| Affected_by_vulnerabilities |
| 0 |
| url |
VCID-1adz-zw3h-pqek |
| vulnerability_id |
VCID-1adz-zw3h-pqek |
| summary |
|
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-3902 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.03064 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.03093 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.03049 |
| published_at |
2026-04-26T12:55:00Z |
|
| 3 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.03059 |
| published_at |
2026-04-24T12:55:00Z |
|
| 4 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.03077 |
| published_at |
2026-05-07T12:55:00Z |
|
| 5 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.03055 |
| published_at |
2026-05-05T12:55:00Z |
|
| 6 |
| value |
0.00016 |
| scoring_system |
epss |
| scoring_elements |
0.03817 |
| published_at |
2026-05-12T12:55:00Z |
|
| 7 |
| value |
0.00016 |
| scoring_system |
epss |
| scoring_elements |
0.03812 |
| published_at |
2026-05-11T12:55:00Z |
|
| 8 |
| value |
0.00016 |
| scoring_system |
epss |
| scoring_elements |
0.03852 |
| published_at |
2026-05-14T12:55:00Z |
|
| 9 |
| value |
0.00036 |
| scoring_system |
epss |
| scoring_elements |
0.10749 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00036 |
| scoring_system |
epss |
| scoring_elements |
0.10679 |
| published_at |
2026-04-08T12:55:00Z |
|
| 11 |
| value |
0.00036 |
| scoring_system |
epss |
| scoring_elements |
0.10717 |
| published_at |
2026-04-12T12:55:00Z |
|
| 12 |
| value |
0.00036 |
| scoring_system |
epss |
| scoring_elements |
0.10735 |
| published_at |
2026-04-09T12:55:00Z |
|
| 13 |
| value |
0.00047 |
| scoring_system |
epss |
| scoring_elements |
0.14623 |
| published_at |
2026-04-13T12:55:00Z |
|
| 14 |
| value |
0.00047 |
| scoring_system |
epss |
| scoring_elements |
0.14514 |
| published_at |
2026-04-16T12:55:00Z |
|
| 15 |
| value |
0.00047 |
| scoring_system |
epss |
| scoring_elements |
0.14521 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-3902 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-3902, GHSA-mvfq-ggxm-9mc5
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1adz-zw3h-pqek |
|
| 1 |
| url |
VCID-28g3-ubx6-ebff |
| vulnerability_id |
VCID-28g3-ubx6-ebff |
| summary |
Django has Inefficient Algorithmic Complexity
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.
`django.utils.text.Truncator.chars()` and `Truncator.words()` methods (with `html=True`) and the `truncatechars_html` and `truncatewords_html` template filters allow a remote attacker to cause a potential denial-of-service via crafted inputs containing a large number of unmatched HTML end tags. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Seokchan Yoon for reporting this issue. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-1285 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00064 |
| scoring_system |
epss |
| scoring_elements |
0.19968 |
| published_at |
2026-04-07T12:55:00Z |
|
| 1 |
| value |
0.00064 |
| scoring_system |
epss |
| scoring_elements |
0.20187 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00064 |
| scoring_system |
epss |
| scoring_elements |
0.20125 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00064 |
| scoring_system |
epss |
| scoring_elements |
0.20106 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.00064 |
| scoring_system |
epss |
| scoring_elements |
0.20047 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00064 |
| scoring_system |
epss |
| scoring_elements |
0.20242 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00067 |
| scoring_system |
epss |
| scoring_elements |
0.20551 |
| published_at |
2026-05-07T12:55:00Z |
|
| 7 |
| value |
0.00067 |
| scoring_system |
epss |
| scoring_elements |
0.20587 |
| published_at |
2026-04-29T12:55:00Z |
|
| 8 |
| value |
0.00067 |
| scoring_system |
epss |
| scoring_elements |
0.20638 |
| published_at |
2026-05-09T12:55:00Z |
|
| 9 |
| value |
0.00067 |
| scoring_system |
epss |
| scoring_elements |
0.20481 |
| published_at |
2026-05-05T12:55:00Z |
|
| 10 |
| value |
0.00067 |
| scoring_system |
epss |
| scoring_elements |
0.20622 |
| published_at |
2026-04-26T12:55:00Z |
|
| 11 |
| value |
0.00067 |
| scoring_system |
epss |
| scoring_elements |
0.20626 |
| published_at |
2026-04-24T12:55:00Z |
|
| 12 |
| value |
0.00067 |
| scoring_system |
epss |
| scoring_elements |
0.20742 |
| published_at |
2026-04-21T12:55:00Z |
|
| 13 |
| value |
0.00067 |
| scoring_system |
epss |
| scoring_elements |
0.20754 |
| published_at |
2026-04-18T12:55:00Z |
|
| 14 |
| value |
0.00067 |
| scoring_system |
epss |
| scoring_elements |
0.20761 |
| published_at |
2026-04-16T12:55:00Z |
|
| 15 |
| value |
0.00067 |
| scoring_system |
epss |
| scoring_elements |
0.20771 |
| published_at |
2026-04-13T12:55:00Z |
|
| 16 |
| value |
0.00067 |
| scoring_system |
epss |
| scoring_elements |
0.20824 |
| published_at |
2026-04-12T12:55:00Z |
|
| 17 |
| value |
0.00067 |
| scoring_system |
epss |
| scoring_elements |
0.2071 |
| published_at |
2026-05-14T12:55:00Z |
|
| 18 |
| value |
0.00067 |
| scoring_system |
epss |
| scoring_elements |
0.20628 |
| published_at |
2026-05-12T12:55:00Z |
|
| 19 |
| value |
0.00067 |
| scoring_system |
epss |
| scoring_elements |
0.20613 |
| published_at |
2026-05-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-1285 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://groups.google.com/g/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
2.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:22:30Z/ |
|
|
| url |
https://groups.google.com/g/django-announce |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-1285, GHSA-4rrr-2h4v-f3j9
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-28g3-ubx6-ebff |
|
| 2 |
| url |
VCID-2tfv-rtq7-2fg9 |
| vulnerability_id |
VCID-2tfv-rtq7-2fg9 |
| summary |
Django has Observable Timing Discrepancy
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.
The `django.contrib.auth.handlers.modwsgi.check_password()` function for authentication via `mod_wsgi` allows remote attackers to enumerate users via a timing attack. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Stackered for reporting this issue. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-13473 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00031 |
| scoring_system |
epss |
| scoring_elements |
0.08681 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00031 |
| scoring_system |
epss |
| scoring_elements |
0.08755 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.00031 |
| scoring_system |
epss |
| scoring_elements |
0.0873 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.00031 |
| scoring_system |
epss |
| scoring_elements |
0.08653 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00031 |
| scoring_system |
epss |
| scoring_elements |
0.08729 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00036 |
| scoring_system |
epss |
| scoring_elements |
0.10482 |
| published_at |
2026-05-05T12:55:00Z |
|
| 6 |
| value |
0.00036 |
| scoring_system |
epss |
| scoring_elements |
0.10759 |
| published_at |
2026-05-14T12:55:00Z |
|
| 7 |
| value |
0.00036 |
| scoring_system |
epss |
| scoring_elements |
0.10709 |
| published_at |
2026-05-12T12:55:00Z |
|
| 8 |
| value |
0.00036 |
| scoring_system |
epss |
| scoring_elements |
0.10667 |
| published_at |
2026-05-11T12:55:00Z |
|
| 9 |
| value |
0.00036 |
| scoring_system |
epss |
| scoring_elements |
0.10685 |
| published_at |
2026-05-09T12:55:00Z |
|
| 10 |
| value |
0.00036 |
| scoring_system |
epss |
| scoring_elements |
0.10619 |
| published_at |
2026-05-07T12:55:00Z |
|
| 11 |
| value |
0.00036 |
| scoring_system |
epss |
| scoring_elements |
0.10648 |
| published_at |
2026-04-12T12:55:00Z |
|
| 12 |
| value |
0.00036 |
| scoring_system |
epss |
| scoring_elements |
0.10623 |
| published_at |
2026-04-13T12:55:00Z |
|
| 13 |
| value |
0.00036 |
| scoring_system |
epss |
| scoring_elements |
0.10488 |
| published_at |
2026-04-16T12:55:00Z |
|
| 14 |
| value |
0.00036 |
| scoring_system |
epss |
| scoring_elements |
0.10506 |
| published_at |
2026-04-18T12:55:00Z |
|
| 15 |
| value |
0.00036 |
| scoring_system |
epss |
| scoring_elements |
0.10631 |
| published_at |
2026-04-21T12:55:00Z |
|
| 16 |
| value |
0.00036 |
| scoring_system |
epss |
| scoring_elements |
0.10579 |
| published_at |
2026-04-24T12:55:00Z |
|
| 17 |
| value |
0.00036 |
| scoring_system |
epss |
| scoring_elements |
0.10578 |
| published_at |
2026-04-26T12:55:00Z |
|
| 18 |
| value |
0.00036 |
| scoring_system |
epss |
| scoring_elements |
0.10525 |
| published_at |
2026-04-29T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-13473 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://groups.google.com/g/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
2.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:19:11Z/ |
|
|
| url |
https://groups.google.com/g/django-announce |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-13473, GHSA-2mcm-79hx-8fxw
|
| risk_score |
2.4 |
| exploitability |
0.5 |
| weighted_severity |
4.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| url |
VCID-3sac-ah8j-pucd |
| vulnerability_id |
VCID-3sac-ah8j-pucd |
| summary |
Django SQL injection in HasKey(lhs, rhs) on Oracle
An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. (Applications that use the jsonfield.has_key lookup via __ are unaffected.) |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-53908 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00687 |
| scoring_system |
epss |
| scoring_elements |
0.71745 |
| published_at |
2026-04-11T12:55:00Z |
|
| 1 |
| value |
0.00687 |
| scoring_system |
epss |
| scoring_elements |
0.71795 |
| published_at |
2026-04-26T12:55:00Z |
|
| 2 |
| value |
0.00687 |
| scoring_system |
epss |
| scoring_elements |
0.71791 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.00687 |
| scoring_system |
epss |
| scoring_elements |
0.71741 |
| published_at |
2026-04-21T12:55:00Z |
|
| 4 |
| value |
0.00687 |
| scoring_system |
epss |
| scoring_elements |
0.71759 |
| published_at |
2026-04-18T12:55:00Z |
|
| 5 |
| value |
0.00687 |
| scoring_system |
epss |
| scoring_elements |
0.71753 |
| published_at |
2026-04-16T12:55:00Z |
|
| 6 |
| value |
0.00687 |
| scoring_system |
epss |
| scoring_elements |
0.7171 |
| published_at |
2026-04-13T12:55:00Z |
|
| 7 |
| value |
0.00687 |
| scoring_system |
epss |
| scoring_elements |
0.71679 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.00687 |
| scoring_system |
epss |
| scoring_elements |
0.71697 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00687 |
| scoring_system |
epss |
| scoring_elements |
0.7167 |
| published_at |
2026-04-07T12:55:00Z |
|
| 10 |
| value |
0.00687 |
| scoring_system |
epss |
| scoring_elements |
0.71709 |
| published_at |
2026-04-08T12:55:00Z |
|
| 11 |
| value |
0.00687 |
| scoring_system |
epss |
| scoring_elements |
0.7172 |
| published_at |
2026-04-09T12:55:00Z |
|
| 12 |
| value |
0.00687 |
| scoring_system |
epss |
| scoring_elements |
0.71728 |
| published_at |
2026-04-12T12:55:00Z |
|
| 13 |
| value |
0.00931 |
| scoring_system |
epss |
| scoring_elements |
0.76244 |
| published_at |
2026-05-07T12:55:00Z |
|
| 14 |
| value |
0.00931 |
| scoring_system |
epss |
| scoring_elements |
0.76215 |
| published_at |
2026-05-05T12:55:00Z |
|
| 15 |
| value |
0.00931 |
| scoring_system |
epss |
| scoring_elements |
0.76205 |
| published_at |
2026-04-29T12:55:00Z |
|
| 16 |
| value |
0.00931 |
| scoring_system |
epss |
| scoring_elements |
0.76318 |
| published_at |
2026-05-14T12:55:00Z |
|
| 17 |
| value |
0.00931 |
| scoring_system |
epss |
| scoring_elements |
0.76268 |
| published_at |
2026-05-12T12:55:00Z |
|
| 18 |
| value |
0.00931 |
| scoring_system |
epss |
| scoring_elements |
0.76253 |
| published_at |
2026-05-11T12:55:00Z |
|
| 19 |
| value |
0.00931 |
| scoring_system |
epss |
| scoring_elements |
0.76267 |
| published_at |
2026-05-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-53908 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
7.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 6 |
|
| 7 |
| reference_url |
https://groups.google.com/g/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
7.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-06T16:19:13Z/ |
|
|
| url |
https://groups.google.com/g/django-announce |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@4.2.17 |
| purl |
pkg:pypi/django@4.2.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 5 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 6 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 7 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 8 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 9 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 10 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 11 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 12 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 13 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 14 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 15 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 16 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 17 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 18 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 19 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 20 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 21 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 22 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 23 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.17 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@5.1.4 |
| purl |
pkg:pypi/django@5.1.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 1 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 2 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 3 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 4 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 5 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 6 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 7 |
| vulnerability |
VCID-p9fd-1qx2-8ubc |
|
| 8 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 9 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 10 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 11 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.4 |
|
|
| aliases |
BIT-django-2024-53908, CVE-2024-53908, GHSA-m9g8-fxxm-xg86, PYSEC-2024-157
|
| risk_score |
4.4 |
| exploitability |
0.5 |
| weighted_severity |
8.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3sac-ah8j-pucd |
|
| 4 |
| url |
VCID-46pv-pzsu-jucd |
| vulnerability_id |
VCID-46pv-pzsu-jucd |
| summary |
|
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-4292 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0001 |
| scoring_system |
epss |
| scoring_elements |
0.01049 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00013 |
| scoring_system |
epss |
| scoring_elements |
0.01934 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00013 |
| scoring_system |
epss |
| scoring_elements |
0.02007 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.00013 |
| scoring_system |
epss |
| scoring_elements |
0.02021 |
| published_at |
2026-04-21T12:55:00Z |
|
| 4 |
| value |
0.00013 |
| scoring_system |
epss |
| scoring_elements |
0.01936 |
| published_at |
2026-04-18T12:55:00Z |
|
| 5 |
| value |
0.00013 |
| scoring_system |
epss |
| scoring_elements |
0.01977 |
| published_at |
2026-05-07T12:55:00Z |
|
| 6 |
| value |
0.00013 |
| scoring_system |
epss |
| scoring_elements |
0.01984 |
| published_at |
2026-05-05T12:55:00Z |
|
| 7 |
| value |
0.00013 |
| scoring_system |
epss |
| scoring_elements |
0.02034 |
| published_at |
2026-04-29T12:55:00Z |
|
| 8 |
| value |
0.00013 |
| scoring_system |
epss |
| scoring_elements |
0.02003 |
| published_at |
2026-04-26T12:55:00Z |
|
| 9 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02606 |
| published_at |
2026-05-12T12:55:00Z |
|
| 10 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02629 |
| published_at |
2026-05-14T12:55:00Z |
|
| 11 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02603 |
| published_at |
2026-05-11T12:55:00Z |
|
| 12 |
| value |
8e-05 |
| scoring_system |
epss |
| scoring_elements |
0.00667 |
| published_at |
2026-04-11T12:55:00Z |
|
| 13 |
| value |
8e-05 |
| scoring_system |
epss |
| scoring_elements |
0.00676 |
| published_at |
2026-04-08T12:55:00Z |
|
| 14 |
| value |
8e-05 |
| scoring_system |
epss |
| scoring_elements |
0.00661 |
| published_at |
2026-04-12T12:55:00Z |
|
| 15 |
| value |
8e-05 |
| scoring_system |
epss |
| scoring_elements |
0.00668 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-4292 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-4292, GHSA-mmwr-2jhp-mc7j
|
| risk_score |
2.4 |
| exploitability |
0.5 |
| weighted_severity |
4.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-46pv-pzsu-jucd |
|
| 5 |
| url |
VCID-4ztz-fq98-5fh1 |
| vulnerability_id |
VCID-4ztz-fq98-5fh1 |
| summary |
In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-41164 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.61202 |
| published_at |
2026-05-14T12:55:00Z |
|
| 1 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.61025 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.61143 |
| published_at |
2026-05-12T12:55:00Z |
|
| 3 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.61116 |
| published_at |
2026-05-11T12:55:00Z |
|
| 4 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.61154 |
| published_at |
2026-05-09T12:55:00Z |
|
| 5 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.61095 |
| published_at |
2026-05-07T12:55:00Z |
|
| 6 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.61045 |
| published_at |
2026-05-05T12:55:00Z |
|
| 7 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.61097 |
| published_at |
2026-04-29T12:55:00Z |
|
| 8 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.61092 |
| published_at |
2026-04-24T12:55:00Z |
|
| 9 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.61053 |
| published_at |
2026-04-04T12:55:00Z |
|
| 10 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.61019 |
| published_at |
2026-04-07T12:55:00Z |
|
| 11 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.61067 |
| published_at |
2026-04-08T12:55:00Z |
|
| 12 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.61083 |
| published_at |
2026-04-09T12:55:00Z |
|
| 13 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.61104 |
| published_at |
2026-04-26T12:55:00Z |
|
| 14 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.6109 |
| published_at |
2026-04-12T12:55:00Z |
|
| 15 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.61103 |
| published_at |
2026-04-21T12:55:00Z |
|
| 16 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.6112 |
| published_at |
2026-04-18T12:55:00Z |
|
| 17 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.61113 |
| published_at |
2026-04-16T12:55:00Z |
|
| 18 |
| value |
0.00406 |
| scoring_system |
epss |
| scoring_elements |
0.61071 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-41164 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@4.2.5 |
| purl |
pkg:pypi/django@4.2.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-3sac-ah8j-pucd |
|
| 4 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 5 |
| vulnerability |
VCID-78r4-85ms-63hm |
|
| 6 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 7 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 8 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 9 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 10 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 11 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 12 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 13 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 14 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 15 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 16 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 17 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 18 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 19 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 20 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 21 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 22 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 23 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 24 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 25 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 26 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 27 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 28 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 29 |
| vulnerability |
VCID-rmdp-bnjj-zuf2 |
|
| 30 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 31 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 32 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 33 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 34 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 35 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 36 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 37 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 38 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 39 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 40 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.5 |
|
|
| aliases |
BIT-django-2023-41164, CVE-2023-41164, GHSA-7h4p-27mh-hmrw, PYSEC-2023-225
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4ztz-fq98-5fh1 |
|
| 6 |
| url |
VCID-78r4-85ms-63hm |
| vulnerability_id |
VCID-78r4-85ms-63hm |
| summary |
An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-46695 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.03582 |
| scoring_system |
epss |
| scoring_elements |
0.87868 |
| published_at |
2026-05-14T12:55:00Z |
|
| 1 |
| value |
0.03582 |
| scoring_system |
epss |
| scoring_elements |
0.877 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.03582 |
| scoring_system |
epss |
| scoring_elements |
0.87836 |
| published_at |
2026-05-12T12:55:00Z |
|
| 3 |
| value |
0.03582 |
| scoring_system |
epss |
| scoring_elements |
0.87822 |
| published_at |
2026-05-11T12:55:00Z |
|
| 4 |
| value |
0.03582 |
| scoring_system |
epss |
| scoring_elements |
0.87825 |
| published_at |
2026-05-09T12:55:00Z |
|
| 5 |
| value |
0.03582 |
| scoring_system |
epss |
| scoring_elements |
0.87807 |
| published_at |
2026-05-07T12:55:00Z |
|
| 6 |
| value |
0.03582 |
| scoring_system |
epss |
| scoring_elements |
0.87792 |
| published_at |
2026-05-05T12:55:00Z |
|
| 7 |
| value |
0.03582 |
| scoring_system |
epss |
| scoring_elements |
0.87714 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.03582 |
