

fixed_packages

url pkg:pypi/django@4.1.13

purl pkg:pypi/django@4.1.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-84mm-45p6-xkau

vulnerability	VCID-896g-hqec-ryb9

vulnerability	VCID-9uzd-mmyv-mfh4

vulnerability	VCID-e2jd-yd4j-kqgt

vulnerability	VCID-w4pr-k5nj-ckgy

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.13

url pkg:pypi/django@4.2.7

purl pkg:pypi/django@4.2.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1adz-zw3h-pqek

vulnerability	VCID-28g3-ubx6-ebff

vulnerability	VCID-2tfv-rtq7-2fg9

vulnerability	VCID-3sac-ah8j-pucd

vulnerability	VCID-46pv-pzsu-jucd

vulnerability	VCID-7tph-k8q2-bue2

vulnerability	VCID-84mm-45p6-xkau

vulnerability	VCID-896g-hqec-ryb9

vulnerability	VCID-8qu1-45n9-gyb1

vulnerability	VCID-8xgs-8xjr-cber

vulnerability	VCID-9abh-apwm-ebab

vulnerability	VCID-9uzd-mmyv-mfh4

vulnerability	VCID-ac4c-321h-tqfk

vulnerability	VCID-c6xy-v4sf-u3hn

vulnerability	VCID-e2jd-yd4j-kqgt

vulnerability	VCID-e87q-1j8h-93hh

vulnerability	VCID-e9k9-1s9f-dbgv

vulnerability	VCID-ff2a-at5f-2qa8

vulnerability	VCID-gfym-spzk-w7gk

vulnerability	VCID-jh1e-72hp-fuf4

vulnerability	VCID-jzae-1awh-k7cm

vulnerability	VCID-m91a-6235-nye9

vulnerability	VCID-mga4-an1w-qqf9

vulnerability	VCID-msge-1mfu-7qfa

vulnerability	VCID-mux4-uv98-hbbw

vulnerability	VCID-nda7-9219-6kce

vulnerability	VCID-q12d-kv8p-8ff7

vulnerability	VCID-rmdp-bnjj-zuf2

vulnerability	VCID-ssut-reka-r3f8

vulnerability	VCID-u3zk-tff2-aua9

vulnerability	VCID-ukkt-wgau-t3et

vulnerability	VCID-v1xr-z4zu-yfb4

vulnerability	VCID-vwt9-q3dt-vbfg

vulnerability	VCID-w4pr-k5nj-ckgy

vulnerability	VCID-wwa5-mhgu-9khz

vulnerability	VCID-xgv1-s2ek-q3dp

vulnerability	VCID-xhpa-mffz-syfy

vulnerability	VCID-ysyp-h7ja-yff3

vulnerability	VCID-z27q-zfpz-ckby

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.7

aliases BIT-django-2023-46695, CVE-2023-46695, GHSA-qmf9-6jqf-j8fq, PYSEC-2023-222

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-78r4-85ms-63hm

url VCID-84mm-45p6-xkau

vulnerability_id VCID-84mm-45p6-xkau

summary

Django has a denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on Windows
An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.
NFKC normalization in Python is slow on Windows. As a consequence, `django.http.HttpResponseRedirect`, `django.http.HttpResponsePermanentRedirect`, and the shortcut `django.shortcuts.redirect`  were subject to a potential  denial-of-service attack via certain inputs with a very large number of Unicode characters.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Seokchan Yoon for reporting this issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64458.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64458.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-64458

reference_id

reference_type

scores

value	0.0002
scoring_system	epss
scoring_elements	0.05417
published_at	2026-04-04T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05432
published_at	2026-04-13T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05438
published_at	2026-04-12T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05452
published_at	2026-04-11T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.0548
published_at	2026-04-09T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05459
published_at	2026-04-08T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05424
published_at	2026-04-07T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06629
published_at	2026-04-29T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06633
published_at	2026-04-26T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06618
published_at	2026-04-24T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06603
published_at	2026-04-21T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06454
published_at	2026-04-18T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06443
published_at	2026-04-16T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06902
published_at	2026-05-14T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06846
published_at	2026-05-11T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06843
published_at	2026-05-09T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06777
published_at	2026-05-07T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06649
published_at	2026-05-05T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06864
published_at	2026-05-12T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07235
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-64458

reference_url

https://docs.djangoproject.com/en/dev/releases/security

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://docs.djangoproject.com/en/dev/releases/security

reference_url

https://github.com/django/django

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django

reference_url

https://github.com/django/django/commit/3790593781d26168e7306b5b2f8ea0309de16242

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/3790593781d26168e7306b5b2f8ea0309de16242

reference_url

https://github.com/django/django/commit/4f5d904b63751dea9ffc3b0e046404a7fa5881ac

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/4f5d904b63751dea9ffc3b0e046404a7fa5881ac

reference_url

https://github.com/django/django/commit/6e13348436fccf8f22982921d6a3a3e65c956a9f

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/6e13348436fccf8f22982921d6a3a3e65c956a9f

reference_url

https://github.com/django/django/commit/770eea38d7a0e9ba9455140b5a9a9e33618226a7

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/770eea38d7a0e9ba9455140b5a9a9e33618226a7

reference_url

https://groups.google.com/g/django-announce

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-05T16:20:23Z/

url

https://groups.google.com/g/django-announce

reference_url

https://www.djangoproject.com/weblog/2025/nov/05/security-releases

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.djangoproject.com/weblog/2025/nov/05/security-releases

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2412649
reference_id	2412649
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2412649

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-64458

reference_id

CVE-2025-64458

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-64458

reference_url

https://github.com/advisories/GHSA-qw25-v68c-qjf3

reference_id

GHSA-qw25-v68c-qjf3

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qw25-v68c-qjf3

reference_url

https://www.djangoproject.com/weblog/2025/nov/05/security-releases/

reference_id

security-releases

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-05T16:20:23Z/

url

https://www.djangoproject.com/weblog/2025/nov/05/security-releases/

fixed_packages

url pkg:pypi/django@4.2.26

purl pkg:pypi/django@4.2.26

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1adz-zw3h-pqek

vulnerability	VCID-28g3-ubx6-ebff

vulnerability	VCID-2tfv-rtq7-2fg9

vulnerability	VCID-46pv-pzsu-jucd

vulnerability	VCID-8qu1-45n9-gyb1

vulnerability	VCID-ac4c-321h-tqfk

vulnerability	VCID-e9k9-1s9f-dbgv

vulnerability	VCID-ff2a-at5f-2qa8

vulnerability	VCID-gfym-spzk-w7gk

vulnerability	VCID-msge-1mfu-7qfa

vulnerability	VCID-nda7-9219-6kce

vulnerability	VCID-ssut-reka-r3f8

vulnerability	VCID-ukkt-wgau-t3et

vulnerability	VCID-vwt9-q3dt-vbfg

vulnerability	VCID-ysyp-h7ja-yff3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.26

