{"url":"http://public2.vulnerablecode.io/api/packages/3855?format=json","purl":"pkg:pypi/django@1.8rc1","type":"pypi","namespace":"","name":"django","version":"1.8rc1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.2.29","latest_non_vulnerable_version":"6.0.4","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5499?format=json","vulnerability_id":"VCID-325d-7dfk-sqd2","summary":"The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0502.html","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0502.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0504.html","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0504.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0505.html","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0505.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0506.html","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0506.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2513.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2513.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2513","reference_id":"","reference_type":"","scores":[{"value":"0.0125","scoring_system":"epss","scoring_elements":"0.79331","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0125","scoring_system":"epss","scoring_elements":"0.79333","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0125","scoring_system":"epss","scoring_elements":"0.79324","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0125","scoring_system":"epss","scoring_elements":"0.79298","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0125","scoring_system":"epss","scoring_elements":"0.79312","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0125","scoring_system":"epss","scoring_elements":"0.79288","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0125","scoring_system":"epss","scoring_elements":"0.79282","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0125","scoring_system":"epss","scoring_elements":"0.79342","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0125","scoring_system":"epss","scoring_elements":"0.79357","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2512","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2512"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2513","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2513"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/67b46ba7016da2d259c1ecc7d666d11f5e1cfaab","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/67b46ba7016da2d259c1ecc7d666d11f5e1cfaab"},{"reference_url":"https://github.com/django/django/commit/af7d09b0c5c6ab68e629fd9baf736f9dd203b18e","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/af7d09b0c5c6ab68e629fd9baf736f9dd203b18e"},{"reference_url":"https://github.com/django/django/commit/f4e6e02f7713a6924d16540be279909ff4091eb6","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/f4e6e02f7713a6924d16540be279909ff4091eb6"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2016-16.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2016-16.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2513","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:N/A:N"},{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2513"},{"reference_url":"https://web.archive.org/web/20160322001143/http://www.securitytracker.com/id/1035152","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160322001143/http://www.securitytracker.com/id/1035152"},{"reference_url":"https://web.archive.org/web/20200228001222/http://www.securityfocus.com/bid/83878","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228001222/http://www.securityfocus.com/bid/83878"},{"reference_url":"https://www.djangoproject.com/weblog/2016/mar/01/security-releases","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2016/mar/01/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2016/mar/01/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2016/mar/01/security-releases/"},{"reference_url":"http://www.debian.org/security/2016/dsa-3544","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3544"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"},{"reference_url":"http://www.securityfocus.com/bid/83878","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/83878"},{"reference_url":"http://www.securitytracker.com/id/1035152","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1035152"},{"reference_url":"http://www.ubuntu.com/usn/USN-2915-1","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2915-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-2915-2","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2915-2"},{"reference_url":"http://www.ubuntu.com/usn/USN-2915-3","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2915-3"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1311438","reference_id":"1311438","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1311438"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816434","reference_id":"816434","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816434"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:djangoproject:django:1.8.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:djangoproject:django:1.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:djangoproject:django:1.9.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:djangoproject:django:1.9.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.2:*:*:*:*:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-fp6p-5xvw-m74f","reference_id":"GHSA-fp6p-5xvw-m74f","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fp6p-5xvw-m74f"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0502","reference_id":"RHSA-2016:0502","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0502"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0503","reference_id":"RHSA-2016:0503","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0503"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0504","reference_id":"RHSA-2016:0504","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0504"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0505","reference_id":"RHSA-2016:0505","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0505"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0506","reference_id":"RHSA-2016:0506","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0506"},{"reference_url":"https://usn.ubuntu.com/2915-1/","reference_id":"USN-2915-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2915-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4186?format=json","purl":"pkg:pypi/django@1.8.