| scoring_system |
epss |
| scoring_elements |
0.87752 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.03582 |
| scoring_system |
epss |
| scoring_elements |
0.87741 |
| published_at |
2026-04-09T12:55:00Z |
|
| 10 |
| value |
0.03582 |
| scoring_system |
epss |
| scoring_elements |
0.87735 |
| published_at |
2026-04-08T12:55:00Z |
|
| 11 |
| value |
0.03582 |
| scoring_system |
epss |
| scoring_elements |
0.87778 |
| published_at |
2026-04-29T12:55:00Z |
|
| 12 |
| value |
0.03582 |
| scoring_system |
epss |
| scoring_elements |
0.8778 |
| published_at |
2026-04-26T12:55:00Z |
|
| 13 |
| value |
0.03582 |
| scoring_system |
epss |
| scoring_elements |
0.87774 |
| published_at |
2026-04-24T12:55:00Z |
|
| 14 |
| value |
0.03582 |
| scoring_system |
epss |
| scoring_elements |
0.87712 |
| published_at |
2026-04-04T12:55:00Z |
|
| 15 |
| value |
0.03582 |
| scoring_system |
epss |
| scoring_elements |
0.87757 |
| published_at |
2026-04-21T12:55:00Z |
|
| 16 |
| value |
0.03582 |
| scoring_system |
epss |
| scoring_elements |
0.87758 |
| published_at |
2026-04-18T12:55:00Z |
|
| 17 |
| value |
0.03582 |
| scoring_system |
epss |
| scoring_elements |
0.87759 |
| published_at |
2026-04-16T12:55:00Z |
|
| 18 |
| value |
0.03582 |
| scoring_system |
epss |
| scoring_elements |
0.87745 |
| published_at |
2026-04-13T12:55:00Z |
|
| 19 |
| value |
0.03582 |
| scoring_system |
epss |
| scoring_elements |
0.87746 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-46695 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@4.2.7 |
| purl |
pkg:pypi/django@4.2.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-3sac-ah8j-pucd |
|
| 4 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 5 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 6 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 7 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 8 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 9 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 10 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 11 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 12 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 13 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 14 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 15 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 16 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 17 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 18 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 19 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 20 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 21 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 22 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 23 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 24 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 25 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 26 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 27 |
| vulnerability |
VCID-rmdp-bnjj-zuf2 |
|
| 28 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 29 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 30 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 31 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 32 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 33 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 34 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 35 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 36 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 37 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 38 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.7 |
|
|
| aliases |
BIT-django-2023-46695, CVE-2023-46695, GHSA-qmf9-6jqf-j8fq, PYSEC-2023-222
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-78r4-85ms-63hm |
|
| 7 |
| url |
VCID-7tph-k8q2-bue2 |
| vulnerability_id |
VCID-7tph-k8q2-bue2 |
| summary |
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-41991 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0091 |
| scoring_system |
epss |
| scoring_elements |
0.76007 |
| published_at |
2026-05-14T12:55:00Z |
|
| 1 |
| value |
0.0091 |
| scoring_system |
epss |
| scoring_elements |
0.75957 |
| published_at |
2026-05-12T12:55:00Z |
|
| 2 |
| value |
0.0091 |
| scoring_system |
epss |
| scoring_elements |
0.75855 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.0091 |
| scoring_system |
epss |
| scoring_elements |
0.75813 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.0091 |
| scoring_system |
epss |
| scoring_elements |
0.7582 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.0091 |
| scoring_system |
epss |
| scoring_elements |
0.75839 |
| published_at |
2026-04-21T12:55:00Z |
|
| 6 |
| value |
0.0091 |
| scoring_system |
epss |
| scoring_elements |
0.75815 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.0091 |
| scoring_system |
epss |
| scoring_elements |
0.75803 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.0091 |
| scoring_system |
epss |
| scoring_elements |
0.7577 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.0091 |
| scoring_system |
epss |
| scoring_elements |
0.75792 |
| published_at |
2026-04-04T12:55:00Z |
|
| 10 |
| value |
0.0091 |
| scoring_system |
epss |
| scoring_elements |
0.75759 |
| published_at |
2026-04-02T12:55:00Z |
|
| 11 |
| value |
0.0091 |
| scoring_system |
epss |
| scoring_elements |
0.75943 |
| published_at |
2026-05-11T12:55:00Z |
|
| 12 |
| value |
0.0091 |
| scoring_system |
epss |
| scoring_elements |
0.75959 |
| published_at |
2026-05-09T12:55:00Z |
|
| 13 |
| value |
0.0091 |
| scoring_system |
epss |
| scoring_elements |
0.75936 |
| published_at |
2026-05-07T12:55:00Z |
|
| 14 |
| value |
0.0091 |
| scoring_system |
epss |
| scoring_elements |
0.75906 |
| published_at |
2026-05-05T12:55:00Z |
|
| 15 |
| value |
0.0091 |
| scoring_system |
epss |
| scoring_elements |
0.75899 |
| published_at |
2026-04-29T12:55:00Z |
|
| 16 |
| value |
0.0091 |
| scoring_system |
epss |
| scoring_elements |
0.75887 |
| published_at |
2026-04-26T12:55:00Z |
|
| 17 |
| value |
0.0091 |
| scoring_system |
epss |
| scoring_elements |
0.75878 |
| published_at |
2026-04-24T12:55:00Z |
|
| 18 |
| value |
0.0091 |
| scoring_system |
epss |
| scoring_elements |
0.75851 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-41991 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
| reference_url |
https://groups.google.com/forum/#%21forum/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 2 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-07T17:57:11Z/ |
|
|
| url |
https://groups.google.com/forum/#%21forum/django-announce |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@4.2.15 |
| purl |
pkg:pypi/django@4.2.15 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-3sac-ah8j-pucd |
|
| 4 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 5 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 8 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 9 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 10 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 11 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 12 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 13 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 14 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 15 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 16 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 17 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 18 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 19 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 20 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 21 |
| vulnerability |
VCID-rmdp-bnjj-zuf2 |
|
| 22 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 23 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 24 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 25 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 26 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 27 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 28 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.15 |
|
| 1 |
| url |
pkg:pypi/django@5.0.8 |
| purl |
pkg:pypi/django@5.0.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3sac-ah8j-pucd |
|
| 1 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 2 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 3 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 4 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 5 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 6 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 7 |
| vulnerability |
VCID-p9fd-1qx2-8ubc |
|
| 8 |
| vulnerability |
VCID-rmdp-bnjj-zuf2 |
|
| 9 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 10 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 11 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.8 |
|
|
| aliases |
BIT-django-2024-41991, CVE-2024-41991, GHSA-r836-hh6v-rg5g, PYSEC-2024-69
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7tph-k8q2-bue2 |
|
| 8 |
| url |
VCID-84mm-45p6-xkau |
| vulnerability_id |
VCID-84mm-45p6-xkau |
| summary |
Django has a denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on Windows
An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.
NFKC normalization in Python is slow on Windows. As a consequence, `django.http.HttpResponseRedirect`, `django.http.HttpResponsePermanentRedirect`, and the shortcut `django.shortcuts.redirect` were subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Seokchan Yoon for reporting this issue. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-64458 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05417 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05432 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05438 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05452 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.0548 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05459 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05424 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00024 |
| scoring_system |
epss |
| scoring_elements |
0.06629 |
| published_at |
2026-04-29T12:55:00Z |
|
| 8 |
| value |
0.00024 |
| scoring_system |
epss |
| scoring_elements |
0.06633 |
| published_at |
2026-04-26T12:55:00Z |
|
| 9 |
| value |
0.00024 |
| scoring_system |
epss |
| scoring_elements |
0.06618 |
| published_at |
2026-04-24T12:55:00Z |
|
| 10 |
| value |
0.00024 |
| scoring_system |
epss |
| scoring_elements |
0.06603 |
| published_at |
2026-04-21T12:55:00Z |
|
| 11 |
| value |
0.00024 |
| scoring_system |
epss |
| scoring_elements |
0.06454 |
| published_at |
2026-04-18T12:55:00Z |
|
| 12 |
| value |
0.00024 |
| scoring_system |
epss |
| scoring_elements |
0.06443 |
| published_at |
2026-04-16T12:55:00Z |
|
| 13 |
| value |
0.00024 |
| scoring_system |
epss |
| scoring_elements |
0.06902 |
| published_at |
2026-05-14T12:55:00Z |
|
| 14 |
| value |
0.00024 |
| scoring_system |
epss |
| scoring_elements |
0.06846 |
| published_at |
2026-05-11T12:55:00Z |
|
| 15 |
| value |
0.00024 |
| scoring_system |
epss |
| scoring_elements |
0.06843 |
| published_at |
2026-05-09T12:55:00Z |
|
| 16 |
| value |
0.00024 |
| scoring_system |
epss |
| scoring_elements |
0.06777 |
| published_at |
2026-05-07T12:55:00Z |
|
| 17 |
| value |
0.00024 |
| scoring_system |
epss |
| scoring_elements |
0.06649 |
| published_at |
2026-05-05T12:55:00Z |
|
| 18 |
| value |
0.00024 |
| scoring_system |
epss |
| scoring_elements |
0.06864 |
| published_at |
2026-05-12T12:55:00Z |
|
| 19 |
| value |
0.00026 |
| scoring_system |
epss |
| scoring_elements |
0.07235 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-64458 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@4.2.26 |
| purl |
pkg:pypi/django@4.2.26 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 5 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 6 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 7 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 8 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 9 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 10 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 11 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 12 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 13 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 14 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.26 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@5.2.8 |
| purl |
pkg:pypi/django@5.2.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 5 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 6 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 7 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 8 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 9 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 10 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 11 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 12 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 13 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 14 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.8 |
|
| 3 |
|
|
| aliases |
CVE-2025-64458, GHSA-qw25-v68c-qjf3
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-84mm-45p6-xkau |
|
| 9 |
| url |
VCID-896g-hqec-ryb9 |
| vulnerability_id |
VCID-896g-hqec-ryb9 |
| summary |
An issue was discovered in Django 5.2 before 5.2.2, 5.1 before 5.1.10, and 4.2 before 4.2.22. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-48432 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61555 |
| published_at |
2026-05-14T12:55:00Z |
|
| 1 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61502 |
| published_at |
2026-05-12T12:55:00Z |
|
| 2 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61474 |
| published_at |
2026-05-11T12:55:00Z |
|
| 3 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61512 |
| published_at |
2026-05-09T12:55:00Z |
|
| 4 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61378 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61446 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.6146 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61439 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61423 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61377 |
| published_at |
2026-04-07T12:55:00Z |
|
| 10 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61407 |
| published_at |
2026-04-04T12:55:00Z |
|
| 11 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61404 |
| published_at |
2026-05-05T12:55:00Z |
|
| 12 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61452 |
| published_at |
2026-05-07T12:55:00Z |
|
| 13 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61457 |
| published_at |
2026-04-26T12:55:00Z |
|
| 14 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61442 |
| published_at |
2026-04-24T12:55:00Z |
|
| 15 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61455 |
| published_at |
2026-04-21T12:55:00Z |
|
| 16 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61471 |
| published_at |
2026-04-18T12:55:00Z |
|
| 17 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61467 |
| published_at |
2026-04-16T12:55:00Z |
|
| 18 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61428 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-48432 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
| reference_url |
https://groups.google.com/g/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N |
|
| 1 |
| value |
4.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/ |
|
|
| url |
https://groups.google.com/g/django-announce |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@4.2.22 |
| purl |
pkg:pypi/django@4.2.22 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 5 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 6 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 7 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 8 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 9 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 10 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 11 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 12 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 13 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 14 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 15 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 16 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 17 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 18 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 19 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.22 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@5.2.2 |
| purl |
pkg:pypi/django@5.2.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 5 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 6 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 7 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 8 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 9 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 10 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 11 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 12 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 13 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 14 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 15 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 16 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 17 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 18 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 19 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.2 |
|
|
| aliases |
BIT-django-2025-48432, CVE-2025-48432, GHSA-7xr5-9hcq-chf9, PYSEC-2025-47
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-896g-hqec-ryb9 |
|
| 10 |
| url |
VCID-8m4b-y4va-kqgm |
| vulnerability_id |
VCID-8m4b-y4va-kqgm |
| summary |
In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-43665 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02194 |
| scoring_system |
epss |
| scoring_elements |
0.84423 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.02194 |
| scoring_system |
epss |
| scoring_elements |
0.84404 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.02194 |
| scoring_system |
epss |
| scoring_elements |
0.844 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.0279 |
| scoring_system |
epss |
| scoring_elements |
0.86189 |
| published_at |
2026-05-09T12:55:00Z |
|
| 4 |
| value |
0.0279 |
| scoring_system |
epss |
| scoring_elements |
0.8603 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.0279 |
| scoring_system |
epss |
| scoring_elements |
0.8617 |
| published_at |
2026-05-07T12:55:00Z |
|
| 6 |
| value |
0.0279 |
| scoring_system |
epss |
| scoring_elements |
0.86148 |
| published_at |
2026-05-05T12:55:00Z |
|
| 7 |
| value |
0.0279 |
| scoring_system |
epss |
| scoring_elements |
0.86129 |
| published_at |
2026-04-29T12:55:00Z |
|
| 8 |
| value |
0.0279 |
| scoring_system |
epss |
| scoring_elements |
0.86119 |
| published_at |
2026-04-24T12:55:00Z |
|
| 9 |
| value |
0.0279 |
| scoring_system |
epss |
| scoring_elements |
0.86099 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.0279 |
| scoring_system |
epss |
| scoring_elements |
0.86047 |
| published_at |
2026-04-04T12:55:00Z |
|
| 11 |
| value |
0.0279 |
| scoring_system |
epss |
| scoring_elements |
0.86046 |
| published_at |
2026-04-07T12:55:00Z |
|
| 12 |
| value |
0.0279 |
| scoring_system |
epss |
| scoring_elements |
0.86066 |
| published_at |
2026-04-08T12:55:00Z |
|
| 13 |
| value |
0.0279 |
| scoring_system |
epss |
| scoring_elements |
0.86237 |
| published_at |
2026-05-14T12:55:00Z |
|
| 14 |
| value |
0.0279 |
| scoring_system |
epss |
| scoring_elements |
0.86198 |
| published_at |
2026-05-12T12:55:00Z |
|
| 15 |
| value |
0.0279 |
| scoring_system |
epss |
| scoring_elements |
0.86185 |
| published_at |
2026-05-11T12:55:00Z |
|
| 16 |
| value |
0.0279 |
| scoring_system |
epss |
| scoring_elements |
0.86091 |
| published_at |
2026-04-11T12:55:00Z |
|
| 17 |
| value |
0.0279 |
| scoring_system |
epss |
| scoring_elements |
0.86076 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-43665 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@4.2.6 |
| purl |
pkg:pypi/django@4.2.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-3sac-ah8j-pucd |
|
| 4 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 5 |
| vulnerability |
VCID-78r4-85ms-63hm |
|
| 6 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 7 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 8 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 9 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 10 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 11 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 12 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 13 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 14 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 15 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 16 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 17 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 18 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 19 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 20 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 21 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 22 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 23 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 24 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 25 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 26 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 27 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 28 |
| vulnerability |
VCID-rmdp-bnjj-zuf2 |
|
| 29 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 30 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 31 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 32 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 33 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 34 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 35 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 36 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 37 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 38 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 39 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.6 |
|
|
| aliases |
BIT-django-2023-43665, CVE-2023-43665, GHSA-h8gc-pgj2-vjm3, PYSEC-2023-226
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8m4b-y4va-kqgm |
|
| 11 |
| url |
VCID-8qu1-45n9-gyb1 |
| vulnerability_id |
VCID-8qu1-45n9-gyb1 |
| summary |
Django has an SQL Injection issue
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.