url pkg:pypi/django@5.1.14

purl pkg:pypi/django@5.1.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ukkt-wgau-t3et

vulnerability	VCID-vwt9-q3dt-vbfg

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.14

url pkg:pypi/django@5.2.8

purl pkg:pypi/django@5.2.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1adz-zw3h-pqek

vulnerability	VCID-28g3-ubx6-ebff

vulnerability	VCID-2tfv-rtq7-2fg9

vulnerability	VCID-46pv-pzsu-jucd

vulnerability	VCID-8qu1-45n9-gyb1

vulnerability	VCID-ac4c-321h-tqfk

vulnerability	VCID-e9k9-1s9f-dbgv

vulnerability	VCID-ff2a-at5f-2qa8

vulnerability	VCID-gfym-spzk-w7gk

vulnerability	VCID-msge-1mfu-7qfa

vulnerability	VCID-nda7-9219-6kce

vulnerability	VCID-ssut-reka-r3f8

vulnerability	VCID-ukkt-wgau-t3et

vulnerability	VCID-vwt9-q3dt-vbfg

vulnerability	VCID-ysyp-h7ja-yff3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.8

url pkg:pypi/django@6.0a1

purl pkg:pypi/django@6.0a1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-28g3-ubx6-ebff

vulnerability	VCID-2tfv-rtq7-2fg9

vulnerability	VCID-8qu1-45n9-gyb1

vulnerability	VCID-e9k9-1s9f-dbgv

vulnerability	VCID-msge-1mfu-7qfa

vulnerability	VCID-ysyp-h7ja-yff3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0a1

aliases CVE-2025-64458, GHSA-qw25-v68c-qjf3

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-84mm-45p6-xkau

url VCID-896g-hqec-ryb9

vulnerability_id VCID-896g-hqec-ryb9

summary An issue was discovered in Django 5.2 before 5.2.2, 5.1 before 5.1.10, and 4.2 before 4.2.22. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48432.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48432.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-48432

reference_id

reference_type

scores

value	0.00411
scoring_system	epss
scoring_elements	0.61555
published_at	2026-05-14T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61502
published_at	2026-05-12T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61474
published_at	2026-05-11T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61512
published_at	2026-05-09T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61378
published_at	2026-04-02T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61446
published_at	2026-04-12T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.6146
published_at	2026-04-11T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61439
published_at	2026-04-09T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61423
published_at	2026-04-08T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61377
published_at	2026-04-07T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61407
published_at	2026-04-04T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61404
published_at	2026-05-05T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61452
published_at	2026-05-07T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61457
published_at	2026-04-26T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61442
published_at	2026-04-24T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61455
published_at	2026-04-21T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61471
published_at	2026-04-18T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61467
published_at	2026-04-16T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61428
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-48432

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460

reference_url

https://docs.djangoproject.com/en/dev/releases/security

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://docs.djangoproject.com/en/dev/releases/security

reference_url

https://docs.djangoproject.com/en/dev/releases/security/

reference_id

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/

url

https://docs.djangoproject.com/en/dev/releases/security/

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/django/django

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-47.yaml

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-47.yaml

reference_url

https://groups.google.com/g/django-announce

reference_id

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/

url

https://groups.google.com/g/django-announce

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-48432

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-48432

reference_url

https://www.djangoproject.com/weblog/2025/jun/04/security-releases

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.djangoproject.com/weblog/2025/jun/04/security-releases

reference_url

https://www.djangoproject.com/weblog/2025/jun/04/security-releases/

reference_id

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/

url

https://www.djangoproject.com/weblog/2025/jun/04/security-releases/

reference_url

https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases

reference_url

http://www.openwall.com/lists/oss-security/2025/06/04/5

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2025/06/04/5

reference_url

http://www.openwall.com/lists/oss-security/2025/06/10/2

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2025/06/10/2

reference_url

http://www.openwall.com/lists/oss-security/2025/06/10/3

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2025/06/10/3

reference_url

http://www.openwall.com/lists/oss-security/2025/06/10/4

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2025/06/10/4

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107282
reference_id	1107282
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107282

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2370365
reference_id	2370365
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2370365

reference_url	https://security.archlinux.org/ASA-202506-6
reference_id	ASA-202506-6
reference_type
scores
url	https://security.archlinux.org/ASA-202506-6

reference_url

https://security.archlinux.org/AVG-2894

reference_id

AVG-2894

reference_type

scores

value	Low
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2894

reference_url

https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases/

reference_id

bugfix-releases

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/

url

https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases/

reference_url

https://github.com/advisories/GHSA-7xr5-9hcq-chf9

reference_id

GHSA-7xr5-9hcq-chf9

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7xr5-9hcq-chf9

reference_url	https://access.redhat.com/errata/RHSA-2025:14686
reference_id	RHSA-2025:14686
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14686

reference_url	https://access.redhat.com/errata/RHSA-2025:16487
reference_id	RHSA-2025:16487
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:16487

reference_url	https://usn.ubuntu.com/7555-1/
reference_id	USN-7555-1
reference_type
scores
url	https://usn.ubuntu.com/7555-1/

fixed_packages

url pkg:pypi/django@4.2.22

purl pkg:pypi/django@4.2.22

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1adz-zw3h-pqek

vulnerability	VCID-28g3-ubx6-ebff

vulnerability	VCID-2tfv-rtq7-2fg9

vulnerability	VCID-46pv-pzsu-jucd

vulnerability	VCID-84mm-45p6-xkau

vulnerability	VCID-8qu1-45n9-gyb1

vulnerability	VCID-9uzd-mmyv-mfh4

vulnerability	VCID-ac4c-321h-tqfk

vulnerability	VCID-c6xy-v4sf-u3hn

vulnerability	VCID-e9k9-1s9f-dbgv

vulnerability	VCID-ff2a-at5f-2qa8

vulnerability	VCID-gfym-spzk-w7gk

vulnerability	VCID-msge-1mfu-7qfa

vulnerability	VCID-mux4-uv98-hbbw

vulnerability	VCID-nda7-9219-6kce

vulnerability	VCID-ssut-reka-r3f8

vulnerability	VCID-ukkt-wgau-t3et

vulnerability	VCID-vwt9-q3dt-vbfg

vulnerability	VCID-w4pr-k5nj-ckgy

vulnerability	VCID-ysyp-h7ja-yff3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.22

url pkg:pypi/django@5.1.10

purl pkg:pypi/django@5.1.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-84mm-45p6-xkau