`FilteredRelation` is subject to SQL injection in column aliases via control characters, using a suitably crafted dictionary, with dictionary expansion, as the `**kwargs` passed to `QuerySet` methods `annotate()`, `aggregate()`, `extra()`, `values()`, `values_list()`, and `alias()`. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Solomon Kebede for reporting this issue. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-1287 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0001 |
| scoring_system |
epss |
| scoring_elements |
0.01083 |
| published_at |
2026-04-09T12:55:00Z |
|
| 1 |
| value |
0.0001 |
| scoring_system |
epss |
| scoring_elements |
0.01069 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.0001 |
| scoring_system |
epss |
| scoring_elements |
0.01067 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.0001 |
| scoring_system |
epss |
| scoring_elements |
0.01072 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.0001 |
| scoring_system |
epss |
| scoring_elements |
0.01079 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.0001 |
| scoring_system |
epss |
| scoring_elements |
0.01084 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01536 |
| published_at |
2026-05-05T12:55:00Z |
|
| 7 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01549 |
| published_at |
2026-04-29T12:55:00Z |
|
| 8 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01539 |
| published_at |
2026-04-26T12:55:00Z |
|
| 9 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01541 |
| published_at |
2026-04-24T12:55:00Z |
|
| 10 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01534 |
| published_at |
2026-04-21T12:55:00Z |
|
| 11 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01446 |
| published_at |
2026-04-18T12:55:00Z |
|
| 12 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01529 |
| published_at |
2026-05-14T12:55:00Z |
|
| 13 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01433 |
| published_at |
2026-04-16T12:55:00Z |
|
| 14 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01517 |
| published_at |
2026-05-12T12:55:00Z |
|
| 15 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01521 |
| published_at |
2026-05-11T12:55:00Z |
|
| 16 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01523 |
| published_at |
2026-05-09T12:55:00Z |
|
| 17 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.0153 |
| published_at |
2026-05-07T12:55:00Z |
|
| 18 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01443 |
| published_at |
2026-04-12T12:55:00Z |
|
| 19 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01444 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-1287 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://groups.google.com/g/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
|
| 1 |
| value |
8.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:26:40Z/ |
|
|
| url |
https://groups.google.com/g/django-announce |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-1287, GHSA-gvg8-93h5-g6qq
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8qu1-45n9-gyb1 |
|
| 12 |
| url |
VCID-8xgs-8xjr-cber |
| vulnerability_id |
VCID-8xgs-8xjr-cber |
| summary |
An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-24680 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01394 |
| scoring_system |
epss |
| scoring_elements |
0.80573 |
| published_at |
2026-05-14T12:55:00Z |
|
| 1 |
| value |
0.01394 |
| scoring_system |
epss |
| scoring_elements |
0.80532 |
| published_at |
2026-05-12T12:55:00Z |
|
| 2 |
| value |
0.01394 |
| scoring_system |
epss |
| scoring_elements |
0.80515 |
| published_at |
2026-05-11T12:55:00Z |
|
| 3 |
| value |
0.01394 |
| scoring_system |
epss |
| scoring_elements |
0.8052 |
| published_at |
2026-05-09T12:55:00Z |
|
| 4 |
| value |
0.01394 |
| scoring_system |
epss |
| scoring_elements |
0.80501 |
| published_at |
2026-05-07T12:55:00Z |
|
| 5 |
| value |
0.01394 |
| scoring_system |
epss |
| scoring_elements |
0.80478 |
| published_at |
2026-05-05T12:55:00Z |
|
| 6 |
| value |
0.01394 |
| scoring_system |
epss |
| scoring_elements |
0.80463 |
| published_at |
2026-04-29T12:55:00Z |
|
| 7 |
| value |
0.01394 |
| scoring_system |
epss |
| scoring_elements |
0.80446 |
| published_at |
2026-04-26T12:55:00Z |
|
| 8 |
| value |
0.01394 |
| scoring_system |
epss |
| scoring_elements |
0.80439 |
| published_at |
2026-04-24T12:55:00Z |
|
| 9 |
| value |
0.01394 |
| scoring_system |
epss |
| scoring_elements |
0.80413 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.01394 |
| scoring_system |
epss |
| scoring_elements |
0.8041 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.01394 |
| scoring_system |
epss |
| scoring_elements |
0.80408 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.01394 |
| scoring_system |
epss |
| scoring_elements |
0.80379 |
| published_at |
2026-04-13T12:55:00Z |
|
| 13 |
| value |
0.01394 |
| scoring_system |
epss |
| scoring_elements |
0.80386 |
| published_at |
2026-04-12T12:55:00Z |
|
| 14 |
| value |
0.01394 |
| scoring_system |
epss |
| scoring_elements |
0.80402 |
| published_at |
2026-04-11T12:55:00Z |
|
| 15 |
| value |
0.01394 |
| scoring_system |
epss |
| scoring_elements |
0.80383 |
| published_at |
2026-04-09T12:55:00Z |
|
| 16 |
| value |
0.01394 |
| scoring_system |
epss |
| scoring_elements |
0.80372 |
| published_at |
2026-04-08T12:55:00Z |
|
| 17 |
| value |
0.01394 |
| scoring_system |
epss |
| scoring_elements |
0.80343 |
| published_at |
2026-04-07T12:55:00Z |
|
| 18 |
| value |
0.01394 |
| scoring_system |
epss |
| scoring_elements |
0.80355 |
| published_at |
2026-04-04T12:55:00Z |
|
| 19 |
| value |
0.01394 |
| scoring_system |
epss |
| scoring_elements |
0.80335 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-24680 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
| reference_url |
https://groups.google.com/forum/#%21forum/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 2 |
| value |
8.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:36Z/ |
|
|
| url |
https://groups.google.com/forum/#%21forum/django-announce |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@4.2.10 |
| purl |
pkg:pypi/django@4.2.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-3sac-ah8j-pucd |
|
| 4 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 5 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 6 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 7 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 8 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 9 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 10 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 11 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 12 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 13 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 14 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 15 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 16 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 17 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 18 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 19 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 20 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 21 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 22 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 23 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 24 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 25 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 26 |
| vulnerability |
VCID-rmdp-bnjj-zuf2 |
|
| 27 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 28 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 29 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 30 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 31 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 32 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 33 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 34 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 35 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 36 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 37 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.10 |
|
| 1 |
| url |
pkg:pypi/django@5.0.2 |
| purl |
pkg:pypi/django@5.0.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3sac-ah8j-pucd |
|
| 1 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 6 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 7 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 8 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 9 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 10 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 11 |
| vulnerability |
VCID-p9fd-1qx2-8ubc |
|
| 12 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 13 |
| vulnerability |
VCID-rmdp-bnjj-zuf2 |
|
| 14 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 15 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 16 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 17 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 18 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 19 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 20 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.2 |
|
|
| aliases |
BIT-django-2024-24680, CVE-2024-24680, GHSA-xxj9-f6rv-m3x4, PYSEC-2024-28
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8xgs-8xjr-cber |
|
| 13 |
| url |
VCID-9abh-apwm-ebab |
| vulnerability_id |
VCID-9abh-apwm-ebab |
| summary |
An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags(). |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-32873 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37674 |
| published_at |
2026-04-11T12:55:00Z |
|
| 1 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.3732 |
| published_at |
2026-04-26T12:55:00Z |
|
| 2 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.3734 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37692 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37577 |
| published_at |
2026-04-21T12:55:00Z |
|
| 5 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37659 |
| published_at |
2026-04-16T12:55:00Z |
|
| 6 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37613 |
| published_at |
2026-04-13T12:55:00Z |
|
| 7 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37717 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37596 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37647 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37661 |
| published_at |
2026-04-09T12:55:00Z |
|
| 11 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37641 |
| published_at |
2026-04-18T12:55:00Z |
|
| 12 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.3717 |
| published_at |
2026-05-14T12:55:00Z |
|
| 13 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37092 |
| published_at |
2026-05-12T12:55:00Z |
|
| 14 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.3712 |
| published_at |
2026-05-11T12:55:00Z |
|
| 15 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.372 |
| published_at |
2026-05-09T12:55:00Z |
|
| 16 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37181 |
| published_at |
2026-05-07T12:55:00Z |
|
| 17 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37114 |
| published_at |
2026-05-05T12:55:00Z |
|
| 18 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.3723 |
| published_at |
2026-04-29T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-32873 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@4.2.21 |
| purl |
pkg:pypi/django@4.2.21 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 5 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 6 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 7 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 8 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 9 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 10 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 11 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 12 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 13 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 14 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 15 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 16 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 17 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 18 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 19 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 20 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.21 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@5.2.1 |
| purl |
pkg:pypi/django@5.2.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 5 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 6 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 7 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 8 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 9 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 10 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 11 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 12 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 13 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 14 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 15 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 16 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 17 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 18 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 19 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 20 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.1 |
|
|
| aliases |
BIT-django-2025-32873, CVE-2025-32873, GHSA-8j24-cjrq-gr2m, PYSEC-2025-37
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9abh-apwm-ebab |
|
| 14 |
| url |
VCID-9uzd-mmyv-mfh4 |
| vulnerability_id |
VCID-9uzd-mmyv-mfh4 |
| summary |
Django vulnerable to SQL injection via _connector keyword argument in QuerySet and Q objects.
An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.
The methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank cyberstan for reporting this issue. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-64459 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00191 |
| scoring_system |
epss |
| scoring_elements |
0.41087 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00256 |
| scoring_system |
epss |
| scoring_elements |
0.48966 |
| published_at |
2026-05-12T12:55:00Z |
|
| 2 |
| value |
0.00256 |
| scoring_system |
epss |
| scoring_elements |
0.48937 |
| published_at |
2026-05-11T12:55:00Z |
|
| 3 |
| value |
0.00256 |
| scoring_system |
epss |
| scoring_elements |
0.4899 |
| published_at |
2026-05-09T12:55:00Z |
|
| 4 |
| value |
0.00256 |
| scoring_system |
epss |
| scoring_elements |
0.48963 |
| published_at |
2026-05-07T12:55:00Z |
|
| 5 |
| value |
0.00256 |
| scoring_system |
epss |
| scoring_elements |
0.489 |
| published_at |
2026-05-05T12:55:00Z |
|
| 6 |
| value |
0.00256 |
| scoring_system |
epss |
| scoring_elements |
0.48981 |
| published_at |
2026-04-29T12:55:00Z |
|
| 7 |
| value |
0.00256 |
| scoring_system |
epss |
| scoring_elements |
0.49025 |
| published_at |
2026-04-26T12:55:00Z |
|
| 8 |
| value |
0.00256 |
| scoring_system |
epss |
| scoring_elements |
0.49016 |
| published_at |
2026-04-24T12:55:00Z |
|
| 9 |
| value |
0.00256 |
| scoring_system |
epss |
| scoring_elements |
0.49031 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.00256 |
| scoring_system |
epss |
| scoring_elements |
0.4904 |
| published_at |
2026-05-14T12:55:00Z |
|
| 11 |
| value |
0.00576 |
| scoring_system |
epss |
| scoring_elements |
0.68747 |
| published_at |
2026-04-04T12:55:00Z |
|
| 12 |
| value |
0.00576 |
| scoring_system |
epss |
| scoring_elements |
0.68724 |
| published_at |
2026-04-07T12:55:00Z |
|
| 13 |
| value |
0.00576 |
| scoring_system |
epss |
| scoring_elements |
0.68776 |
| published_at |
2026-04-08T12:55:00Z |
|
| 14 |
| value |
0.00576 |
| scoring_system |
epss |
| scoring_elements |
0.68795 |
| published_at |
2026-04-09T12:55:00Z |
|
| 15 |
| value |
0.00576 |
| scoring_system |
epss |
| scoring_elements |
0.68818 |
| published_at |
2026-04-11T12:55:00Z |
|
| 16 |
| value |
0.00576 |
| scoring_system |
epss |
| scoring_elements |
0.68804 |
| published_at |
2026-04-12T12:55:00Z |
|
| 17 |
| value |
0.00576 |
| scoring_system |
epss |
| scoring_elements |
0.68774 |
| published_at |
2026-04-13T12:55:00Z |
|
| 18 |
| value |
0.00642 |
| scoring_system |
epss |
| scoring_elements |
0.70648 |
| published_at |
2026-04-18T12:55:00Z |
|
| 19 |
| value |
0.00642 |
| scoring_system |
epss |
| scoring_elements |
0.7064 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-64459 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@4.2.26 |
| purl |
pkg:pypi/django@4.2.26 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 5 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 6 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 7 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 8 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 9 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 10 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 11 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 12 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 13 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 14 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.26 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@5.2.8 |
| purl |
pkg:pypi/django@5.2.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 5 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 6 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 7 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 8 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 9 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 10 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 11 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 12 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 13 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 14 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.8 |
|
| 3 |
|
|
| aliases |
CVE-2025-64459, GHSA-frmv-pr5f-9mcr
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9uzd-mmyv-mfh4 |
|
| 15 |
| url |
VCID-ac4c-321h-tqfk |
| vulnerability_id |
VCID-ac4c-321h-tqfk |
| summary |
Django has a Race Condition vulnerability
An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29.
Race condition in file-system storage and file-based cache backends in Django allows an attacker to cause file system objects to be created with incorrect permissions via concurrent requests, where one thread's temporary `umask` change affects other threads in multi-threaded environments.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Tarek Nakkouch for reporting this issue. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-25674 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0001 |
| scoring_system |
epss |
| scoring_elements |
0.01091 |
| published_at |
2026-05-11T12:55:00Z |
|
| 1 |
| value |
0.0001 |
| scoring_system |
epss |
| scoring_elements |
0.01098 |
| published_at |
2026-05-14T12:55:00Z |
|
| 2 |
| value |
0.0001 |
| scoring_system |
epss |
| scoring_elements |
0.01086 |
| published_at |
2026-05-12T12:55:00Z |
|
| 3 |
| value |
0.0001 |
| scoring_system |
epss |
| scoring_elements |
0.01096 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01391 |
| published_at |
2026-04-26T12:55:00Z |
|
| 5 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01387 |
| published_at |
2026-04-24T12:55:00Z |
|
| 6 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01377 |
| published_at |
2026-04-21T12:55:00Z |
|
| 7 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01289 |
| published_at |
2026-04-16T12:55:00Z |
|
| 8 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01297 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01303 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01319 |
| published_at |
2026-04-09T12:55:00Z |
|
| 11 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01316 |
| published_at |
2026-04-08T12:55:00Z |
|
| 12 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01299 |
| published_at |
2026-04-13T12:55:00Z |
|
| 13 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01311 |
| published_at |
2026-04-07T12:55:00Z |
|
| 14 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01369 |
| published_at |
2026-05-09T12:55:00Z |
|
| 15 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01372 |
| published_at |
2026-05-07T12:55:00Z |
|
| 16 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01379 |
| published_at |
2026-05-05T12:55:00Z |
|
| 17 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01389 |
| published_at |
2026-04-29T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-25674 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-25674, GHSA-mjgh-79qc-68w3
|
| risk_score |
1.6 |
| exploitability |
0.5 |
| weighted_severity |
3.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ac4c-321h-tqfk |
|
| 16 |
| url |
VCID-c6xy-v4sf-u3hn |
| vulnerability_id |
VCID-c6xy-v4sf-u3hn |
| summary |
Django vulnerable to partial directory traversal via archives
An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. The django.utils.archive.extract() function, used by the "startapp --template" and "startproject --template" commands, allows partial directory traversal via an archive with file paths sharing a common prefix with the target directory. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-59682 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05234 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05433 |
| published_at |
2026-04-26T12:55:00Z |
|
| 2 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05391 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05353 |
| published_at |
2026-04-21T12:55:00Z |
|
| 4 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05198 |
| published_at |
2026-04-18T12:55:00Z |
|
| 5 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05196 |
| published_at |
2026-04-16T12:55:00Z |
|
| 6 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05251 |
| published_at |
2026-04-13T12:55:00Z |
|
| 7 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05265 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05204 |
| published_at |
2026-04-02T12:55:00Z |
|
| 9 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05279 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05314 |
| published_at |
2026-04-09T12:55:00Z |
|
| 11 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05294 |
| published_at |
2026-04-08T12:55:00Z |
|
| 12 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05258 |
| published_at |
2026-04-07T12:55:00Z |
|
| 13 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.06174 |
| published_at |
2026-05-14T12:55:00Z |
|
| 14 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.06165 |
| published_at |
2026-05-12T12:55:00Z |
|
| 15 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.06147 |
| published_at |
2026-05-09T12:55:00Z |
|
| 16 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.06081 |
| published_at |
2026-05-07T12:55:00Z |
|
| 17 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.06163 |
| published_at |
2026-05-11T12:55:00Z |
|
| 18 |
| value |
0.00022 |
| scoring_system |
epss |
| scoring_elements |
0.0623 |
| published_at |
2026-04-29T12:55:00Z |
|
| 19 |
| value |
0.00022 |
| scoring_system |
epss |
| scoring_elements |
0.06247 |
| published_at |
2026-05-05T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-59682 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@4.2.25 |
| purl |
pkg:pypi/django@4.2.25 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 5 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 6 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 7 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 8 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 9 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 10 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 11 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 12 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 13 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 14 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 15 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 16 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.25 |
|
| 1 |
|
| 2 |
|
| 3 |
| url |
pkg:pypi/django@5.2a1 |
| purl |
pkg:pypi/django@5.2a1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 1 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 6 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 7 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 8 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 9 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 10 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2a1 |
|
| 4 |
| url |
pkg:pypi/django@5.2.7 |
| purl |
pkg:pypi/django@5.2.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 5 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 6 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 7 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 8 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 9 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 10 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 11 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 12 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 13 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 14 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 15 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 16 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.7 |
|
| 5 |
|
|
| aliases |
CVE-2025-59682, GHSA-q95w-c7qg-hrff
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
7.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-c6xy-v4sf-u3hn |
|
| 17 |
| url |
VCID-e2jd-yd4j-kqgt |
| vulnerability_id |
VCID-e2jd-yd4j-kqgt |
| summary |
Django allows enumeration of user e-mail addresses
An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing). |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-45231 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46339 |
| published_at |
2026-05-14T12:55:00Z |
|
| 1 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46267 |
| published_at |
2026-05-12T12:55:00Z |
|
| 2 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46235 |
| published_at |
2026-05-11T12:55:00Z |
|
| 3 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46294 |
| published_at |
2026-05-09T12:55:00Z |
|
| 4 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46273 |
| published_at |
2026-05-07T12:55:00Z |
|
| 5 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46207 |
| published_at |
2026-05-05T12:55:00Z |
|
| 6 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46302 |
| published_at |
2026-04-29T12:55:00Z |
|
| 7 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46354 |
| published_at |
2026-04-26T12:55:00Z |
|
| 8 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46342 |
| published_at |
2026-04-24T12:55:00Z |
|
| 9 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.4636 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46415 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46299 |
| published_at |
2026-04-07T12:55:00Z |
|
| 12 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46351 |
| published_at |
2026-04-04T12:55:00Z |
|
| 13 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46331 |
| published_at |
2026-04-02T12:55:00Z |
|
| 14 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46418 |
| published_at |
2026-04-16T12:55:00Z |
|
| 15 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46361 |
| published_at |
2026-04-13T12:55:00Z |
|
| 16 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.4635 |
| published_at |
2026-04-12T12:55:00Z |
|
| 17 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46379 |
| published_at |
2026-04-11T12:55:00Z |
|
| 18 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46355 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-45231 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
| reference_url |
https://groups.google.com/forum/#%21forum/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 2 |
| value |
6.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:35:34Z/ |
|
|
| url |
https://groups.google.com/forum/#%21forum/django-announce |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@4.2.16 |
| purl |
pkg:pypi/django@4.2.16 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-3sac-ah8j-pucd |
|
| 4 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 5 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 8 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 9 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 10 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 11 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 12 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 13 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 14 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 15 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 16 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 17 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 18 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 19 |
| vulnerability |
VCID-rmdp-bnjj-zuf2 |
|
| 20 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 21 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 22 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 23 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 24 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 25 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 26 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.16 |
|
| 1 |
| url |
pkg:pypi/django@5.0.9 |
| purl |
pkg:pypi/django@5.0.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3sac-ah8j-pucd |
|
| 1 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 2 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 3 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 4 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 5 |
| vulnerability |
VCID-p9fd-1qx2-8ubc |
|
| 6 |
| vulnerability |
VCID-rmdp-bnjj-zuf2 |
|
| 7 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 8 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 9 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.9 |
|
| 2 |
| url |
pkg:pypi/django@5.1.1 |
| purl |
pkg:pypi/django@5.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3sac-ah8j-pucd |
|
| 1 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 2 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 3 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 6 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 7 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 8 |
| vulnerability |
VCID-p9fd-1qx2-8ubc |
|
| 9 |
| vulnerability |
VCID-rmdp-bnjj-zuf2 |
|
| 10 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 11 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 12 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 13 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 14 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.1 |
|
|
| aliases |
CVE-2024-45231, GHSA-rrqc-c2jx-6jgv
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-e2jd-yd4j-kqgt |
|
| 18 |
| url |
VCID-e87q-1j8h-93hh |
| vulnerability_id |
VCID-e87q-1j8h-93hh |
| summary |
An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (The django.db.models.GenericIPAddressField model field is not affected.) |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-56374 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00084 |
| scoring_system |
epss |
| scoring_elements |
0.24451 |
| published_at |
2026-05-14T12:55:00Z |
|
| 1 |
| value |
0.00084 |
| scoring_system |
epss |
| scoring_elements |
0.24372 |
| published_at |
2026-05-12T12:55:00Z |
|
| 2 |
| value |
0.00084 |
| scoring_system |
epss |
| scoring_elements |
0.24353 |
| published_at |
2026-05-11T12:55:00Z |
|
| 3 |
| value |
0.00084 |
| scoring_system |
epss |
| scoring_elements |
0.24417 |
| published_at |
2026-05-09T12:55:00Z |
|
| 4 |
| value |
0.00084 |
| scoring_system |
epss |
| scoring_elements |
0.24355 |
| published_at |
2026-05-07T12:55:00Z |
|
| 5 |
| value |
0.00084 |
| scoring_system |
epss |
| scoring_elements |
0.24276 |
| published_at |
2026-05-05T12:55:00Z |
|
| 6 |
| value |
0.00084 |
| scoring_system |
epss |
| scoring_elements |
0.24401 |
| published_at |
2026-04-29T12:55:00Z |
|
| 7 |
| value |
0.00084 |
| scoring_system |
epss |
| scoring_elements |
0.24443 |
| published_at |
2026-04-26T12:55:00Z |
|
| 8 |
| value |
0.00084 |
| scoring_system |
epss |
| scoring_elements |
0.24457 |
| published_at |
2026-04-24T12:55:00Z |
|
| 9 |
| value |
0.00084 |
| scoring_system |
epss |
| scoring_elements |
0.24512 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.00084 |
| scoring_system |
epss |
| scoring_elements |
0.24537 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00084 |
| scoring_system |
epss |
| scoring_elements |
0.24496 |
| published_at |
2026-04-07T12:55:00Z |
|
| 12 |
| value |
0.00084 |
| scoring_system |
epss |
| scoring_elements |
0.24724 |
| published_at |
2026-04-04T12:55:00Z |
|
| 13 |
| value |
0.00084 |
| scoring_system |
epss |
| scoring_elements |
0.24686 |
| published_at |
2026-04-02T12:55:00Z |
|
| 14 |
| value |
0.00084 |
| scoring_system |
epss |
| scoring_elements |
0.24545 |
| published_at |
2026-04-16T12:55:00Z |
|
| 15 |
| value |
0.00084 |
| scoring_system |
epss |
| scoring_elements |
0.24532 |
| published_at |
2026-04-13T12:55:00Z |
|
| 16 |
| value |
0.00084 |
| scoring_system |
epss |
| scoring_elements |
0.24586 |
| published_at |
2026-04-12T12:55:00Z |
|
| 17 |
| value |
0.00084 |
| scoring_system |
epss |
| scoring_elements |
0.24629 |
| published_at |
2026-04-11T12:55:00Z |
|
| 18 |
| value |
0.00084 |
| scoring_system |
epss |
| scoring_elements |
0.24612 |
| published_at |
2026-04-09T12:55:00Z |
|
| 19 |
| value |
0.00084 |
| scoring_system |
epss |
| scoring_elements |
0.24567 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-56374 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@4.2.18 |
| purl |
pkg:pypi/django@4.2.18 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 5 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 6 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 7 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 8 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 9 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 10 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 11 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 12 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 13 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 14 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 15 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 16 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 17 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 18 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 19 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 20 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 21 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 22 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.18 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@5.1.5 |
| purl |
pkg:pypi/django@5.1.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 1 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 2 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 3 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 4 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 5 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 6 |
| vulnerability |
VCID-p9fd-1qx2-8ubc |
|
| 7 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 8 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 9 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 10 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.5 |
|
|
| aliases |
BIT-django-2024-56374, CVE-2024-56374, GHSA-qcgg-j2x8-h9g8, PYSEC-2025-1
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-e87q-1j8h-93hh |
|
| 19 |
| url |
VCID-e9k9-1s9f-dbgv |
| vulnerability_id |
VCID-e9k9-1s9f-dbgv |
| summary |
Django has Inefficient Algorithmic Complexity
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.
`ASGIRequest` allows a remote attacker to cause a potential denial-of-service via a crafted request with multiple duplicate headers.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Jiyong Yang for reporting this issue. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-14550 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00059 |
| scoring_system |
epss |
| scoring_elements |
0.18487 |
| published_at |
2026-04-07T12:55:00Z |
|
| 1 |
| value |
0.00059 |
| scoring_system |
epss |
| scoring_elements |
0.18717 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00059 |
| scoring_system |
epss |
| scoring_elements |
0.18625 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00059 |
| scoring_system |
epss |
| scoring_elements |
0.18621 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.00059 |
| scoring_system |
epss |
| scoring_elements |
0.18568 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00059 |
| scoring_system |
epss |
| scoring_elements |
0.18771 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00062 |
| scoring_system |
epss |
| scoring_elements |
0.19154 |
| published_at |
2026-05-09T12:55:00Z |
|
| 7 |
| value |
0.00062 |
| scoring_system |
epss |
| scoring_elements |
0.18976 |
| published_at |
2026-05-05T12:55:00Z |
|
| 8 |
| value |
0.00062 |
| scoring_system |
epss |
| scoring_elements |
0.1909 |
| published_at |
2026-04-29T12:55:00Z |
|
| 9 |
| value |
0.00062 |
| scoring_system |
epss |
| scoring_elements |
0.19132 |
| published_at |
2026-04-26T12:55:00Z |
|
| 10 |
| value |
0.00062 |
| scoring_system |
epss |
| scoring_elements |
0.19142 |
| published_at |
2026-04-24T12:55:00Z |
|
| 11 |
| value |
0.00062 |
| scoring_system |
epss |
| scoring_elements |
0.19244 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.00062 |
| scoring_system |
epss |
| scoring_elements |
0.19117 |
| published_at |
2026-05-11T12:55:00Z |
|
| 13 |
| value |
0.00062 |
| scoring_system |
epss |
| scoring_elements |
0.19057 |
| published_at |
2026-05-07T12:55:00Z |
|
| 14 |
| value |
0.00062 |
| scoring_system |
epss |
| scoring_elements |
0.1923 |
| published_at |
2026-04-18T12:55:00Z |
|
| 15 |
| value |
0.00062 |
| scoring_system |
epss |
| scoring_elements |
0.19221 |
| published_at |
2026-04-16T12:55:00Z |
|
| 16 |
| value |
0.00062 |
| scoring_system |
epss |
| scoring_elements |
0.19259 |
| published_at |
2026-04-13T12:55:00Z |
|
| 17 |
| value |
0.00062 |
| scoring_system |
epss |
| scoring_elements |
0.19314 |
| published_at |
2026-04-12T12:55:00Z |
|
| 18 |
| value |
0.00062 |
| scoring_system |
epss |
| scoring_elements |
0.19256 |
| published_at |
2026-05-14T12:55:00Z |
|
| 19 |
| value |
0.00062 |
| scoring_system |
epss |
| scoring_elements |
0.19153 |
| published_at |
2026-05-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-14550 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://groups.google.com/g/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
2.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:27:25Z/ |
|
|
| url |
https://groups.google.com/g/django-announce |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-14550, GHSA-33mw-q7rj-mjwj
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-e9k9-1s9f-dbgv |
|
| 20 |
| url |
VCID-ff2a-at5f-2qa8 |
| vulnerability_id |
VCID-ff2a-at5f-2qa8 |
| summary |
|
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-33033 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12909 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12702 |
| published_at |
2026-05-05T12:55:00Z |
|
| 2 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12792 |
| published_at |
2026-04-29T12:55:00Z |
|
| 3 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12898 |
| published_at |
2026-04-26T12:55:00Z |
|
| 4 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12933 |
| published_at |
2026-04-24T12:55:00Z |
|
| 5 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12849 |
| published_at |
2026-05-07T12:55:00Z |
|
| 6 |
| value |
0.00049 |
| scoring_system |
epss |
| scoring_elements |
0.15128 |
| published_at |
2026-05-12T12:55:00Z |
|
| 7 |
| value |
0.00049 |
| scoring_system |
epss |
| scoring_elements |
0.15083 |
| published_at |
2026-05-11T12:55:00Z |
|
| 8 |
| value |
0.00049 |
| scoring_system |
epss |
| scoring_elements |
0.15094 |
| published_at |
2026-05-09T12:55:00Z |
|
| 9 |
| value |
0.00049 |
| scoring_system |
epss |
| scoring_elements |
0.15206 |
| published_at |
2026-05-14T12:55:00Z |
|
| 10 |
| value |
0.00098 |
| scoring_system |
epss |
| scoring_elements |
0.2712 |
| published_at |
2026-04-11T12:55:00Z |
|
| 11 |
| value |
0.00098 |
| scoring_system |
epss |
| scoring_elements |
0.2707 |
| published_at |
2026-04-08T12:55:00Z |
|
| 12 |
| value |
0.00098 |
| scoring_system |
epss |
| scoring_elements |
0.27077 |
| published_at |
2026-04-12T12:55:00Z |
|
| 13 |
| value |
0.00098 |
| scoring_system |
epss |
| scoring_elements |
0.27116 |
| published_at |
2026-04-09T12:55:00Z |
|
| 14 |
| value |
0.0011 |
| scoring_system |
epss |
| scoring_elements |
0.29376 |
| published_at |
2026-04-13T12:55:00Z |
|
| 15 |
| value |
0.00133 |
| scoring_system |
epss |
| scoring_elements |
0.32864 |
| published_at |
2026-04-18T12:55:00Z |
|
| 16 |
| value |
0.00133 |
| scoring_system |
epss |
| scoring_elements |
0.32886 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-33033 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-33033, GHSA-5mf9-h53q-7mhq
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ff2a-at5f-2qa8 |
|
| 21 |
| url |
VCID-gfym-spzk-w7gk |
| vulnerability_id |
VCID-gfym-spzk-w7gk |
| summary |
|
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-4277 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00013 |
| scoring_system |
epss |
| scoring_elements |
0.0197 |
| published_at |
2026-04-08T12:55:00Z |
|
| 1 |
| value |
0.00013 |
| scoring_system |
epss |
| scoring_elements |
0.01986 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05515 |
| published_at |
2026-04-26T12:55:00Z |
|
| 3 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05474 |
| published_at |
2026-04-24T12:55:00Z |
|
| 4 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05434 |
| published_at |
2026-04-21T12:55:00Z |
|
| 5 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05561 |
| published_at |
2026-05-07T12:55:00Z |
|
| 6 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05516 |
| published_at |
2026-05-05T12:55:00Z |
|
| 7 |
| value |
0.00022 |
| scoring_system |
epss |
| scoring_elements |
0.06219 |
| published_at |
2026-05-14T12:55:00Z |
|
| 8 |
| value |
0.00022 |
| scoring_system |
epss |
| scoring_elements |
0.06196 |
| published_at |
2026-05-09T12:55:00Z |
|
| 9 |
| value |
0.00022 |
| scoring_system |
epss |
| scoring_elements |
0.0621 |
| published_at |
2026-05-11T12:55:00Z |
|
| 10 |
| value |
0.00022 |
| scoring_system |
epss |
| scoring_elements |
0.06211 |
| published_at |
2026-05-12T12:55:00Z |
|
| 11 |
| value |
0.0004 |
| scoring_system |
epss |
| scoring_elements |
0.12317 |
| published_at |
2026-04-11T12:55:00Z |
|
| 12 |
| value |
0.0004 |
| scoring_system |
epss |
| scoring_elements |
0.12281 |
| published_at |
2026-04-12T12:55:00Z |
|
| 13 |
| value |
0.00053 |
| scoring_system |
epss |
| scoring_elements |
0.16578 |
| published_at |
2026-04-13T12:55:00Z |
|
| 14 |
| value |
0.00056 |
| scoring_system |
epss |
| scoring_elements |
0.17449 |
| published_at |
2026-04-16T12:55:00Z |
|
| 15 |
| value |
0.00056 |
| scoring_system |
epss |
| scoring_elements |
0.17458 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-4277 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-4277, GHSA-pwjp-ccjc-ghwg
|
| risk_score |
2.5 |
| exploitability |
0.5 |
| weighted_severity |
4.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gfym-spzk-w7gk |
|
| 22 |
| url |
VCID-jh1e-72hp-fuf4 |
| vulnerability_id |
VCID-jh1e-72hp-fuf4 |
| summary |
In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-27351 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01855 |
| scoring_system |
epss |
| scoring_elements |
0.82977 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.02611 |
| scoring_system |
epss |
| scoring_elements |
0.85763 |
| published_at |
2026-05-12T12:55:00Z |
|
| 2 |
| value |
0.02611 |
| scoring_system |
epss |
| scoring_elements |
0.85751 |
| published_at |
2026-05-11T12:55:00Z |
|
| 3 |
| value |
0.02611 |
| scoring_system |
epss |
| scoring_elements |
0.85698 |
| published_at |
2026-04-26T12:55:00Z |
|
| 4 |
| value |
0.02611 |
| scoring_system |
epss |
| scoring_elements |
0.85799 |
| published_at |
2026-05-14T12:55:00Z |
|
| 5 |
| value |
0.02611 |
| scoring_system |
epss |
| scoring_elements |
0.85717 |
| published_at |
2026-05-05T12:55:00Z |
|
| 6 |
| value |
0.02611 |
| scoring_system |
epss |
| scoring_elements |
0.85701 |
| published_at |
2026-04-29T12:55:00Z |
|
| 7 |
| value |
0.02611 |
| scoring_system |
epss |
| scoring_elements |
0.85687 |
| published_at |
2026-04-24T12:55:00Z |
|
| 8 |
| value |
0.02611 |
| scoring_system |
epss |
| scoring_elements |
0.8567 |
| published_at |
2026-04-18T12:55:00Z |
|
| 9 |
| value |
0.02611 |
| scoring_system |
epss |
| scoring_elements |
0.85665 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.02611 |
| scoring_system |
epss |
| scoring_elements |
0.85642 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.02611 |
| scoring_system |
epss |
| scoring_elements |
0.85646 |
| published_at |
2026-04-12T12:55:00Z |