vulnerability	VCID-9uzd-mmyv-mfh4

vulnerability	VCID-c6xy-v4sf-u3hn

vulnerability	VCID-mux4-uv98-hbbw

vulnerability	VCID-ukkt-wgau-t3et

vulnerability	VCID-vwt9-q3dt-vbfg

vulnerability	VCID-w4pr-k5nj-ckgy

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.10

url pkg:pypi/django@5.2.2

purl pkg:pypi/django@5.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1adz-zw3h-pqek

vulnerability	VCID-28g3-ubx6-ebff

vulnerability	VCID-2tfv-rtq7-2fg9

vulnerability	VCID-46pv-pzsu-jucd

vulnerability	VCID-84mm-45p6-xkau

vulnerability	VCID-8qu1-45n9-gyb1

vulnerability	VCID-9uzd-mmyv-mfh4

vulnerability	VCID-ac4c-321h-tqfk

vulnerability	VCID-c6xy-v4sf-u3hn

vulnerability	VCID-e9k9-1s9f-dbgv

vulnerability	VCID-ff2a-at5f-2qa8

vulnerability	VCID-gfym-spzk-w7gk

vulnerability	VCID-msge-1mfu-7qfa

vulnerability	VCID-mux4-uv98-hbbw

vulnerability	VCID-nda7-9219-6kce

vulnerability	VCID-ssut-reka-r3f8

vulnerability	VCID-ukkt-wgau-t3et

vulnerability	VCID-vwt9-q3dt-vbfg

vulnerability	VCID-w4pr-k5nj-ckgy

vulnerability	VCID-ysyp-h7ja-yff3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.2

aliases BIT-django-2025-48432, CVE-2025-48432, GHSA-7xr5-9hcq-chf9, PYSEC-2025-47

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-896g-hqec-ryb9

url VCID-8m4b-y4va-kqgm

vulnerability_id VCID-8m4b-y4va-kqgm

summary In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43665.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43665.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-43665

reference_id

reference_type

scores

value	0.02194
scoring_system	epss
scoring_elements	0.84423
published_at	2026-04-18T12:55:00Z

value	0.02194
scoring_system	epss
scoring_elements	0.84404
published_at	2026-04-12T12:55:00Z

value	0.02194
scoring_system	epss
scoring_elements	0.844
published_at	2026-04-13T12:55:00Z

value	0.0279
scoring_system	epss
scoring_elements	0.86189
published_at	2026-05-09T12:55:00Z

value	0.0279
scoring_system	epss
scoring_elements	0.8603
published_at	2026-04-02T12:55:00Z

value	0.0279
scoring_system	epss
scoring_elements	0.8617
published_at	2026-05-07T12:55:00Z

value	0.0279
scoring_system	epss
scoring_elements	0.86148
published_at	2026-05-05T12:55:00Z

value	0.0279
scoring_system	epss
scoring_elements	0.86129
published_at	2026-04-29T12:55:00Z

value	0.0279
scoring_system	epss
scoring_elements	0.86119
published_at	2026-04-24T12:55:00Z

value	0.0279
scoring_system	epss
scoring_elements	0.86099
published_at	2026-04-21T12:55:00Z

value	0.0279
scoring_system	epss
scoring_elements	0.86047
published_at	2026-04-04T12:55:00Z

value	0.0279
scoring_system	epss
scoring_elements	0.86046
published_at	2026-04-07T12:55:00Z

value	0.0279
scoring_system	epss
scoring_elements	0.86066
published_at	2026-04-08T12:55:00Z

value	0.0279
scoring_system	epss
scoring_elements	0.86237
published_at	2026-05-14T12:55:00Z

value	0.0279
scoring_system	epss
scoring_elements	0.86198
published_at	2026-05-12T12:55:00Z

value	0.0279
scoring_system	epss
scoring_elements	0.86185
published_at	2026-05-11T12:55:00Z

value	0.0279
scoring_system	epss
scoring_elements	0.86091
published_at	2026-04-11T12:55:00Z

value	0.0279
scoring_system	epss
scoring_elements	0.86076
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-43665

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460

reference_url

https://docs.djangoproject.com/en/4.2/releases/security

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://docs.djangoproject.com/en/4.2/releases/security

reference_url	https://docs.djangoproject.com/en/4.2/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.2/releases/security/

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/django/django

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django

reference_url

https://github.com/django/django/commit/be9c27c4d18c2e6a5be8af4e53c0797440794473

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/be9c27c4d18c2e6a5be8af4e53c0797440794473

reference_url

https://github.com/django/django/commit/c7b7024742250414e426ad49fb80db943e7ba4e8

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/c7b7024742250414e426ad49fb80db943e7ba4e8

reference_url

https://github.com/django/django/commit/ccdade1a0262537868d7ca64374de3d957ca50c5

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/ccdade1a0262537868d7ca64374de3d957ca50c5

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-226.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-226.yaml

reference_url

https://groups.google.com/forum/#%21forum/django-announce

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#%21forum/django-announce

reference_url

https://groups.google.com/forum/#!forum/django-announce

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!forum/django-announce

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D

reference_url

https://security.netapp.com/advisory/ntap-20231221-0001

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20231221-0001

reference_url

https://www.djangoproject.com/weblog/2023/oct/04/security-releases

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.djangoproject.com/weblog/2023/oct/04/security-releases

reference_url	https://www.djangoproject.com/weblog/2023/oct/04/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2023/oct/04/security-releases/

reference_url

http://www.openwall.com/lists/oss-security/2024/03/04/1

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2024/03/04/1

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053475
reference_id	1053475
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053475

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2241046
reference_id	2241046
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2241046

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-43665

reference_id

CVE-2023-43665

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-43665

reference_url

https://github.com/advisories/GHSA-h8gc-pgj2-vjm3

reference_id

GHSA-h8gc-pgj2-vjm3

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-h8gc-pgj2-vjm3

reference_url	https://access.redhat.com/errata/RHSA-2023:6158
reference_id	RHSA-2023:6158
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6158

reference_url	https://access.redhat.com/errata/RHSA-2024:1878
reference_id	RHSA-2024:1878
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1878

reference_url	https://usn.ubuntu.com/6414-1/
reference_id	USN-6414-1
reference_type
scores
url	https://usn.ubuntu.com/6414-1/

reference_url	https://usn.ubuntu.com/6414-2/
reference_id	USN-6414-2
reference_type
scores
url	https://usn.ubuntu.com/6414-2/

fixed_packages

url pkg:pypi/django@4.1.12

purl pkg:pypi/django@4.1.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-78r4-85ms-63hm

vulnerability	VCID-84mm-45p6-xkau

vulnerability	VCID-896g-hqec-ryb9

vulnerability	VCID-9uzd-mmyv-mfh4

vulnerability	VCID-e2jd-yd4j-kqgt

vulnerability	VCID-w4pr-k5nj-ckgy

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.12

url pkg:pypi/django@4.2.6

purl pkg:pypi/django@4.2.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1adz-zw3h-pqek

vulnerability	VCID-28g3-ubx6-ebff

vulnerability	VCID-2tfv-rtq7-2fg9

vulnerability	VCID-3sac-ah8j-pucd

vulnerability	VCID-46pv-pzsu-jucd

vulnerability	VCID-78r4-85ms-63hm

vulnerability	VCID-7tph-k8q2-bue2

vulnerability	VCID-84mm-45p6-xkau

vulnerability	VCID-896g-hqec-ryb9

vulnerability	VCID-8qu1-45n9-gyb1

vulnerability	VCID-8xgs-8xjr-cber

vulnerability	VCID-9abh-apwm-ebab

vulnerability	VCID-9uzd-mmyv-mfh4

vulnerability	VCID-ac4c-321h-tqfk

vulnerability	VCID-c6xy-v4sf-u3hn

vulnerability	VCID-e2jd-yd4j-kqgt

vulnerability	VCID-e87q-1j8h-93hh

vulnerability	VCID-e9k9-1s9f-dbgv

vulnerability	VCID-ff2a-at5f-2qa8

vulnerability	VCID-gfym-spzk-w7gk

vulnerability	VCID-jh1e-72hp-fuf4

vulnerability	VCID-jzae-1awh-k7cm

vulnerability	VCID-m91a-6235-nye9

vulnerability	VCID-mga4-an1w-qqf9

vulnerability	VCID-msge-1mfu-7qfa

vulnerability	VCID-mux4-uv98-hbbw

vulnerability	VCID-nda7-9219-6kce

vulnerability	VCID-q12d-kv8p-8ff7

vulnerability	VCID-rmdp-bnjj-zuf2

vulnerability	VCID-ssut-reka-r3f8

vulnerability	VCID-u3zk-tff2-aua9

vulnerability	VCID-ukkt-wgau-t3et

vulnerability	VCID-v1xr-z4zu-yfb4

vulnerability	VCID-vwt9-q3dt-vbfg

vulnerability	VCID-w4pr-k5nj-ckgy

vulnerability	VCID-wwa5-mhgu-9khz

vulnerability	VCID-xgv1-s2ek-q3dp

vulnerability	VCID-xhpa-mffz-syfy

vulnerability	VCID-ysyp-h7ja-yff3

vulnerability	VCID-z27q-zfpz-ckby

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.6

aliases BIT-django-2023-43665, CVE-2023-43665, GHSA-h8gc-pgj2-vjm3, PYSEC-2023-226

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8m4b-y4va-kqgm

url VCID-9uzd-mmyv-mfh4

vulnerability_id VCID-9uzd-mmyv-mfh4

summary

Django vulnerable to SQL injection via _connector keyword argument in QuerySet and Q objects.
An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.
The methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank cyberstan for reporting this issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64459.json

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64459.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-64459

reference_id

reference_type

scores

value	0.00191
scoring_system	epss
scoring_elements	0.41087
published_at	2026-04-02T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.48966
published_at	2026-05-12T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.48937
published_at	2026-05-11T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.4899
published_at	2026-05-09T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.48963
published_at	2026-05-07T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.489
published_at	2026-05-05T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.48981
published_at	2026-04-29T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.49025
published_at	2026-04-26T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.49016
published_at	2026-04-24T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.49031
published_at	2026-04-21T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.4904
published_at	2026-05-14T12:55:00Z

value	0.00576
scoring_system	epss
scoring_elements	0.68747
published_at	2026-04-04T12:55:00Z

value	0.00576
scoring_system	epss
scoring_elements	0.68724
published_at	2026-04-07T12:55:00Z

value	0.00576
scoring_system	epss
scoring_elements	0.68776
published_at	2026-04-08T12:55:00Z

value	0.00576
scoring_system	epss
scoring_elements	0.68795
published_at	2026-04-09T12:55:00Z

value	0.00576
scoring_system	epss
scoring_elements	0.68818
published_at	2026-04-11T12:55:00Z

value	0.00576
scoring_system	epss
scoring_elements	0.68804
published_at	2026-04-12T12:55:00Z

value	0.00576
scoring_system	epss
scoring_elements	0.68774
published_at	2026-04-13T12:55:00Z

value	0.00642
scoring_system	epss
scoring_elements	0.70648
published_at	2026-04-18T12:55:00Z

value	0.00642
scoring_system	epss
scoring_elements	0.7064
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-64459

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460

reference_url

https://docs.djangoproject.com/en/dev/releases/security

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://docs.djangoproject.com/en/dev/releases/security

reference_url

https://github.com/django/django

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django

reference_url

https://github.com/django/django/commit/06dd38324ac3d60d83d9f3adabf0dcdf423d2a85

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/06dd38324ac3d60d83d9f3adabf0dcdf423d2a85

reference_url

https://github.com/django/django/commit/59ae82e67053d281ff4562a24bbba21299f0a7d4

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/59ae82e67053d281ff4562a24bbba21299f0a7d4

reference_url

https://github.com/django/django/commit/6703f364d767e949c5b0e4016433ef75063b4f9b

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/6703f364d767e949c5b0e4016433ef75063b4f9b

reference_url

https://github.com/django/django/commit/72d2c87431f2ae0431d65d0ec792047f078c8241

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/72d2c87431f2ae0431d65d0ec792047f078c8241

reference_url

https://github.com/omarkurt/django-connector-CVE-2025-64459-testbed

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/omarkurt/django-connector-CVE-2025-64459-testbed

reference_url

https://groups.google.com/g/django-announce

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-11-06T04:55:36Z/

url

https://groups.google.com/g/django-announce

reference_url

https://shivasurya.me/security/django/2025/11/07/django-sql-injection-CVE-2025-64459.html

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://shivasurya.me/security/django/2025/11/07/django-sql-injection-CVE-2025-64459.html

reference_url

https://www.djangoproject.com/weblog/2025/nov/05/security-releases

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.djangoproject.com/weblog/2025/nov/05/security-releases

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120139
reference_id	1120139
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120139

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2412651
reference_id	2412651
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2412651

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52456.py
reference_id	CVE-2025-64459
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52456.py