|
| 12 |
| value |
0.02611 |
| scoring_system |
epss |
| scoring_elements |
0.8565 |
| published_at |
2026-04-11T12:55:00Z |
|
| 13 |
| value |
0.02611 |
| scoring_system |
epss |
| scoring_elements |
0.85635 |
| published_at |
2026-04-09T12:55:00Z |
|
| 14 |
| value |
0.02611 |
| scoring_system |
epss |
| scoring_elements |
0.85624 |
| published_at |
2026-04-08T12:55:00Z |
|
| 15 |
| value |
0.02611 |
| scoring_system |
epss |
| scoring_elements |
0.85604 |
| published_at |
2026-04-07T12:55:00Z |
|
| 16 |
| value |
0.02611 |
| scoring_system |
epss |
| scoring_elements |
0.85599 |
| published_at |
2026-04-04T12:55:00Z |
|
| 17 |
| value |
0.02611 |
| scoring_system |
epss |
| scoring_elements |
0.85755 |
| published_at |
2026-05-09T12:55:00Z |
|
| 18 |
| value |
0.02611 |
| scoring_system |
epss |
| scoring_elements |
0.85738 |
| published_at |
2026-05-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-27351 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@4.2.11 |
| purl |
pkg:pypi/django@4.2.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-3sac-ah8j-pucd |
|
| 4 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 5 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 6 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 7 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 8 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 9 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 10 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 11 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 12 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 13 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 14 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 15 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 16 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 17 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 18 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 19 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 20 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 21 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 22 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 23 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 24 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 25 |
| vulnerability |
VCID-rmdp-bnjj-zuf2 |
|
| 26 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 27 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 28 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 29 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 30 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 31 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 32 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 33 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 34 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 35 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 36 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.11 |
|
| 1 |
| url |
pkg:pypi/django@5.0.3 |
| purl |
pkg:pypi/django@5.0.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3sac-ah8j-pucd |
|
| 1 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 6 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 7 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 8 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 9 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 10 |
| vulnerability |
VCID-p9fd-1qx2-8ubc |
|
| 11 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 12 |
| vulnerability |
VCID-rmdp-bnjj-zuf2 |
|
| 13 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 14 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 15 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 16 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 17 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 18 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 19 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.3 |
|
|
| aliases |
BIT-django-2024-27351, CVE-2024-27351, GHSA-vm8q-m57g-pff3, PYSEC-2024-47
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jh1e-72hp-fuf4 |
|
| 23 |
| url |
VCID-jzae-1awh-k7cm |
| vulnerability_id |
VCID-jzae-1awh-k7cm |
| summary |
An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-38875 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55962 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55933 |
| published_at |
2026-05-12T12:55:00Z |
|
| 2 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55958 |
| published_at |
2026-05-09T12:55:00Z |
|
| 3 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55899 |
| published_at |
2026-05-07T12:55:00Z |
|
| 4 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55852 |
| published_at |
2026-05-05T12:55:00Z |
|
| 5 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55904 |
| published_at |
2026-04-29T12:55:00Z |
|
| 6 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55928 |
| published_at |
2026-04-26T12:55:00Z |
|
| 7 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55907 |
| published_at |
2026-05-11T12:55:00Z |
|
| 8 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55981 |
| published_at |
2026-04-21T12:55:00Z |
|
| 9 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.56006 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.56003 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55967 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55985 |
| published_at |
2026-04-12T12:55:00Z |
|
| 13 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.56005 |
| published_at |
2026-04-11T12:55:00Z |
|
| 14 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55994 |
| published_at |
2026-04-09T12:55:00Z |
|
| 15 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55992 |
| published_at |
2026-05-14T12:55:00Z |
|
| 16 |
| value |
0.0033 |
| scoring_system |
epss |
| scoring_elements |
0.55941 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-38875 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@4.2.14 |
| purl |
pkg:pypi/django@4.2.14 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-3sac-ah8j-pucd |
|
| 4 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 5 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 6 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 7 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 8 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 9 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 10 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 11 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 12 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 13 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 14 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 15 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 16 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 17 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 18 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 19 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 20 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 21 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 22 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 23 |
| vulnerability |
VCID-rmdp-bnjj-zuf2 |
|
| 24 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 25 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 26 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 27 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 28 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 29 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 30 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 31 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 32 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.14 |
|
| 1 |
| url |
pkg:pypi/django@5.0.7 |
| purl |
pkg:pypi/django@5.0.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3sac-ah8j-pucd |
|
| 1 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 6 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 7 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 8 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 9 |
| vulnerability |
VCID-p9fd-1qx2-8ubc |
|
| 10 |
| vulnerability |
VCID-rmdp-bnjj-zuf2 |
|
| 11 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 12 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 13 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 14 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 15 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.7 |
|
|
| aliases |
BIT-django-2024-38875, CVE-2024-38875, GHSA-qg2p-9jwr-mmqf, PYSEC-2024-56
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jzae-1awh-k7cm |
|
| 24 |
| url |
VCID-m91a-6235-nye9 |
| vulnerability_id |
VCID-m91a-6235-nye9 |
| summary |
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-42005 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55859 |
| published_at |
2026-05-14T12:55:00Z |
|
| 1 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55799 |
| published_at |
2026-05-12T12:55:00Z |
|
| 2 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55772 |
| published_at |
2026-05-11T12:55:00Z |
|
| 3 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55818 |
| published_at |
2026-05-09T12:55:00Z |
|
| 4 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55761 |
| published_at |
2026-05-07T12:55:00Z |
|
| 5 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55713 |
| published_at |
2026-05-05T12:55:00Z |
|
| 6 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55768 |
| published_at |
2026-04-29T12:55:00Z |
|
| 7 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55793 |
| published_at |
2026-04-26T12:55:00Z |
|
| 8 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55848 |
| published_at |
2026-04-21T12:55:00Z |
|
| 9 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55873 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55863 |
| published_at |
2026-04-09T12:55:00Z |
|
| 11 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.5586 |
| published_at |
2026-04-08T12:55:00Z |
|
| 12 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55809 |
| published_at |
2026-04-07T12:55:00Z |
|
| 13 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55829 |
| published_at |
2026-04-04T12:55:00Z |
|
| 14 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55807 |
| published_at |
2026-04-02T12:55:00Z |
|
| 15 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55775 |
| published_at |
2026-04-24T12:55:00Z |
|
| 16 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55874 |
| published_at |
2026-04-18T12:55:00Z |
|
| 17 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.5587 |
| published_at |
2026-04-16T12:55:00Z |
|
| 18 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55834 |
| published_at |
2026-04-13T12:55:00Z |
|
| 19 |
| value |
0.00328 |
| scoring_system |
epss |
| scoring_elements |
0.55852 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-42005 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
| reference_url |
https://groups.google.com/forum/#%21forum/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-16T20:19:17Z/ |
|
|
| url |
https://groups.google.com/forum/#%21forum/django-announce |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@4.2.15 |
| purl |
pkg:pypi/django@4.2.15 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-3sac-ah8j-pucd |
|
| 4 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 5 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 8 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 9 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 10 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 11 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 12 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 13 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 14 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 15 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 16 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 17 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 18 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 19 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 20 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 21 |
| vulnerability |
VCID-rmdp-bnjj-zuf2 |
|
| 22 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 23 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 24 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 25 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 26 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 27 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 28 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.15 |
|
| 1 |
| url |
pkg:pypi/django@5.0.8 |
| purl |
pkg:pypi/django@5.0.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3sac-ah8j-pucd |
|
| 1 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 2 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 3 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 4 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 5 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 6 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 7 |
| vulnerability |
VCID-p9fd-1qx2-8ubc |
|
| 8 |
| vulnerability |
VCID-rmdp-bnjj-zuf2 |
|
| 9 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 10 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 11 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.8 |
|
|
| aliases |
BIT-django-2024-42005, CVE-2024-42005, GHSA-pv4p-cwwg-4rph, PYSEC-2024-70
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-m91a-6235-nye9 |
|
| 25 |
| url |
VCID-mga4-an1w-qqf9 |
| vulnerability_id |
VCID-mga4-an1w-qqf9 |
| summary |
Django vulnerable to denial-of-service attack via the urlize() and urlizetrunc() template filters
An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-45230 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02721 |
| scoring_system |
epss |
| scoring_elements |
0.86087 |
| published_at |
2026-05-14T12:55:00Z |
|
| 1 |
| value |
0.02721 |
| scoring_system |
epss |
| scoring_elements |
0.86049 |
| published_at |
2026-05-12T12:55:00Z |
|
| 2 |
| value |
0.02721 |
| scoring_system |
epss |
| scoring_elements |
0.86035 |
| published_at |
2026-05-11T12:55:00Z |
|
| 3 |
| value |
0.02721 |
| scoring_system |
epss |
| scoring_elements |
0.86038 |
| published_at |
2026-05-09T12:55:00Z |
|
| 4 |
| value |
0.02721 |
| scoring_system |
epss |
| scoring_elements |
0.8602 |
| published_at |
2026-05-07T12:55:00Z |
|
| 5 |
| value |
0.02721 |
| scoring_system |
epss |
| scoring_elements |
0.85998 |
| published_at |
2026-05-05T12:55:00Z |
|
| 6 |
| value |
0.02721 |
| scoring_system |
epss |
| scoring_elements |
0.85978 |
| published_at |
2026-04-29T12:55:00Z |
|
| 7 |
| value |
0.02721 |
| scoring_system |
epss |
| scoring_elements |
0.85977 |
| published_at |
2026-04-26T12:55:00Z |
|
| 8 |
| value |
0.02721 |
| scoring_system |
epss |
| scoring_elements |
0.85968 |
| published_at |
2026-04-24T12:55:00Z |
|
| 9 |
| value |
0.02721 |
| scoring_system |
epss |
| scoring_elements |
0.85948 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.02721 |
| scoring_system |
epss |
| scoring_elements |
0.85957 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.02721 |
| scoring_system |
epss |
| scoring_elements |
0.85953 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.02721 |
| scoring_system |
epss |
| scoring_elements |
0.8594 |
| published_at |
2026-04-12T12:55:00Z |
|
| 13 |
| value |
0.02721 |
| scoring_system |
epss |
| scoring_elements |
0.85942 |
| published_at |
2026-04-11T12:55:00Z |
|
| 14 |
| value |
0.02721 |
| scoring_system |
epss |
| scoring_elements |
0.85935 |
| published_at |
2026-04-13T12:55:00Z |
|
| 15 |
| value |
0.02721 |
| scoring_system |
epss |
| scoring_elements |
0.85928 |
| published_at |
2026-04-09T12:55:00Z |
|
| 16 |
| value |
0.02721 |
| scoring_system |
epss |
| scoring_elements |
0.85918 |
| published_at |
2026-04-08T12:55:00Z |
|
| 17 |
| value |
0.02721 |
| scoring_system |
epss |
| scoring_elements |
0.85899 |
| published_at |
2026-04-07T12:55:00Z |
|
| 18 |
| value |
0.02721 |
| scoring_system |
epss |
| scoring_elements |
0.85896 |
| published_at |
2026-04-04T12:55:00Z |
|
| 19 |
| value |
0.02721 |
| scoring_system |
epss |
| scoring_elements |
0.8588 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-45230 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
| reference_url |
https://groups.google.com/forum/#%21forum/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 2 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:30:05Z/ |
|
|
| url |
https://groups.google.com/forum/#%21forum/django-announce |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@4.2.16 |
| purl |
pkg:pypi/django@4.2.16 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-3sac-ah8j-pucd |
|
| 4 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 5 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 8 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 9 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 10 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 11 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 12 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 13 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 14 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 15 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 16 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 17 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 18 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 19 |
| vulnerability |
VCID-rmdp-bnjj-zuf2 |
|
| 20 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 21 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 22 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 23 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 24 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 25 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 26 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.16 |
|
| 1 |
| url |
pkg:pypi/django@5.0.9 |
| purl |
pkg:pypi/django@5.0.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3sac-ah8j-pucd |
|
| 1 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 2 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 3 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 4 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 5 |
| vulnerability |
VCID-p9fd-1qx2-8ubc |
|
| 6 |
| vulnerability |
VCID-rmdp-bnjj-zuf2 |
|
| 7 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 8 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 9 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.9 |
|
| 2 |
| url |
pkg:pypi/django@5.1.1 |
| purl |
pkg:pypi/django@5.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3sac-ah8j-pucd |
|
| 1 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 2 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 3 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 6 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 7 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 8 |
| vulnerability |
VCID-p9fd-1qx2-8ubc |
|
| 9 |
| vulnerability |
VCID-rmdp-bnjj-zuf2 |
|
| 10 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 11 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 12 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 13 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 14 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.1 |
|
|
| aliases |
BIT-django-2024-45230, CVE-2024-45230, GHSA-5hgc-2vfp-mqvc, PYSEC-2024-102
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mga4-an1w-qqf9 |
|
| 26 |
| url |
VCID-msge-1mfu-7qfa |
| vulnerability_id |
VCID-msge-1mfu-7qfa |
| summary |
Django has an SQL Injection issue
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.
`.QuerySet.order_by()` is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in `FilteredRelation`. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Solomon Kebede for reporting this issue. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-1312 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0001 |
| scoring_system |
epss |
| scoring_elements |
0.01084 |
| published_at |
2026-04-08T12:55:00Z |
|
| 1 |
| value |
0.0001 |
| scoring_system |
epss |
| scoring_elements |
0.01069 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.0001 |
| scoring_system |
epss |
| scoring_elements |
0.01067 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.0001 |
| scoring_system |
epss |
| scoring_elements |
0.01083 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.0001 |
| scoring_system |
epss |
| scoring_elements |
0.01072 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.0001 |
| scoring_system |
epss |
| scoring_elements |
0.01079 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01549 |
| published_at |
2026-04-29T12:55:00Z |
|
| 7 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01539 |
| published_at |
2026-04-26T12:55:00Z |
|
| 8 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01521 |
| published_at |
2026-05-11T12:55:00Z |
|
| 9 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01523 |
| published_at |
2026-05-09T12:55:00Z |
|
| 10 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.0153 |
| published_at |
2026-05-07T12:55:00Z |
|
| 11 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01536 |
| published_at |
2026-05-05T12:55:00Z |
|
| 12 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01541 |
| published_at |
2026-04-24T12:55:00Z |
|
| 13 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01534 |
| published_at |
2026-04-21T12:55:00Z |
|
| 14 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01446 |
| published_at |
2026-04-18T12:55:00Z |
|
| 15 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01433 |
| published_at |
2026-04-16T12:55:00Z |
|
| 16 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01529 |
| published_at |
2026-05-14T12:55:00Z |
|
| 17 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01444 |
| published_at |
2026-04-13T12:55:00Z |
|
| 18 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01443 |
| published_at |
2026-04-12T12:55:00Z |
|
| 19 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01517 |
| published_at |
2026-05-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-1312 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-1312, GHSA-6426-9fv3-65x8
|
| risk_score |
3.9 |
| exploitability |
0.5 |
| weighted_severity |
7.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-msge-1mfu-7qfa |
|
| 27 |
| url |
VCID-mux4-uv98-hbbw |
| vulnerability_id |
VCID-mux4-uv98-hbbw |
| summary |
Django vulnerable to SQL injection in column aliases
An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate(), and QuerySet.extra() are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to these methods (on MySQL and MariaDB). |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-59681 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00013 |
| scoring_system |
epss |
| scoring_elements |
0.01962 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00013 |
| scoring_system |
epss |
| scoring_elements |
0.02022 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00013 |
| scoring_system |
epss |
| scoring_elements |
0.01937 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.00013 |
| scoring_system |
epss |
| scoring_elements |
0.01935 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.00013 |
| scoring_system |
epss |
| scoring_elements |
0.01955 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.00013 |
| scoring_system |
epss |
| scoring_elements |
0.01959 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00013 |
| scoring_system |
epss |
| scoring_elements |
0.01991 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00013 |
| scoring_system |
epss |
| scoring_elements |
0.01974 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00013 |
| scoring_system |
epss |
| scoring_elements |
0.01975 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.00013 |
| scoring_system |
epss |
| scoring_elements |
0.02004 |
| published_at |
2026-04-26T12:55:00Z |
|
| 10 |
| value |
0.00013 |
| scoring_system |
epss |
| scoring_elements |
0.02008 |
| published_at |
2026-04-24T12:55:00Z |
|
| 11 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02653 |
| published_at |
2026-05-11T12:55:00Z |
|
| 12 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.0268 |
| published_at |
2026-05-14T12:55:00Z |
|
| 13 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02617 |
| published_at |
2026-05-07T12:55:00Z |
|
| 14 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02654 |
| published_at |
2026-05-12T12:55:00Z |
|
| 15 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.02947 |
| published_at |
2026-04-29T12:55:00Z |
|
| 16 |
| value |
0.00015 |
| scoring_system |
epss |
| scoring_elements |
0.02923 |
| published_at |
2026-05-05T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-59681 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@4.2.25 |
| purl |
pkg:pypi/django@4.2.25 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 5 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 6 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 7 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 8 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 9 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 10 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 11 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 12 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 13 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 14 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 15 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 16 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.25 |
|
| 1 |
|
| 2 |
|
| 3 |
| url |
pkg:pypi/django@5.2a1 |
| purl |
pkg:pypi/django@5.2a1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 1 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 6 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 7 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 8 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 9 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 10 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2a1 |
|
| 4 |
| url |
pkg:pypi/django@5.2.7 |
| purl |
pkg:pypi/django@5.2.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 5 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 6 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 7 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 8 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 9 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 10 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 11 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 12 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 13 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 14 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 15 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 16 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.7 |
|
| 5 |
|
|
| aliases |
CVE-2025-59681, GHSA-hpr9-3m2g-3j9p
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mux4-uv98-hbbw |
|
| 28 |
| url |
VCID-nda7-9219-6kce |
| vulnerability_id |
VCID-nda7-9219-6kce |
| summary |
Django vulnerable to Uncontrolled Resource Consumption
An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29.
`URLField.to_python()` in Django calls `urllib.parse.urlsplit()`, which performs NFKC normalization on Windows that is disproportionately slow for certain Unicode characters, allowing a remote attacker to cause denial of service via large URL inputs containing these characters.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Seokchan Yoon for reporting this issue. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-25673 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00211 |
| scoring_system |
epss |
| scoring_elements |
0.43562 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00229 |
| scoring_system |
epss |
| scoring_elements |
0.45584 |
| published_at |
2026-05-07T12:55:00Z |
|
| 2 |
| value |
0.00229 |
| scoring_system |
epss |
| scoring_elements |
0.45521 |
| published_at |
2026-05-05T12:55:00Z |
|
| 3 |
| value |
0.00229 |
| scoring_system |
epss |
| scoring_elements |
0.45626 |
| published_at |
2026-04-29T12:55:00Z |
|
| 4 |
| value |
0.00229 |
| scoring_system |
epss |
| scoring_elements |
0.45686 |
| published_at |
2026-04-26T12:55:00Z |
|
| 5 |
| value |
0.00229 |
| scoring_system |
epss |
| scoring_elements |
0.45676 |
| published_at |
2026-04-24T12:55:00Z |
|
| 6 |
| value |
0.00229 |
| scoring_system |
epss |
| scoring_elements |
0.45746 |
| published_at |
2026-04-21T12:55:00Z |
|
| 7 |
| value |
0.00229 |
| scoring_system |
epss |
| scoring_elements |
0.45799 |
| published_at |
2026-04-18T12:55:00Z |
|
| 8 |
| value |
0.00229 |
| scoring_system |
epss |
| scoring_elements |
0.45804 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.00229 |
| scoring_system |
epss |
| scoring_elements |
0.45754 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00229 |
| scoring_system |
epss |
| scoring_elements |
0.45745 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.00229 |
| scoring_system |
epss |
| scoring_elements |
0.45775 |
| published_at |
2026-04-11T12:55:00Z |
|
| 12 |
| value |
0.00229 |
| scoring_system |
epss |
| scoring_elements |
0.45753 |
| published_at |
2026-04-09T12:55:00Z |
|
| 13 |
| value |
0.00229 |
| scoring_system |
epss |
| scoring_elements |
0.45757 |
| published_at |
2026-04-08T12:55:00Z |
|
| 14 |
| value |
0.00229 |
| scoring_system |
epss |
| scoring_elements |
0.45751 |
| published_at |
2026-04-04T12:55:00Z |
|
| 15 |
| value |
0.00229 |
| scoring_system |
epss |
| scoring_elements |
0.457 |
| published_at |
2026-04-07T12:55:00Z |
|
| 16 |
| value |
0.00229 |
| scoring_system |
epss |
| scoring_elements |
0.45601 |
| published_at |
2026-05-09T12:55:00Z |
|
| 17 |
| value |
0.0024 |
| scoring_system |
epss |
| scoring_elements |
0.47054 |
| published_at |
2026-05-14T12:55:00Z |
|
| 18 |
| value |
0.0024 |
| scoring_system |
epss |
| scoring_elements |
0.46953 |
| published_at |
2026-05-11T12:55:00Z |
|
| 19 |
| value |
0.0024 |
| scoring_system |
epss |
| scoring_elements |
0.46984 |
| published_at |
2026-05-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-25673 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-25673, GHSA-8p8v-wh79-9r56
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nda7-9219-6kce |
|
| 29 |
| url |
VCID-q12d-kv8p-8ff7 |
| vulnerability_id |
VCID-q12d-kv8p-8ff7 |
| summary |
An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate() method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-39329 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37652 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37533 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37596 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37615 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37571 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37599 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37632 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37619 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37607 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37555 |
| published_at |
2026-04-07T12:55:00Z |
|
| 10 |
| value |
0.00165 |
| scoring_system |
epss |
| scoring_elements |
0.37676 |
| published_at |
2026-04-04T12:55:00Z |
|
| 11 |
| value |
0.00166 |
| scoring_system |
epss |
| scoring_elements |
0.37214 |
| published_at |
2026-05-14T12:55:00Z |
|
| 12 |
| value |
0.00166 |
| scoring_system |
epss |
| scoring_elements |
0.37137 |
| published_at |
2026-05-12T12:55:00Z |
|
| 13 |
| value |
0.00166 |
| scoring_system |
epss |
| scoring_elements |
0.37165 |
| published_at |
2026-05-11T12:55:00Z |
|
| 14 |
| value |
0.00166 |
| scoring_system |
epss |
| scoring_elements |
0.37245 |
| published_at |
2026-05-09T12:55:00Z |
|
| 15 |
| value |
0.00166 |
| scoring_system |
epss |
| scoring_elements |
0.37226 |
| published_at |
2026-05-07T12:55:00Z |
|
| 16 |
| value |
0.00166 |
| scoring_system |
epss |
| scoring_elements |
0.37158 |
| published_at |
2026-05-05T12:55:00Z |
|
| 17 |
| value |
0.00166 |
| scoring_system |
epss |
| scoring_elements |
0.37276 |
| published_at |
2026-04-29T12:55:00Z |
|
| 18 |
| value |
0.00166 |
| scoring_system |
epss |
| scoring_elements |
0.37365 |
| published_at |
2026-04-26T12:55:00Z |
|
| 19 |
| value |
0.00166 |
| scoring_system |
epss |
| scoring_elements |
0.37386 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-39329 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@4.2.14 |
| purl |
pkg:pypi/django@4.2.14 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-3sac-ah8j-pucd |
|
| 4 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 5 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 6 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 7 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 8 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 9 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 10 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 11 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 12 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 13 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 14 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 15 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 16 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 17 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 18 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 19 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 20 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 21 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 22 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 23 |
| vulnerability |
VCID-rmdp-bnjj-zuf2 |
|
| 24 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 25 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 26 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 27 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 28 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 29 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 30 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 31 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 32 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.14 |
|
| 1 |
| url |
pkg:pypi/django@5.0.7 |
| purl |
pkg:pypi/django@5.0.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3sac-ah8j-pucd |
|
| 1 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 6 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 7 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 8 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 9 |
| vulnerability |
VCID-p9fd-1qx2-8ubc |
|
| 10 |
| vulnerability |
VCID-rmdp-bnjj-zuf2 |
|
| 11 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 12 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 13 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 14 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 15 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.7 |
|
|
| aliases |
BIT-django-2024-39329, CVE-2024-39329, GHSA-x7q2-wr7g-xqmf, PYSEC-2024-57
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-q12d-kv8p-8ff7 |
|
| 30 |
| url |
VCID-rmdp-bnjj-zuf2 |
| vulnerability_id |
VCID-rmdp-bnjj-zuf2 |
| summary |
An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@4.2.17 |
| purl |
pkg:pypi/django@4.2.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 5 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 6 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 7 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 8 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 9 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 10 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 11 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 12 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 13 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 14 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 15 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 16 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 17 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 18 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 19 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 20 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 21 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 22 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 23 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.17 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@5.1.4 |
| purl |
pkg:pypi/django@5.1.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 1 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 2 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 3 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 4 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 5 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 6 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 7 |
| vulnerability |
VCID-p9fd-1qx2-8ubc |
|
| 8 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 9 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 10 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 11 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.4 |
|
|
| aliases |
PYSEC-2024-156
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rmdp-bnjj-zuf2 |
|
| 31 |
| url |
VCID-ssut-reka-r3f8 |
| vulnerability_id |
VCID-ssut-reka-r3f8 |
| summary |
|
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-33034 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00025 |
| scoring_system |
epss |
| scoring_elements |
0.0675 |
| published_at |
2026-04-09T12:55:00Z |
|
| 1 |
| value |
0.00025 |
| scoring_system |
epss |
| scoring_elements |
0.06717 |
| published_at |
2026-04-08T12:55:00Z |
|
| 2 |
| value |
0.00025 |
| scoring_system |
epss |
| scoring_elements |
0.06742 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00025 |
| scoring_system |
epss |
| scoring_elements |
0.06749 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00032 |
| scoring_system |
epss |
| scoring_elements |
0.09313 |
| published_at |
2026-04-21T12:55:00Z |
|
| 5 |
| value |
0.00032 |
| scoring_system |
epss |
| scoring_elements |
0.09166 |
| published_at |
2026-04-16T12:55:00Z |
|
| 6 |
| value |
0.00032 |
| scoring_system |
epss |
| scoring_elements |
0.09326 |
| published_at |
2026-04-13T12:55:00Z |
|
| 7 |
| value |
0.00032 |
| scoring_system |
epss |
| scoring_elements |
0.0916 |
| published_at |
2026-04-18T12:55:00Z |
|
| 8 |
| value |
0.00035 |
| scoring_system |
epss |
| scoring_elements |
0.10381 |
| published_at |
2026-05-11T12:55:00Z |
|
| 9 |
| value |
0.00035 |
| scoring_system |
epss |
| scoring_elements |
0.10481 |
| published_at |
2026-05-14T12:55:00Z |
|
| 10 |
| value |
0.00035 |
| scoring_system |
epss |
| scoring_elements |
0.10423 |
| published_at |
2026-05-12T12:55:00Z |
|
| 11 |
| value |
0.00035 |
| scoring_system |
epss |
| scoring_elements |
0.10404 |
| published_at |
2026-05-09T12:55:00Z |
|
| 12 |
| value |
0.00036 |
| scoring_system |
epss |
| scoring_elements |
0.10666 |
| published_at |
2026-05-05T12:55:00Z |
|
| 13 |
| value |
0.00036 |
| scoring_system |
epss |
| scoring_elements |
0.10801 |
| published_at |
2026-05-07T12:55:00Z |
|
| 14 |
| value |
0.00036 |
| scoring_system |
epss |
| scoring_elements |
0.10779 |
| published_at |
2026-04-24T12:55:00Z |
|
| 15 |
| value |
0.00036 |
| scoring_system |
epss |
| scoring_elements |
0.10762 |
| published_at |
2026-04-26T12:55:00Z |
|
| 16 |
| value |
0.00036 |
| scoring_system |
epss |
| scoring_elements |
0.10702 |
| published_at |
2026-04-29T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-33034 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-33034, GHSA-933h-hp56-hf7m
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ssut-reka-r3f8 |
|
| 32 |
| url |
VCID-u3zk-tff2-aua9 |
| vulnerability_id |
VCID-u3zk-tff2-aua9 |
| summary |
An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-39614 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.06838 |
| scoring_system |
epss |
| scoring_elements |
0.91339 |
| published_at |
2026-04-09T12:55:00Z |
|
| 1 |
| value |
0.06838 |
| scoring_system |
epss |
| scoring_elements |
0.91348 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.06838 |
| scoring_system |
epss |
| scoring_elements |
0.91349 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.06838 |
| scoring_system |
epss |
| scoring_elements |
0.91346 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.06838 |
| scoring_system |
epss |
| scoring_elements |
0.91334 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.06838 |
| scoring_system |
epss |
| scoring_elements |
0.91437 |
| published_at |
2026-05-14T12:55:00Z |
|
| 6 |
| value |
0.06838 |
| scoring_system |
epss |
| scoring_elements |
0.91428 |
| published_at |
2026-05-12T12:55:00Z |
|
| 7 |
| value |
0.06838 |
| scoring_system |
epss |
| scoring_elements |
0.91418 |
| published_at |
2026-05-11T12:55:00Z |
|
| 8 |
| value |
0.06838 |
| scoring_system |
epss |
| scoring_elements |
0.9142 |
| published_at |
2026-05-09T12:55:00Z |
|
| 9 |
| value |
0.06838 |
| scoring_system |
epss |
| scoring_elements |
0.91411 |
| published_at |
2026-05-07T12:55:00Z |
|
| 10 |
| value |
0.06838 |
| scoring_system |
epss |
| scoring_elements |
0.91395 |
| published_at |
2026-05-05T12:55:00Z |
|
| 11 |
| value |
0.06838 |
| scoring_system |
epss |
| scoring_elements |
0.91304 |
| published_at |
2026-04-02T12:55:00Z |
|
| 12 |
| value |
0.06838 |
| scoring_system |
epss |
| scoring_elements |
0.91314 |
| published_at |
2026-04-04T12:55:00Z |
|
| 13 |
| value |
0.06838 |
| scoring_system |
epss |
| scoring_elements |
0.91381 |
| published_at |
2026-04-29T12:55:00Z |
|
| 14 |
| value |
0.06838 |
| scoring_system |
epss |
| scoring_elements |
0.91382 |
| published_at |
2026-04-24T12:55:00Z |
|
| 15 |
| value |
0.06838 |
| scoring_system |
epss |
| scoring_elements |
0.91371 |
| published_at |
2026-04-18T12:55:00Z |
|
| 16 |
| value |
0.06838 |
| scoring_system |
epss |
| scoring_elements |
0.91321 |
| published_at |
2026-04-07T12:55:00Z |
|
| 17 |
| value |
0.06838 |
| scoring_system |
epss |
| scoring_elements |
0.91373 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-39614 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@4.2.14 |
| purl |
pkg:pypi/django@4.2.14 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-3sac-ah8j-pucd |
|
| 4 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 5 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 6 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 7 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 8 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 9 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 10 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 11 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 12 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 13 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 14 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 15 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 16 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 17 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 18 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 19 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 20 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 21 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 22 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 23 |
| vulnerability |
VCID-rmdp-bnjj-zuf2 |
|
| 24 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 25 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 26 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 27 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 28 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 29 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 30 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 31 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 32 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.14 |
|
| 1 |
| url |
pkg:pypi/django@5.0.7 |
| purl |
pkg:pypi/django@5.0.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3sac-ah8j-pucd |
|
| 1 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 6 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 7 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 8 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 9 |
| vulnerability |
VCID-p9fd-1qx2-8ubc |
|
| 10 |
| vulnerability |
VCID-rmdp-bnjj-zuf2 |
|
| 11 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 12 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 13 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 14 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 15 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.7 |
|
|
| aliases |
BIT-django-2024-39614, CVE-2024-39614, GHSA-f6f8-9mx6-9mx2, PYSEC-2024-59
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-u3zk-tff2-aua9 |
|
| 33 |
| url |
VCID-ukkt-wgau-t3et |
| vulnerability_id |
VCID-ukkt-wgau-t3et |
| summary |
Django is vulnerable to DoS via XML serializer text extraction
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27.