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-64459

reference_id

CVE-2025-64459

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-64459

reference_url

https://github.com/advisories/GHSA-frmv-pr5f-9mcr

reference_id

GHSA-frmv-pr5f-9mcr

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-frmv-pr5f-9mcr

reference_url	https://access.redhat.com/errata/RHSA-2025:23069
reference_id	RHSA-2025:23069
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23069

reference_url	https://access.redhat.com/errata/RHSA-2025:23070
reference_id	RHSA-2025:23070
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23070

reference_url	https://access.redhat.com/errata/RHSA-2025:23130
reference_id	RHSA-2025:23130
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23130

reference_url	https://access.redhat.com/errata/RHSA-2025:23131
reference_id	RHSA-2025:23131
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23131

reference_url	https://access.redhat.com/errata/RHSA-2025:23133
reference_id	RHSA-2025:23133
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23133

reference_url	https://access.redhat.com/errata/RHSA-2025:23196
reference_id	RHSA-2025:23196
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23196

reference_url	https://access.redhat.com/errata/RHSA-2026:1596
reference_id	RHSA-2026:1596
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1596

reference_url

https://www.djangoproject.com/weblog/2025/nov/05/security-releases/

reference_id

security-releases

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-11-06T04:55:36Z/

url

https://www.djangoproject.com/weblog/2025/nov/05/security-releases/

reference_url	https://usn.ubuntu.com/7859-1/
reference_id	USN-7859-1
reference_type
scores
url	https://usn.ubuntu.com/7859-1/

fixed_packages

url pkg:pypi/django@4.2.26

purl pkg:pypi/django@4.2.26

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1adz-zw3h-pqek

vulnerability	VCID-28g3-ubx6-ebff

vulnerability	VCID-2tfv-rtq7-2fg9

vulnerability	VCID-46pv-pzsu-jucd

vulnerability	VCID-8qu1-45n9-gyb1

vulnerability	VCID-ac4c-321h-tqfk

vulnerability	VCID-e9k9-1s9f-dbgv

vulnerability	VCID-ff2a-at5f-2qa8

vulnerability	VCID-gfym-spzk-w7gk

vulnerability	VCID-msge-1mfu-7qfa

vulnerability	VCID-nda7-9219-6kce

vulnerability	VCID-ssut-reka-r3f8

vulnerability	VCID-ukkt-wgau-t3et

vulnerability	VCID-vwt9-q3dt-vbfg

vulnerability	VCID-ysyp-h7ja-yff3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.26

url pkg:pypi/django@5.1.14

purl pkg:pypi/django@5.1.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ukkt-wgau-t3et

vulnerability	VCID-vwt9-q3dt-vbfg

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.14

url pkg:pypi/django@5.2.8

purl pkg:pypi/django@5.2.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1adz-zw3h-pqek

vulnerability	VCID-28g3-ubx6-ebff

vulnerability	VCID-2tfv-rtq7-2fg9

vulnerability	VCID-46pv-pzsu-jucd

vulnerability	VCID-8qu1-45n9-gyb1

vulnerability	VCID-ac4c-321h-tqfk

vulnerability	VCID-e9k9-1s9f-dbgv

vulnerability	VCID-ff2a-at5f-2qa8

vulnerability	VCID-gfym-spzk-w7gk

vulnerability	VCID-msge-1mfu-7qfa

vulnerability	VCID-nda7-9219-6kce

vulnerability	VCID-ssut-reka-r3f8

vulnerability	VCID-ukkt-wgau-t3et

vulnerability	VCID-vwt9-q3dt-vbfg

vulnerability	VCID-ysyp-h7ja-yff3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.8

url pkg:pypi/django@6.0a1

purl pkg:pypi/django@6.0a1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-28g3-ubx6-ebff

vulnerability	VCID-2tfv-rtq7-2fg9

vulnerability	VCID-8qu1-45n9-gyb1

vulnerability	VCID-e9k9-1s9f-dbgv

vulnerability	VCID-msge-1mfu-7qfa

vulnerability	VCID-ysyp-h7ja-yff3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0a1

aliases CVE-2025-64459, GHSA-frmv-pr5f-9mcr

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9uzd-mmyv-mfh4

url VCID-e2jd-yd4j-kqgt

vulnerability_id VCID-e2jd-yd4j-kqgt

summary

Django allows enumeration of user e-mail addresses
An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45231.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45231.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-45231

reference_id

reference_type

scores

value	0.00235
scoring_system	epss
scoring_elements	0.46339
published_at	2026-05-14T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46267
published_at	2026-05-12T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46235
published_at	2026-05-11T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46294
published_at	2026-05-09T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46273
published_at	2026-05-07T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46207
published_at	2026-05-05T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46302
published_at	2026-04-29T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46354
published_at	2026-04-26T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46342
published_at	2026-04-24T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.4636
published_at	2026-04-21T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46415
published_at	2026-04-18T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46299
published_at	2026-04-07T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46351
published_at	2026-04-04T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46331
published_at	2026-04-02T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46418
published_at	2026-04-16T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46361
published_at	2026-04-13T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.4635
published_at	2026-04-12T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46379
published_at	2026-04-11T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46355
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-45231

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460

reference_url

https://docs.djangoproject.com/en/dev/releases/security

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://docs.djangoproject.com/en/dev/releases/security

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/django/django

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django

reference_url

https://github.com/django/django/commit/3c733c78d6f8e50296d6e248968b6516c92a53ca

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/3c733c78d6f8e50296d6e248968b6516c92a53ca

reference_url

https://github.com/django/django/commit/96d84047715ea1715b4bd1594e46122b8a77b9e2

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/96d84047715ea1715b4bd1594e46122b8a77b9e2

reference_url

https://github.com/django/django/commit/bf4888d317ba4506d091eeac6e8b4f1fcc731199

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/bf4888d317ba4506d091eeac6e8b4f1fcc731199

reference_url

https://groups.google.com/forum/#%21forum/django-announce

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:35:34Z/

url

https://groups.google.com/forum/#%21forum/django-announce

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-45231

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-45231

reference_url

https://www.djangoproject.com/weblog/2024/sep/03/security-releases

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.djangoproject.com/weblog/2024/sep/03/security-releases