Algorithmic complexity in `django.core.serializers.xml_serializer.getInnerText()` allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML input processed by the XML `Deserializer`.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Seokchan Yoon for reporting this issue. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-64460 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00057 |
| scoring_system |
epss |
| scoring_elements |
0.17638 |
| published_at |
2026-05-09T12:55:00Z |
|
| 1 |
| value |
0.00057 |
| scoring_system |
epss |
| scoring_elements |
0.17602 |
| published_at |
2026-05-11T12:55:00Z |
|
| 2 |
| value |
0.00057 |
| scoring_system |
epss |
| scoring_elements |
0.17539 |
| published_at |
2026-05-07T12:55:00Z |
|
| 3 |
| value |
0.00057 |
| scoring_system |
epss |
| scoring_elements |
0.17447 |
| published_at |
2026-05-05T12:55:00Z |
|
| 4 |
| value |
0.00063 |
| scoring_system |
epss |
| scoring_elements |
0.19807 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00067 |
| scoring_system |
epss |
| scoring_elements |
0.20622 |
| published_at |
2026-05-12T12:55:00Z |
|
| 6 |
| value |
0.00067 |
| scoring_system |
epss |
| scoring_elements |
0.20704 |
| published_at |
2026-05-14T12:55:00Z |
|
| 7 |
| value |
0.00074 |
| scoring_system |
epss |
| scoring_elements |
0.225 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00074 |
| scoring_system |
epss |
| scoring_elements |
0.22288 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.00074 |
| scoring_system |
epss |
| scoring_elements |
0.2237 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.00074 |
| scoring_system |
epss |
| scoring_elements |
0.22425 |
| published_at |
2026-04-09T12:55:00Z |
|
| 11 |
| value |
0.00074 |
| scoring_system |
epss |
| scoring_elements |
0.22447 |
| published_at |
2026-04-11T12:55:00Z |
|
| 12 |
| value |
0.00074 |
| scoring_system |
epss |
| scoring_elements |
0.22405 |
| published_at |
2026-04-12T12:55:00Z |
|
| 13 |
| value |
0.00074 |
| scoring_system |
epss |
| scoring_elements |
0.22349 |
| published_at |
2026-04-13T12:55:00Z |
|
| 14 |
| value |
0.00074 |
| scoring_system |
epss |
| scoring_elements |
0.22365 |
| published_at |
2026-04-16T12:55:00Z |
|
| 15 |
| value |
0.00074 |
| scoring_system |
epss |
| scoring_elements |
0.2236 |
| published_at |
2026-04-18T12:55:00Z |
|
| 16 |
| value |
0.00074 |
| scoring_system |
epss |
| scoring_elements |
0.22308 |
| published_at |
2026-04-21T12:55:00Z |
|
| 17 |
| value |
0.00074 |
| scoring_system |
epss |
| scoring_elements |
0.22158 |
| published_at |
2026-04-24T12:55:00Z |
|
| 18 |
| value |
0.00074 |
| scoring_system |
epss |
| scoring_elements |
0.22147 |
| published_at |
2026-04-26T12:55:00Z |
|
| 19 |
| value |
0.00074 |
| scoring_system |
epss |
| scoring_elements |
0.2214 |
| published_at |
2026-04-29T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-64460 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
| reference_url |
https://groups.google.com/g/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
6.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:53:53Z/ |
|
|
| url |
https://groups.google.com/g/django-announce |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@4.2.27 |
| purl |
pkg:pypi/django@4.2.27 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 5 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 6 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 7 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 8 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 9 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 10 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 11 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 12 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.27 |
|
| 1 |
|
| 2 |
|
| 3 |
| url |
pkg:pypi/django@5.2.9 |
| purl |
pkg:pypi/django@5.2.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 5 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 6 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 7 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 8 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 9 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 10 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 11 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 12 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.9 |
|
| 4 |
|
|
| aliases |
CVE-2025-64460, GHSA-vrcr-9hj9-jcg6
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ukkt-wgau-t3et |
|
| 34 |
| url |
VCID-v1xr-z4zu-yfb4 |
| vulnerability_id |
VCID-v1xr-z4zu-yfb4 |
| summary |
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-41989 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01386 |
| scoring_system |
epss |
| scoring_elements |
0.80521 |
| published_at |
2026-05-14T12:55:00Z |
|
| 1 |
| value |
0.01386 |
| scoring_system |
epss |
| scoring_elements |
0.8048 |
| published_at |
2026-05-12T12:55:00Z |
|
| 2 |
| value |
0.01386 |
| scoring_system |
epss |
| scoring_elements |
0.80356 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.01386 |
| scoring_system |
epss |
| scoring_elements |
0.80327 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.01386 |
| scoring_system |
epss |
| scoring_elements |
0.80316 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.01386 |
| scoring_system |
epss |
| scoring_elements |
0.80288 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.01386 |
| scoring_system |
epss |
| scoring_elements |
0.803 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.01386 |
| scoring_system |
epss |
| scoring_elements |
0.80279 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.01386 |
| scoring_system |
epss |
| scoring_elements |
0.80463 |
| published_at |
2026-05-11T12:55:00Z |
|
| 9 |
| value |
0.01386 |
| scoring_system |
epss |
| scoring_elements |
0.80468 |
| published_at |
2026-05-09T12:55:00Z |
|
| 10 |
| value |
0.01386 |
| scoring_system |
epss |
| scoring_elements |
0.80449 |
| published_at |
2026-05-07T12:55:00Z |
|
| 11 |
| value |
0.01386 |
| scoring_system |
epss |
| scoring_elements |
0.80427 |
| published_at |
2026-05-05T12:55:00Z |
|
| 12 |
| value |
0.01386 |
| scoring_system |
epss |
| scoring_elements |
0.80411 |
| published_at |
2026-04-29T12:55:00Z |
|
| 13 |
| value |
0.01386 |
| scoring_system |
epss |
| scoring_elements |
0.80394 |
| published_at |
2026-04-26T12:55:00Z |
|
| 14 |
| value |
0.01386 |
| scoring_system |
epss |
| scoring_elements |
0.80387 |
| published_at |
2026-04-24T12:55:00Z |
|
| 15 |
| value |
0.01386 |
| scoring_system |
epss |
| scoring_elements |
0.80361 |
| published_at |
2026-04-21T12:55:00Z |
|
| 16 |
| value |
0.01386 |
| scoring_system |
epss |
| scoring_elements |
0.80354 |
| published_at |
2026-04-16T12:55:00Z |
|
| 17 |
| value |
0.01386 |
| scoring_system |
epss |
| scoring_elements |
0.80324 |
| published_at |
2026-04-13T12:55:00Z |
|
| 18 |
| value |
0.01386 |
| scoring_system |
epss |
| scoring_elements |
0.80331 |
| published_at |
2026-04-12T12:55:00Z |
|
| 19 |
| value |
0.01386 |
| scoring_system |
epss |
| scoring_elements |
0.80346 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-41989 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
| reference_url |
https://groups.google.com/forum/#%21forum/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 2 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T19:34:43Z/ |
|
|
| url |
https://groups.google.com/forum/#%21forum/django-announce |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@4.2.15 |
| purl |
pkg:pypi/django@4.2.15 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-3sac-ah8j-pucd |
|
| 4 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 5 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 8 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 9 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 10 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 11 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 12 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 13 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 14 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 15 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 16 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 17 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 18 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 19 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 20 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 21 |
| vulnerability |
VCID-rmdp-bnjj-zuf2 |
|
| 22 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 23 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 24 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 25 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 26 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 27 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 28 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.15 |
|
| 1 |
| url |
pkg:pypi/django@5.0.8 |
| purl |
pkg:pypi/django@5.0.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3sac-ah8j-pucd |
|
| 1 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 2 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 3 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 4 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 5 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 6 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 7 |
| vulnerability |
VCID-p9fd-1qx2-8ubc |
|
| 8 |
| vulnerability |
VCID-rmdp-bnjj-zuf2 |
|
| 9 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 10 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 11 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.8 |
|
|
| aliases |
BIT-django-2024-41989, CVE-2024-41989, GHSA-jh75-99hh-qvx9, PYSEC-2024-67
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-v1xr-z4zu-yfb4 |
|
| 35 |
| url |
VCID-vwt9-q3dt-vbfg |
| vulnerability_id |
VCID-vwt9-q3dt-vbfg |
| summary |
Django is vulnerable to SQL injection in column aliases
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27.
`FilteredRelation` is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the `**kwargs` passed to `QuerySet.annotate()` or `QuerySet.alias()` on PostgreSQL.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Stackered for reporting this issue. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-13372 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01203 |
| published_at |
2026-04-09T12:55:00Z |
|
| 1 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.0126 |
| published_at |
2026-04-29T12:55:00Z |
|
| 2 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01266 |
| published_at |
2026-04-26T12:55:00Z |
|
| 3 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01259 |
| published_at |
2026-04-24T12:55:00Z |
|
| 4 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01254 |
| published_at |
2026-04-21T12:55:00Z |
|
| 5 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01185 |
| published_at |
2026-04-18T12:55:00Z |
|
| 6 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01173 |
| published_at |
2026-04-16T12:55:00Z |
|
| 7 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01184 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01181 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01188 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01182 |
| published_at |
2026-04-04T12:55:00Z |
|
| 11 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01194 |
| published_at |
2026-04-07T12:55:00Z |
|
| 12 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01201 |
| published_at |
2026-04-08T12:55:00Z |
|
| 13 |
| value |
5e-05 |
| scoring_system |
epss |
| scoring_elements |
0.00225 |
| published_at |
2026-05-05T12:55:00Z |
|
| 14 |
| value |
5e-05 |
| scoring_system |
epss |
| scoring_elements |
0.00224 |
| published_at |
2026-05-09T12:55:00Z |
|
| 15 |
| value |
5e-05 |
| scoring_system |
epss |
| scoring_elements |
0.00221 |
| published_at |
2026-05-11T12:55:00Z |
|
| 16 |
| value |
6e-05 |
| scoring_system |
epss |
| scoring_elements |
0.00295 |
| published_at |
2026-05-12T12:55:00Z |
|
| 17 |
| value |
6e-05 |
| scoring_system |
epss |
| scoring_elements |
0.00299 |
| published_at |
2026-05-14T12:55:00Z |
|
| 18 |
| value |
9e-05 |
| scoring_system |
epss |
| scoring_elements |
0.00835 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-13372 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@4.2.27 |
| purl |
pkg:pypi/django@4.2.27 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 5 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 6 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 7 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 8 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 9 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 10 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 11 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 12 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.27 |
|
| 1 |
|
| 2 |
|
| 3 |
| url |
pkg:pypi/django@5.2.9 |
| purl |
pkg:pypi/django@5.2.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 5 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 6 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 7 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 8 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 9 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 10 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 11 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 12 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.9 |
|
| 4 |
|
|
| aliases |
CVE-2025-13372, GHSA-rqw2-ghq9-44m7
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vwt9-q3dt-vbfg |
|
| 36 |
| url |
VCID-w4pr-k5nj-ckgy |
| vulnerability_id |
VCID-w4pr-k5nj-ckgy |
| summary |
Django is subject to SQL injection through its column aliases
An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed QuerySet.annotate() or QuerySet.alias(). |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-57833 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05706 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.0579 |
| published_at |
2026-05-05T12:55:00Z |
|
| 2 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05784 |
| published_at |
2026-04-29T12:55:00Z |
|
| 3 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05777 |
| published_at |
2026-04-26T12:55:00Z |
|
| 4 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.0574 |
| published_at |
2026-04-24T12:55:00Z |
|
| 5 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05549 |
| published_at |
2026-04-18T12:55:00Z |
|
| 6 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05535 |
| published_at |
2026-04-16T12:55:00Z |
|
| 7 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05586 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05593 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05603 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05631 |
| published_at |
2026-04-09T12:55:00Z |
|
| 11 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05867 |
| published_at |
2026-05-07T12:55:00Z |
|
| 12 |
| value |
0.00022 |
| scoring_system |
epss |
| scoring_elements |
0.05798 |
| published_at |
2026-04-02T12:55:00Z |
|
| 13 |
| value |
0.00022 |
| scoring_system |
epss |
| scoring_elements |
0.05868 |
| published_at |
2026-04-08T12:55:00Z |
|
| 14 |
| value |
0.00022 |
| scoring_system |
epss |
| scoring_elements |
0.05828 |
| published_at |
2026-04-07T12:55:00Z |
|
| 15 |
| value |
0.00022 |
| scoring_system |
epss |
| scoring_elements |
0.05834 |
| published_at |
2026-04-04T12:55:00Z |
|
| 16 |
| value |
0.00023 |
| scoring_system |
epss |
| scoring_elements |
0.06544 |
| published_at |
2026-05-14T12:55:00Z |
|
| 17 |
| value |
0.00023 |
| scoring_system |
epss |
| scoring_elements |
0.06527 |
| published_at |
2026-05-12T12:55:00Z |
|
| 18 |
| value |
0.00023 |
| scoring_system |
epss |
| scoring_elements |
0.06514 |
| published_at |
2026-05-11T12:55:00Z |
|
| 19 |
| value |
0.00023 |
| scoring_system |
epss |
| scoring_elements |
0.06504 |
| published_at |
2026-05-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-57833 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@4.2.24 |
| purl |
pkg:pypi/django@4.2.24 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 5 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 6 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 7 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 8 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 9 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 10 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 11 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 12 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 13 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 14 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 15 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 16 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 17 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 18 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.24 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@5.2.6 |
| purl |
pkg:pypi/django@5.2.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 5 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 6 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 7 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 8 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 9 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 10 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 11 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 12 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 13 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 14 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 15 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 16 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 17 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 18 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.6 |
|
|
| aliases |
CVE-2025-57833, GHSA-6w2r-r2m5-xq5w
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w4pr-k5nj-ckgy |
|
| 37 |
| url |
VCID-wwa5-mhgu-9khz |
| vulnerability_id |
VCID-wwa5-mhgu-9khz |
| summary |
Django denial-of-service in django.utils.html.strip_tags()
An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-53907 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01038 |
| scoring_system |
epss |
| scoring_elements |
0.77608 |
| published_at |
2026-05-14T12:55:00Z |
|
| 1 |
| value |
0.01038 |
| scoring_system |
epss |
| scoring_elements |
0.7756 |
| published_at |
2026-05-12T12:55:00Z |
|
| 2 |
| value |
0.01038 |
| scoring_system |
epss |
| scoring_elements |
0.77541 |
| published_at |
2026-05-11T12:55:00Z |
|
| 3 |
| value |
0.01038 |
| scoring_system |
epss |
| scoring_elements |
0.77553 |
| published_at |
2026-05-09T12:55:00Z |
|
| 4 |
| value |
0.01038 |
| scoring_system |
epss |
| scoring_elements |
0.77364 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.01038 |
| scoring_system |
epss |
| scoring_elements |
0.77371 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.01038 |
| scoring_system |
epss |
| scoring_elements |
0.7739 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.01038 |
| scoring_system |
epss |
| scoring_elements |
0.7753 |
| published_at |
2026-05-07T12:55:00Z |
|
| 8 |
| value |
0.01038 |
| scoring_system |
epss |
| scoring_elements |
0.77503 |
| published_at |
2026-05-05T12:55:00Z |
|
| 9 |
| value |
0.01038 |
| scoring_system |
epss |
| scoring_elements |
0.77496 |
| published_at |
2026-04-29T12:55:00Z |
|
| 10 |
| value |
0.01038 |
| scoring_system |
epss |
| scoring_elements |
0.77483 |
| published_at |
2026-04-26T12:55:00Z |
|
| 11 |
| value |
0.01038 |
| scoring_system |
epss |
| scoring_elements |
0.77477 |
| published_at |
2026-04-24T12:55:00Z |
|
| 12 |
| value |
0.01038 |
| scoring_system |
epss |
| scoring_elements |
0.77442 |
| published_at |
2026-04-21T12:55:00Z |
|
| 13 |
| value |
0.01038 |
| scoring_system |
epss |
| scoring_elements |
0.7745 |
| published_at |
2026-04-18T12:55:00Z |
|
| 14 |
| value |
0.01038 |
| scoring_system |
epss |
| scoring_elements |
0.77452 |
| published_at |
2026-04-16T12:55:00Z |
|
| 15 |
| value |
0.01038 |
| scoring_system |
epss |
| scoring_elements |
0.77412 |
| published_at |
2026-04-13T12:55:00Z |
|
| 16 |
| value |
0.01038 |
| scoring_system |
epss |
| scoring_elements |
0.77416 |
| published_at |
2026-04-12T12:55:00Z |
|
| 17 |
| value |
0.01038 |
| scoring_system |
epss |
| scoring_elements |
0.77436 |
| published_at |
2026-04-11T12:55:00Z |
|
| 18 |
| value |
0.01038 |
| scoring_system |
epss |
| scoring_elements |
0.7741 |
| published_at |
2026-04-09T12:55:00Z |
|
| 19 |
| value |
0.01038 |
| scoring_system |
epss |
| scoring_elements |
0.774 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-53907 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
6.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 28 |
|
| 29 |
| reference_url |
https://groups.google.com/g/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
6.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T16:22:53Z/ |
|
|
| url |
https://groups.google.com/g/django-announce |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@4.2.17 |
| purl |
pkg:pypi/django@4.2.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 5 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 6 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 7 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 8 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 9 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 10 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 11 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 12 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 13 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 14 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 15 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 16 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 17 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 18 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 19 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 20 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 21 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 22 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 23 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.17 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@5.1.4 |
| purl |
pkg:pypi/django@5.1.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 1 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 2 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 3 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 4 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 5 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 6 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 7 |
| vulnerability |
VCID-p9fd-1qx2-8ubc |
|
| 8 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 9 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 10 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 11 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.4 |
|
|
| aliases |
CVE-2024-53907, GHSA-8498-2h75-472j
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wwa5-mhgu-9khz |
|
| 38 |
| url |
VCID-wz1q-1tjp-4qhw |
| vulnerability_id |
VCID-wz1q-1tjp-4qhw |
| summary |
In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-36053 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.09595 |
| scoring_system |
epss |
| scoring_elements |
0.92959 |
| published_at |
2026-05-14T12:55:00Z |
|
| 1 |
| value |
0.09595 |
| scoring_system |
epss |
| scoring_elements |
0.92936 |
| published_at |
2026-05-12T12:55:00Z |
|
| 2 |
| value |
0.09595 |
| scoring_system |
epss |
| scoring_elements |
0.92891 |
| published_at |
2026-04-21T12:55:00Z |
|
| 3 |
| value |
0.09595 |
| scoring_system |
epss |
| scoring_elements |
0.92928 |
| published_at |
2026-05-11T12:55:00Z |
|
| 4 |
| value |
0.09595 |
| scoring_system |
epss |
| scoring_elements |
0.92925 |
| published_at |
2026-05-09T12:55:00Z |
|
| 5 |
| value |
0.09595 |
| scoring_system |
epss |
| scoring_elements |
0.92886 |
| published_at |
2026-04-18T12:55:00Z |
|
| 6 |
| value |
0.09595 |
| scoring_system |
epss |
| scoring_elements |
0.92884 |
| published_at |
2026-04-16T12:55:00Z |
|
| 7 |
| value |
0.09595 |
| scoring_system |
epss |
| scoring_elements |
0.92875 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.09595 |
| scoring_system |
epss |
| scoring_elements |
0.9287 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.09595 |
| scoring_system |
epss |
| scoring_elements |
0.92866 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.09595 |
| scoring_system |
epss |
| scoring_elements |
0.92857 |
| published_at |
2026-04-07T12:55:00Z |
|
| 11 |
| value |
0.09595 |
| scoring_system |
epss |
| scoring_elements |
0.92859 |
| published_at |
2026-04-04T12:55:00Z |
|
| 12 |
| value |
0.09595 |
| scoring_system |
epss |
| scoring_elements |
0.92856 |
| published_at |
2026-04-02T12:55:00Z |
|
| 13 |
| value |
0.0983 |
| scoring_system |
epss |
| scoring_elements |
0.93 |
| published_at |
2026-04-24T12:55:00Z |
|
| 14 |
| value |
0.0983 |
| scoring_system |
epss |
| scoring_elements |
0.93018 |
| published_at |
2026-05-07T12:55:00Z |
|
| 15 |
| value |
0.0983 |
| scoring_system |
epss |
| scoring_elements |
0.93002 |
| published_at |
2026-05-05T12:55:00Z |
|
| 16 |
| value |
0.0983 |
| scoring_system |
epss |
| scoring_elements |
0.92996 |
| published_at |
2026-04-29T12:55:00Z |
|
| 17 |
| value |
0.0983 |
| scoring_system |
epss |
| scoring_elements |
0.93001 |
| published_at |
2026-04-26T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-36053 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
| reference_url |
https://www.debian.org/security/2023/dsa-5465 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:03:28Z/ |
|
|
| url |
https://www.debian.org/security/2023/dsa-5465 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@4.2.3 |
| purl |
pkg:pypi/django@4.2.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-3sac-ah8j-pucd |
|
| 4 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 5 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 6 |
| vulnerability |
VCID-78r4-85ms-63hm |
|
| 7 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 8 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 9 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 10 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 11 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 12 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 13 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 14 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 15 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 16 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 17 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 18 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 19 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 20 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 21 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 22 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 23 |
| vulnerability |
VCID-jzae-1awh-k7cm |
|
| 24 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 25 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 26 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 27 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 28 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 29 |
| vulnerability |
VCID-q12d-kv8p-8ff7 |
|
| 30 |
| vulnerability |
VCID-rmdp-bnjj-zuf2 |
|
| 31 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 32 |
| vulnerability |
VCID-u3zk-tff2-aua9 |
|
| 33 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 34 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 35 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 36 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 37 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 38 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 39 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 40 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
| 41 |
| vulnerability |
VCID-z27q-zfpz-ckby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.3 |
|
|
| aliases |
BIT-django-2023-36053, CVE-2023-36053, GHSA-jh3w-4vvf-mjgr, PYSEC-2023-100
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wz1q-1tjp-4qhw |
|
| 39 |
| url |
VCID-xgv1-s2ek-q3dp |
| vulnerability_id |
VCID-xgv1-s2ek-q3dp |
| summary |
An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap() method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-26699 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00287 |
| scoring_system |
epss |
| scoring_elements |
0.52205 |
| published_at |
2026-05-14T12:55:00Z |
|
| 1 |
| value |
0.00287 |
| scoring_system |
epss |
| scoring_elements |
0.52125 |
| published_at |
2026-05-12T12:55:00Z |
|
| 2 |
| value |
0.00287 |
| scoring_system |
epss |
| scoring_elements |
0.521 |
| published_at |
2026-05-11T12:55:00Z |
|
| 3 |
| value |
0.00287 |
| scoring_system |
epss |
| scoring_elements |
0.5214 |
| published_at |
2026-05-09T12:55:00Z |
|
| 4 |
| value |
0.00287 |
| scoring_system |
epss |
| scoring_elements |
0.52098 |
| published_at |
2026-05-07T12:55:00Z |
|
| 5 |
| value |
0.00287 |
| scoring_system |
epss |
| scoring_elements |
0.52047 |
| published_at |
2026-05-05T12:55:00Z |
|
| 6 |
| value |
0.00287 |
| scoring_system |
epss |
| scoring_elements |
0.52102 |
| published_at |
2026-04-29T12:55:00Z |
|
| 7 |
| value |
0.00287 |
| scoring_system |
epss |
| scoring_elements |
0.52138 |
| published_at |
2026-04-26T12:55:00Z |
|
| 8 |
| value |
0.00287 |
| scoring_system |
epss |
| scoring_elements |
0.52132 |
| published_at |
2026-04-24T12:55:00Z |
|
| 9 |
| value |
0.00287 |
| scoring_system |
epss |
| scoring_elements |
0.52185 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.00287 |
| scoring_system |
epss |
| scoring_elements |
0.52199 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00287 |
| scoring_system |
epss |
| scoring_elements |
0.52203 |
| published_at |
2026-04-18T12:55:00Z |
|
| 12 |
| value |
0.01596 |
| scoring_system |
epss |
| scoring_elements |
0.81643 |
| published_at |
2026-04-07T12:55:00Z |
|
| 13 |
| value |
0.01596 |
| scoring_system |
epss |
| scoring_elements |
0.81676 |
| published_at |
2026-04-13T12:55:00Z |
|
| 14 |
| value |
0.01596 |
| scoring_system |
epss |
| scoring_elements |
0.81682 |
| published_at |
2026-04-12T12:55:00Z |
|
| 15 |
| value |
0.01596 |
| scoring_system |
epss |
| scoring_elements |
0.81646 |
| published_at |
2026-04-04T12:55:00Z |
|
| 16 |
| value |
0.01596 |
| scoring_system |
epss |
| scoring_elements |
0.81695 |
| published_at |
2026-04-11T12:55:00Z |
|
| 17 |
| value |
0.01596 |
| scoring_system |
epss |
| scoring_elements |
0.81624 |
| published_at |
2026-04-02T12:55:00Z |
|
| 18 |
| value |
0.01596 |
| scoring_system |
epss |
| scoring_elements |
0.81675 |
| published_at |
2026-04-09T12:55:00Z |
|
| 19 |
| value |
0.01596 |
| scoring_system |
epss |
| scoring_elements |
0.8167 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-26699 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
| reference_url |
https://groups.google.com/g/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L |
|
| 1 |
| value |
5.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T20:30:28Z/ |
|
|
| url |
https://groups.google.com/g/django-announce |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@4.2.20 |
| purl |
pkg:pypi/django@4.2.20 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 4 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 5 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 6 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 7 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 8 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 9 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 10 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 11 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 12 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 13 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 14 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 15 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 16 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 17 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 18 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 19 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 20 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 21 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.20 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| url |
pkg:pypi/django@5.1.7 |
| purl |
pkg:pypi/django@5.1.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 1 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 2 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 3 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 4 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 5 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 6 |
| vulnerability |
VCID-p9fd-1qx2-8ubc |
|
| 7 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 8 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 9 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.7 |
|
| 5 |
| url |
pkg:pypi/django@5.2a1 |
| purl |
pkg:pypi/django@5.2a1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 1 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 6 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 7 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 8 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 9 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 10 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2a1 |
|
|
| aliases |
BIT-django-2025-26699, CVE-2025-26699, GHSA-p3fp-8748-vqfq, PYSEC-2025-13
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xgv1-s2ek-q3dp |
|
| 40 |
| url |
VCID-xhpa-mffz-syfy |
| vulnerability_id |
VCID-xhpa-mffz-syfy |
| summary |
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-41990 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01326 |
| scoring_system |
epss |
| scoring_elements |
0.80103 |
| published_at |
2026-05-14T12:55:00Z |
|
| 1 |
| value |
0.01326 |
| scoring_system |
epss |
| scoring_elements |
0.80062 |
| published_at |
2026-05-12T12:55:00Z |
|
| 2 |
| value |
0.01326 |
| scoring_system |
epss |
| scoring_elements |
0.79949 |
| published_at |
2026-04-21T12:55:00Z |
|
| 3 |
| value |
0.01326 |
| scoring_system |
epss |
| scoring_elements |
0.79917 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.01326 |
| scoring_system |
epss |
| scoring_elements |
0.79925 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.01326 |
| scoring_system |
epss |
| scoring_elements |
0.79941 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.01326 |
| scoring_system |
epss |
| scoring_elements |
0.79921 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.01326 |
| scoring_system |
epss |
| scoring_elements |
0.79912 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.01326 |
| scoring_system |
epss |
| scoring_elements |
0.79884 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.01326 |
| scoring_system |
epss |
| scoring_elements |
0.79896 |
| published_at |
2026-04-04T12:55:00Z |
|
| 10 |
| value |
0.01326 |
| scoring_system |
epss |
| scoring_elements |
0.79875 |
| published_at |
2026-04-02T12:55:00Z |
|
| 11 |
| value |
0.01326 |
| scoring_system |
epss |
| scoring_elements |
0.80046 |
| published_at |
2026-05-11T12:55:00Z |
|
| 12 |
| value |
0.01326 |
| scoring_system |
epss |
| scoring_elements |
0.80049 |
| published_at |
2026-05-09T12:55:00Z |
|
| 13 |
| value |
0.01326 |
| scoring_system |
epss |
| scoring_elements |
0.80035 |
| published_at |
2026-05-07T12:55:00Z |
|
| 14 |
| value |
0.01326 |
| scoring_system |
epss |
| scoring_elements |
0.80012 |
| published_at |
2026-05-05T12:55:00Z |
|
| 15 |
| value |
0.01326 |
| scoring_system |
epss |
| scoring_elements |
0.8 |
| published_at |
2026-04-29T12:55:00Z |
|
| 16 |
| value |
0.01326 |
| scoring_system |
epss |
| scoring_elements |
0.79983 |
| published_at |
2026-04-26T12:55:00Z |
|
| 17 |
| value |
0.01326 |
| scoring_system |
epss |
| scoring_elements |
0.79978 |
| published_at |
2026-04-24T12:55:00Z |
|
| 18 |
| value |
0.01326 |
| scoring_system |
epss |
| scoring_elements |
0.79946 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-41990 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
| reference_url |
https://groups.google.com/forum/#%21forum/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 2 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-07T15:20:51Z/ |
|
|
| url |
https://groups.google.com/forum/#%21forum/django-announce |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@4.2.15 |
| purl |
pkg:pypi/django@4.2.15 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-3sac-ah8j-pucd |
|
| 4 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 5 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 8 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 9 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 10 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 11 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 12 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 13 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 14 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 15 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 16 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 17 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 18 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 19 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 20 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 21 |
| vulnerability |
VCID-rmdp-bnjj-zuf2 |
|
| 22 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 23 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 24 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 25 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 26 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 27 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 28 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.15 |
|
| 1 |
| url |
pkg:pypi/django@5.0.8 |
| purl |
pkg:pypi/django@5.0.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3sac-ah8j-pucd |
|
| 1 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 2 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 3 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 4 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 5 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 6 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 7 |
| vulnerability |
VCID-p9fd-1qx2-8ubc |
|
| 8 |
| vulnerability |
VCID-rmdp-bnjj-zuf2 |
|
| 9 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 10 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 11 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.8 |
|
|
| aliases |
BIT-django-2024-41990, CVE-2024-41990, GHSA-795c-9xpc-xw6g, PYSEC-2024-68
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xhpa-mffz-syfy |
|
| 41 |
| url |
VCID-ysyp-h7ja-yff3 |
| vulnerability_id |
VCID-ysyp-h7ja-yff3 |
| summary |
Django has an SQL Injection issue
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.
Raster lookups on ``RasterField`` (only implemented on PostGIS) allows remote attackers to inject SQL via the band index parameter. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Tarek Nakkouch for reporting this issue. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-1207 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.03841 |
| scoring_system |
epss |
| scoring_elements |
0.88146 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.03841 |
| scoring_system |
epss |
| scoring_elements |
0.88188 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.03841 |
| scoring_system |
epss |
| scoring_elements |
0.88178 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.03841 |
| scoring_system |
epss |
| scoring_elements |
0.88172 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.03841 |
| scoring_system |
epss |
| scoring_elements |
0.88153 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.04424 |
| scoring_system |
epss |
| scoring_elements |
0.8907 |
| published_at |
2026-04-29T12:55:00Z |
|
| 6 |
| value |
0.04424 |
| scoring_system |
epss |
| scoring_elements |
0.89037 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.04424 |
| scoring_system |
epss |
| scoring_elements |
0.89035 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.04424 |
| scoring_system |
epss |
| scoring_elements |
0.89068 |
| published_at |
2026-04-26T12:55:00Z |
|
| 9 |
| value |
0.04424 |
| scoring_system |
epss |
| scoring_elements |
0.89061 |
| published_at |
2026-04-24T12:55:00Z |
|
| 10 |
| value |
0.04424 |
| scoring_system |
epss |
| scoring_elements |
0.89043 |
| published_at |
2026-04-21T12:55:00Z |
|
| 11 |
| value |
0.04424 |
| scoring_system |
epss |
| scoring_elements |
0.89048 |
| published_at |
2026-04-18T12:55:00Z |
|
| 12 |
| value |
0.05126 |
| scoring_system |
epss |
| scoring_elements |
0.8982 |
| published_at |
2026-04-02T12:55:00Z |
|
| 13 |
| value |
0.05295 |
| scoring_system |
epss |
| scoring_elements |
0.90088 |
| published_at |
2026-05-09T12:55:00Z |
|
| 14 |
| value |
0.05295 |
| scoring_system |
epss |
| scoring_elements |
0.90061 |
| published_at |
2026-05-05T12:55:00Z |
|
| 15 |
| value |
0.05295 |
| scoring_system |
epss |
| scoring_elements |
0.90107 |
| published_at |
2026-05-14T12:55:00Z |
|
| 16 |
| value |
0.05295 |
| scoring_system |
epss |
| scoring_elements |
0.90093 |
| published_at |
2026-05-12T12:55:00Z |
|
| 17 |
| value |
0.05295 |
| scoring_system |
epss |
| scoring_elements |
0.90076 |
| published_at |
2026-05-07T12:55:00Z |
|
| 18 |
| value |
0.05295 |
| scoring_system |
epss |
| scoring_elements |
0.90084 |
| published_at |
2026-05-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-1207 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://groups.google.com/g/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
|
| 1 |
| value |
8.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:21:06Z/ |
|
|
| url |
https://groups.google.com/g/django-announce |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-1207, GHSA-mwm9-4648-f68q
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ysyp-h7ja-yff3 |
|
| 42 |
| url |
VCID-z27q-zfpz-ckby |
| vulnerability_id |
VCID-z27q-zfpz-ckby |
| summary |
An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations from the parent class, potentially allow directory traversal via certain inputs during a save() call. (Built-in Storage sub-classes are unaffected.) |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-39330 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00186 |
| scoring_system |
epss |
| scoring_elements |
0.40108 |
| published_at |
2026-05-14T12:55:00Z |
|
| 1 |
| value |
0.00186 |
| scoring_system |
epss |
| scoring_elements |
0.40041 |
| published_at |
2026-05-12T12:55:00Z |
|
| 2 |
| value |
0.00186 |
| scoring_system |
epss |
| scoring_elements |
0.40017 |
| published_at |
2026-05-11T12:55:00Z |
|
| 3 |
| value |
0.00186 |
| scoring_system |
epss |
| scoring_elements |
0.40113 |
| published_at |
2026-05-09T12:55:00Z |
|
| 4 |
| value |
0.00186 |
| scoring_system |
epss |
| scoring_elements |
0.40096 |
| published_at |
2026-05-07T12:55:00Z |
|
| 5 |
| value |
0.00186 |
| scoring_system |
epss |
| scoring_elements |
0.40028 |
| published_at |
2026-05-05T12:55:00Z |
|
| 6 |
| value |
0.00186 |
| scoring_system |
epss |
| scoring_elements |
0.40168 |
| published_at |
2026-04-29T12:55:00Z |
|
| 7 |
| value |
0.00186 |
| scoring_system |
epss |
| scoring_elements |
0.40248 |
| published_at |
2026-04-26T12:55:00Z |
|
| 8 |
| value |
0.00186 |
| scoring_system |
epss |
| scoring_elements |
0.40261 |
| published_at |
2026-04-24T12:55:00Z |
|
| 9 |
| value |
0.00186 |
| scoring_system |
epss |
| scoring_elements |
0.4037 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.00186 |
| scoring_system |
epss |
| scoring_elements |
0.40445 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00186 |
| scoring_system |
epss |
| scoring_elements |
0.40454 |
| published_at |
2026-04-08T12:55:00Z |
|
| 12 |
| value |
0.00186 |
| scoring_system |
epss |
| scoring_elements |
0.40402 |
| published_at |
2026-04-07T12:55:00Z |
|
| 13 |
| value |
0.00186 |
| scoring_system |
epss |
| scoring_elements |
0.4048 |
| published_at |
2026-04-04T12:55:00Z |
|
| 14 |
| value |
0.00186 |
| scoring_system |
epss |
| scoring_elements |
0.40476 |
| published_at |
2026-04-16T12:55:00Z |
|
| 15 |
| value |
0.00186 |
| scoring_system |
epss |
| scoring_elements |
0.40429 |
| published_at |
2026-04-13T12:55:00Z |
|
| 16 |
| value |
0.00186 |
| scoring_system |
epss |
| scoring_elements |
0.40448 |
| published_at |
2026-04-12T12:55:00Z |
|
| 17 |
| value |
0.00186 |
| scoring_system |
epss |
| scoring_elements |
0.40486 |
| published_at |
2026-04-11T12:55:00Z |
|
| 18 |
| value |
0.00186 |
| scoring_system |
epss |
| scoring_elements |
0.40465 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-39330 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
| reference_url |
https://groups.google.com/forum/#%21forum/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 2 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-10T13:59:56Z/ |
|
|
| url |
https://groups.google.com/forum/#%21forum/django-announce |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@4.2.14 |
| purl |
pkg:pypi/django@4.2.14 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1adz-zw3h-pqek |
|
| 1 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 2 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 3 |
| vulnerability |
VCID-3sac-ah8j-pucd |
|
| 4 |
| vulnerability |
VCID-46pv-pzsu-jucd |
|
| 5 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 6 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 7 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 8 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 9 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 10 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 11 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 12 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 13 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 14 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 15 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 16 |
| vulnerability |
VCID-ff2a-at5f-2qa8 |
|
| 17 |
| vulnerability |
VCID-gfym-spzk-w7gk |
|
| 18 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 19 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 20 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 21 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 22 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 23 |
| vulnerability |
VCID-rmdp-bnjj-zuf2 |
|
| 24 |
| vulnerability |
VCID-ssut-reka-r3f8 |
|
| 25 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 26 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 27 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 28 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 29 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 30 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 31 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
| 32 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.14 |
|
| 1 |
| url |
pkg:pypi/django@5.0.7 |
| purl |
pkg:pypi/django@5.0.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3sac-ah8j-pucd |
|
| 1 |
| vulnerability |
VCID-7tph-k8q2-bue2 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 6 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 7 |
| vulnerability |
VCID-m91a-6235-nye9 |
|
| 8 |
| vulnerability |
VCID-mga4-an1w-qqf9 |
|
| 9 |
| vulnerability |
VCID-p9fd-1qx2-8ubc |
|
| 10 |
| vulnerability |
VCID-rmdp-bnjj-zuf2 |
|
| 11 |
| vulnerability |
VCID-v1xr-z4zu-yfb4 |
|
| 12 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 13 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 14 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 15 |
| vulnerability |
VCID-xhpa-mffz-syfy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.7 |
|
|
| aliases |
BIT-django-2024-39330, CVE-2024-39330, GHSA-9jmf-237g-qf46, PYSEC-2024-58
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-z27q-zfpz-ckby |
|
|
|---|