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2314496
reference_id	2314496
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2314496

reference_url

https://github.com/advisories/GHSA-rrqc-c2jx-6jgv

reference_id

GHSA-rrqc-c2jx-6jgv

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rrqc-c2jx-6jgv

reference_url	https://security.gentoo.org/glsa/202509-03
reference_id	GLSA-202509-03
reference_type
scores
url	https://security.gentoo.org/glsa/202509-03

reference_url	https://usn.ubuntu.com/6987-1/
reference_id	USN-6987-1
reference_type
scores
url	https://usn.ubuntu.com/6987-1/

fixed_packages

url pkg:pypi/django@4.2.16

purl pkg:pypi/django@4.2.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1adz-zw3h-pqek

vulnerability	VCID-28g3-ubx6-ebff

vulnerability	VCID-2tfv-rtq7-2fg9

vulnerability	VCID-3sac-ah8j-pucd

vulnerability	VCID-46pv-pzsu-jucd

vulnerability	VCID-84mm-45p6-xkau

vulnerability	VCID-896g-hqec-ryb9

vulnerability	VCID-8qu1-45n9-gyb1

vulnerability	VCID-9abh-apwm-ebab

vulnerability	VCID-9uzd-mmyv-mfh4

vulnerability	VCID-ac4c-321h-tqfk

vulnerability	VCID-c6xy-v4sf-u3hn

vulnerability	VCID-e87q-1j8h-93hh

vulnerability	VCID-e9k9-1s9f-dbgv

vulnerability	VCID-ff2a-at5f-2qa8

vulnerability	VCID-gfym-spzk-w7gk

vulnerability	VCID-msge-1mfu-7qfa

vulnerability	VCID-mux4-uv98-hbbw

vulnerability	VCID-nda7-9219-6kce

vulnerability	VCID-rmdp-bnjj-zuf2

vulnerability	VCID-ssut-reka-r3f8

vulnerability	VCID-ukkt-wgau-t3et

vulnerability	VCID-vwt9-q3dt-vbfg

vulnerability	VCID-w4pr-k5nj-ckgy

vulnerability	VCID-wwa5-mhgu-9khz

vulnerability	VCID-xgv1-s2ek-q3dp

vulnerability	VCID-ysyp-h7ja-yff3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.16

url pkg:pypi/django@5.0.9

purl pkg:pypi/django@5.0.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3sac-ah8j-pucd

vulnerability	VCID-84mm-45p6-xkau

vulnerability	VCID-896g-hqec-ryb9

vulnerability	VCID-9uzd-mmyv-mfh4

vulnerability	VCID-e87q-1j8h-93hh

vulnerability	VCID-p9fd-1qx2-8ubc

vulnerability	VCID-rmdp-bnjj-zuf2

vulnerability	VCID-w4pr-k5nj-ckgy

vulnerability	VCID-wwa5-mhgu-9khz

vulnerability	VCID-xgv1-s2ek-q3dp

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.9

url pkg:pypi/django@5.1.1

purl pkg:pypi/django@5.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3sac-ah8j-pucd

vulnerability	VCID-84mm-45p6-xkau

vulnerability	VCID-896g-hqec-ryb9

vulnerability	VCID-9abh-apwm-ebab

vulnerability	VCID-9uzd-mmyv-mfh4

vulnerability	VCID-c6xy-v4sf-u3hn

vulnerability	VCID-e87q-1j8h-93hh

vulnerability	VCID-mux4-uv98-hbbw

vulnerability	VCID-p9fd-1qx2-8ubc

vulnerability	VCID-rmdp-bnjj-zuf2

vulnerability	VCID-ukkt-wgau-t3et

vulnerability	VCID-vwt9-q3dt-vbfg

vulnerability	VCID-w4pr-k5nj-ckgy

vulnerability	VCID-wwa5-mhgu-9khz

vulnerability	VCID-xgv1-s2ek-q3dp

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.1

aliases CVE-2024-45231, GHSA-rrqc-c2jx-6jgv

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e2jd-yd4j-kqgt

url VCID-w4pr-k5nj-ckgy

vulnerability_id VCID-w4pr-k5nj-ckgy

summary

Django is subject to SQL injection through its column aliases
An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed QuerySet.annotate() or QuerySet.alias().

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-57833.json

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-57833.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-57833

reference_id

reference_type

scores

value	0.00021
scoring_system	epss
scoring_elements	0.05706
published_at	2026-04-21T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.0579
published_at	2026-05-05T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05784
published_at	2026-04-29T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05777
published_at	2026-04-26T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.0574
published_at	2026-04-24T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05549
published_at	2026-04-18T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05535
published_at	2026-04-16T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05586
published_at	2026-04-13T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05593
published_at	2026-04-12T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05603
published_at	2026-04-11T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05631
published_at	2026-04-09T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05867
published_at	2026-05-07T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05798
published_at	2026-04-02T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05868
published_at	2026-04-08T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05828
published_at	2026-04-07T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05834
published_at	2026-04-04T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06544
published_at	2026-05-14T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06527
published_at	2026-05-12T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06514
published_at	2026-05-11T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06504
published_at	2026-05-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-57833

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460

reference_url

https://docs.djangoproject.com/en/dev/releases/security

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://docs.djangoproject.com/en/dev/releases/security

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/django/django

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django

reference_url

https://github.com/django/django/commit/102965ea93072fe3c39a30be437c683ec1106ef5

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/102965ea93072fe3c39a30be437c683ec1106ef5

reference_url

https://github.com/django/django/commit/31334e6965ad136a5e369993b01721499c5d1a92

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/31334e6965ad136a5e369993b01721499c5d1a92

reference_url

https://github.com/django/django/commit/4c044fcc866ec226f612c475950b690b0139d243

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/4c044fcc866ec226f612c475950b690b0139d243

reference_url

https://groups.google.com/g/django-announce

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-08T17:33:03Z/

url

https://groups.google.com/g/django-announce

reference_url

https://lists.debian.org/debian-lts-announce/2025/09/msg00017.html

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2025/09/msg00017.html

reference_url

https://medium.com/@EyalSec/django-unauthenticated-0-click-rce-and-sql-injection-using-default-configuration-059964f3f898

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-08T17:33:03Z/

url

https://medium.com/@EyalSec/django-unauthenticated-0-click-rce-and-sql-injection-using-default-configuration-059964f3f898

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-57833

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-57833

reference_url

https://www.djangoproject.com/weblog/2025/sep/03/security-releases

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.djangoproject.com/weblog/2025/sep/03/security-releases

reference_url

http://www.openwall.com/lists/oss-security/2025/09/03/3

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2025/09/03/3

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1113865
reference_id	1113865
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1113865

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2392990
reference_id	2392990
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2392990

reference_url

https://github.com/advisories/GHSA-6w2r-r2m5-xq5w

reference_id

GHSA-6w2r-r2m5-xq5w

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6w2r-r2m5-xq5w

reference_url	https://access.redhat.com/errata/RHSA-2025:16403
reference_id	RHSA-2025:16403
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:16403

reference_url	https://access.redhat.com/errata/RHSA-2025:16404
reference_id	RHSA-2025:16404
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:16404

reference_url	https://access.redhat.com/errata/RHSA-2025:16487
reference_id	RHSA-2025:16487
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:16487

reference_url	https://access.redhat.com/errata/RHSA-2025:16514
reference_id	RHSA-2025:16514
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:16514

reference_url	https://access.redhat.com/errata/RHSA-2025:17498
reference_id	RHSA-2025:17498
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:17498

reference_url	https://access.redhat.com/errata/RHSA-2025:17499
reference_id	RHSA-2025:17499
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:17499

reference_url	https://access.redhat.com/errata/RHSA-2025:17500
reference_id	RHSA-2025:17500
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:17500

reference_url	https://access.redhat.com/errata/RHSA-2025:17606
reference_id	RHSA-2025:17606
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:17606

reference_url	https://access.redhat.com/errata/RHSA-2025:17613
reference_id	RHSA-2025:17613
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:17613

reference_url	https://access.redhat.com/errata/RHSA-2025:17614
reference_id	RHSA-2025:17614
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:17614

reference_url

https://www.djangoproject.com/weblog/2025/sep/03/security-releases/

reference_id

security-releases

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-08T17:33:03Z/

url

https://www.djangoproject.com/weblog/2025/sep/03/security-releases/

reference_url	https://usn.ubuntu.com/7736-1/
reference_id	USN-7736-1
reference_type
scores
url	https://usn.ubuntu.com/7736-1/

fixed_packages

url pkg:pypi/django@4.2.24

purl pkg:pypi/django@4.2.24

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1adz-zw3h-pqek

vulnerability	VCID-28g3-ubx6-ebff

vulnerability	VCID-2tfv-rtq7-2fg9

vulnerability	VCID-46pv-pzsu-jucd

vulnerability	VCID-84mm-45p6-xkau

vulnerability	VCID-8qu1-45n9-gyb1

vulnerability	VCID-9uzd-mmyv-mfh4

vulnerability	VCID-ac4c-321h-tqfk

vulnerability	VCID-c6xy-v4sf-u3hn

vulnerability	VCID-e9k9-1s9f-dbgv

vulnerability	VCID-ff2a-at5f-2qa8

vulnerability	VCID-gfym-spzk-w7gk

vulnerability	VCID-msge-1mfu-7qfa

vulnerability	VCID-mux4-uv98-hbbw

vulnerability	VCID-nda7-9219-6kce

vulnerability	VCID-ssut-reka-r3f8

vulnerability	VCID-ukkt-wgau-t3et

vulnerability	VCID-vwt9-q3dt-vbfg

vulnerability	VCID-ysyp-h7ja-yff3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.24

url pkg:pypi/django@5.1.12

purl pkg:pypi/django@5.1.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-84mm-45p6-xkau

vulnerability	VCID-9uzd-mmyv-mfh4

vulnerability	VCID-c6xy-v4sf-u3hn

vulnerability	VCID-mux4-uv98-hbbw

vulnerability	VCID-ukkt-wgau-t3et

vulnerability	VCID-vwt9-q3dt-vbfg

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.12

url pkg:pypi/django@5.2.6

purl pkg:pypi/django@5.2.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1adz-zw3h-pqek

vulnerability	VCID-28g3-ubx6-ebff

vulnerability	VCID-2tfv-rtq7-2fg9

vulnerability	VCID-46pv-pzsu-jucd

vulnerability	VCID-84mm-45p6-xkau

vulnerability	VCID-8qu1-45n9-gyb1

vulnerability	VCID-9uzd-mmyv-mfh4

vulnerability	VCID-ac4c-321h-tqfk

vulnerability	VCID-c6xy-v4sf-u3hn

vulnerability	VCID-e9k9-1s9f-dbgv

vulnerability	VCID-ff2a-at5f-2qa8

vulnerability	VCID-gfym-spzk-w7gk

vulnerability	VCID-msge-1mfu-7qfa

vulnerability	VCID-mux4-uv98-hbbw

vulnerability	VCID-nda7-9219-6kce

vulnerability	VCID-ssut-reka-r3f8

vulnerability	VCID-ukkt-wgau-t3et

vulnerability	VCID-vwt9-q3dt-vbfg

vulnerability	VCID-ysyp-h7ja-yff3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.6

aliases CVE-2025-57833, GHSA-6w2r-r2m5-xq5w

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w4pr-k5nj-ckgy

url VCID-wz1q-1tjp-4qhw

vulnerability_id VCID-wz1q-1tjp-4qhw

summary In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36053.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36053.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-36053

reference_id

reference_type

scores

value	0.09595
scoring_system	epss
scoring_elements	0.92959
published_at	2026-05-14T12:55:00Z

value	0.09595
scoring_system	epss
scoring_elements	0.92936
published_at	2026-05-12T12:55:00Z

value	0.09595
scoring_system	epss
scoring_elements	0.92891
published_at	2026-04-21T12:55:00Z

value	0.09595
scoring_system	epss
scoring_elements	0.92928
published_at	2026-05-11T12:55:00Z

value	0.09595
scoring_system	epss
scoring_elements	0.92925
published_at	2026-05-09T12:55:00Z

value	0.09595
scoring_system	epss
scoring_elements	0.92886
published_at	2026-04-18T12:55:00Z

value	0.09595
scoring_system	epss
scoring_elements	0.92884
published_at	2026-04-16T12:55:00Z

value	0.09595
scoring_system	epss
scoring_elements	0.92875
published_at	2026-04-13T12:55:00Z

value	0.09595
scoring_system	epss
scoring_elements	0.9287
published_at	2026-04-09T12:55:00Z

value	0.09595
scoring_system	epss
scoring_elements	0.92866
published_at	2026-04-08T12:55:00Z

value	0.09595
scoring_system	epss
scoring_elements	0.92857
published_at	2026-04-07T12:55:00Z

value	0.09595
scoring_system	epss
scoring_elements	0.92859
published_at	2026-04-04T12:55:00Z

value	0.09595
scoring_system	epss
scoring_elements	0.92856
published_at	2026-04-02T12:55:00Z

value	0.0983
scoring_system	epss
scoring_elements	0.93
published_at	2026-04-24T12:55:00Z

value	0.0983
scoring_system	epss
scoring_elements	0.93018
published_at	2026-05-07T12:55:00Z

value	0.0983
scoring_system	epss
scoring_elements	0.93002
published_at	2026-05-05T12:55:00Z

value	0.0983
scoring_system	epss
scoring_elements	0.92996
published_at	2026-04-29T12:55:00Z

value	0.0983
scoring_system	epss
scoring_elements	0.93001
published_at	2026-04-26T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-36053

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36053
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36053

reference_url

https://docs.djangoproject.com/en/4.2/releases/security

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://docs.djangoproject.com/en/4.2/releases/security

reference_url

https://docs.djangoproject.com/en/4.2/releases/security/

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:03:28Z/

url

https://docs.djangoproject.com/en/4.2/releases/security/

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/django/django

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django

reference_url

https://github.com/django/django/commit/454f2fb93437f98917283336201b4048293f7582

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/454f2fb93437f98917283336201b4048293f7582

reference_url

https://github.com/django/django/commit/ad0410ec4f458aa39803e5f6b9a3736527062dcd

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/ad0410ec4f458aa39803e5f6b9a3736527062dcd

reference_url

https://github.com/django/django/commit/b7c5feb35a31799de6e582ad6a5a91a9de74e0f9

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/b7c5feb35a31799de6e582ad6a5a91a9de74e0f9

reference_url

https://github.com/django/django/commit/beb3f3d55940d9aa7198bf9d424ab74e873aec3d

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/beb3f3d55940d9aa7198bf9d424ab74e873aec3d

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-100.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-100.yaml

reference_url

https://groups.google.com/forum/#%21forum/django-announce

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:03:28Z/

url

https://groups.google.com/forum/#%21forum/django-announce

reference_url

https://groups.google.com/forum/#!forum/django-announce

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!forum/django-announce

reference_url

https://lists.debian.org/debian-lts-announce/2023/07/msg00022.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:03:28Z/

url

https://lists.debian.org/debian-lts-announce/2023/07/msg00022.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D

reference_url

https://www.debian.org/security/2023/dsa-5465

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:03:28Z/

url

https://www.debian.org/security/2023/dsa-5465

reference_url

https://www.djangoproject.com/weblog/2023/jul/03/security-releases

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.djangoproject.com/weblog/2023/jul/03/security-releases

reference_url

https://www.djangoproject.com/weblog/2023/jul/03/security-releases/

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:03:28Z/

url

https://www.djangoproject.com/weblog/2023/jul/03/security-releases/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040225
reference_id	1040225
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040225

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2218004
reference_id	2218004
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2218004

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-36053

reference_id

CVE-2023-36053

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-36053

reference_url

https://github.com/advisories/GHSA-jh3w-4vvf-mjgr

reference_id

GHSA-jh3w-4vvf-mjgr

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jh3w-4vvf-mjgr

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A/

reference_id

NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:03:28Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A/

reference_url	https://access.redhat.com/errata/RHSA-2023:4692
reference_id	RHSA-2023:4692
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4692

reference_url	https://access.redhat.com/errata/RHSA-2023:4693
reference_id	RHSA-2023:4693
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4693

reference_url	https://access.redhat.com/errata/RHSA-2023:5931
reference_id	RHSA-2023:5931
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5931

reference_url	https://access.redhat.com/errata/RHSA-2023:6818
reference_id	RHSA-2023:6818
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6818

reference_url	https://access.redhat.com/errata/RHSA-2024:0212
reference_id	RHSA-2024:0212
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0212

reference_url	https://access.redhat.com/errata/RHSA-2024:1878
reference_id	RHSA-2024:1878
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1878

reference_url	https://usn.ubuntu.com/6203-1/
reference_id	USN-6203-1
reference_type
scores
url	https://usn.ubuntu.com/6203-1/

reference_url	https://usn.ubuntu.com/6203-2/
reference_id	USN-6203-2
reference_type
scores
url	https://usn.ubuntu.com/6203-2/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS/

reference_id

XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:03:28Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/

reference_id

ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:03:28Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/

fixed_packages

url pkg:pypi/django@4.1.10

purl pkg:pypi/django@4.1.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4ztz-fq98-5fh1

vulnerability	VCID-78r4-85ms-63hm

vulnerability	VCID-84mm-45p6-xkau

vulnerability	VCID-896g-hqec-ryb9

vulnerability	VCID-8m4b-y4va-kqgm

vulnerability	VCID-9uzd-mmyv-mfh4

vulnerability	VCID-e2jd-yd4j-kqgt

vulnerability	VCID-w4pr-k5nj-ckgy

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.10

url pkg:pypi/django@4.2.3

purl pkg:pypi/django@4.2.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1adz-zw3h-pqek

vulnerability	VCID-28g3-ubx6-ebff

vulnerability	VCID-2tfv-rtq7-2fg9

vulnerability	VCID-3sac-ah8j-pucd

vulnerability	VCID-46pv-pzsu-jucd

vulnerability	VCID-4ztz-fq98-5fh1

vulnerability	VCID-78r4-85ms-63hm

vulnerability	VCID-7tph-k8q2-bue2

vulnerability	VCID-84mm-45p6-xkau

vulnerability	VCID-896g-hqec-ryb9

vulnerability	VCID-8m4b-y4va-kqgm

vulnerability	VCID-8qu1-45n9-gyb1

vulnerability	VCID-8xgs-8xjr-cber

vulnerability	VCID-9abh-apwm-ebab

vulnerability	VCID-9uzd-mmyv-mfh4

vulnerability	VCID-ac4c-321h-tqfk

vulnerability	VCID-c6xy-v4sf-u3hn

vulnerability	VCID-e2jd-yd4j-kqgt

vulnerability	VCID-e87q-1j8h-93hh

vulnerability	VCID-e9k9-1s9f-dbgv

vulnerability	VCID-ff2a-at5f-2qa8

vulnerability	VCID-gfym-spzk-w7gk

vulnerability	VCID-jh1e-72hp-fuf4

vulnerability	VCID-jzae-1awh-k7cm

vulnerability	VCID-m91a-6235-nye9

vulnerability	VCID-mga4-an1w-qqf9

vulnerability	VCID-msge-1mfu-7qfa

vulnerability	VCID-mux4-uv98-hbbw

vulnerability	VCID-nda7-9219-6kce

vulnerability	VCID-q12d-kv8p-8ff7

vulnerability	VCID-rmdp-bnjj-zuf2

vulnerability	VCID-ssut-reka-r3f8

vulnerability	VCID-u3zk-tff2-aua9

vulnerability	VCID-ukkt-wgau-t3et

vulnerability	VCID-v1xr-z4zu-yfb4

vulnerability	VCID-vwt9-q3dt-vbfg

vulnerability	VCID-w4pr-k5nj-ckgy

vulnerability	VCID-wwa5-mhgu-9khz

vulnerability	VCID-xgv1-s2ek-q3dp

vulnerability	VCID-xhpa-mffz-syfy

vulnerability	VCID-ysyp-h7ja-yff3

vulnerability	VCID-z27q-zfpz-ckby

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.3

aliases BIT-django-2023-36053, CVE-2023-36053, GHSA-jh3w-4vvf-mjgr, PYSEC-2023-100

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wz1q-1tjp-4qhw

Fixing_vulnerabilities

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.1.8

Package Instance