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-84mm-45p6-xkau"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8teq-9xr9-q3fg"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-bdms-nb18-guf9"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-jae8-w85w-cyfu"},{"vulnerability":"VCID-k25u-g17y-hyfh"},{"vulnerability":"VCID-k6s1-gnmc-e3ed"},{"vulnerability":"VCID-mv1p-yxvp-pbh6"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-uk1w-hehw-dyda"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-x4ev-6zjm-sbe4"},{"vulnerability":"VCID-x516-xwze-6ba3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.10"},{"url":"http://public2.vulnerablecode.io/api/packages/4187?format=json","purl":"pkg:pypi/django@1.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-84mm-45p6-xkau"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8teq-9xr9-q3fg"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-bdms-nb18-guf9"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-k25u-g17y-hyfh"},{"vulnerability":"VCID-k6s1-gnmc-e3ed"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-uk1w-hehw-dyda"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-x4ev-6zjm-sbe4"},{"vulnerability":"VCID-x516-xwze-6ba3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.3"}],"aliases":["CVE-2016-2513","GHSA-fp6p-5xvw-m74f","PYSEC-2016-16"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-325d-7dfk-sqd2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5988?format=json","vulnerability_id":"VCID-8jaq-53td-wbeg","summary":"Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.)","references":[{"reference_url":"http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19844.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19844.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19844","reference_id":"","reference_type":"","scores":[{"value":"0.13973","scoring_system":"epss","scoring_elements":"0.94298","published_at":"2026-04-02T12:55:00Z"},{"value":"0.13973","scoring_system":"epss","scoring_elements":"0.9433","published_at":"2026-04-13T12:55:00Z"},{"value":"0.13973","scoring_system":"epss","scoring_elements":"0.94329","published_at":"2026-04-12T12:55:00Z"},{"value":"0.13973","scoring_system":"epss","scoring_elements":"0.94328","published_at":"2026-04-11T12:55:00Z"},{"value":"0.13973","scoring_system":"epss","scoring_elements":"0.94289","published_at":"2026-04-01T12:55:00Z"},{"value":"0.13973","scoring_system":"epss","scoring_elements":"0.94324","published_at":"2026-04-09T12:55:00Z"},{"value":"0.13973","scoring_system":"epss","scoring_elements":"0.9432","published_at":"2026-04-08T12:55:00Z"},{"value":"0.13973","scoring_system":"epss","scoring_elements":"0.9431","published_at":"2026-04-07T12:55:00Z"},{"value":"0.13973","scoring_system":"epss","scoring_elements":"0.94309","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19844"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-vfq6-hq5r-27r6","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vfq6-hq5r-27r6"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/302a4ff1e8b1c798aab97673909c7a3dfda42c26","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/302a4ff1e8b1c798aab97673909c7a3dfda42c26"},{"reference_url":"https://github.com/django/django/commit/4d334bea06cac63dc1272abcec545b85136cca0e","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/4d334bea06cac63dc1272abcec545b85136cca0e"},{"reference_url":"https://github.com/django/django/commit/5b1fbcef7a8bec991ebe7b2a18b5d5a95d72cb70","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/5b1fbcef7a8bec991ebe7b2a18b5d5a95d72cb70"},{"reference_url":"https://github.com/django/django/commit/f4cff43bf921fcea6a29b726eb66767f67753fa2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/f4cff43bf921fcea6a29b726eb66767f67753fa2"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-16.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-16.yaml"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19844","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19844"},{"reference_url":"https://seclists.org/bugtraq/2020/Jan/9","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2020/Jan/9"},{"reference_url":"https://security.gentoo.org/glsa/202004-17","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202004-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200110-0003","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200110-0003"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200110-0003/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20200110-0003/"},{"reference_url":"https://usn.ubuntu.com/4224-1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4224-1"},{"reference_url":"https://usn.ubuntu.com/4224-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4224-1/"},{"reference_url":"https://www.debian.org/security/2020/dsa-4598","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2020/dsa-4598"},{"reference_url":"https://www.djangoproject.com/weblog/2019/dec/18/security-releases","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2019/dec/18/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2019/dec/18/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2019/dec/18/security-releases/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1788425","reference_id":"1788425","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1788425"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946937","reference_id":"946937","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946937"},{"reference_url":"https://security.archlinux.org/AVG-1080","reference_id":"AVG-1080","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1080"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/webapps/47879.md","reference_id":"CVE-2019-19844","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/webapps/47879.md"},{"reference_url":"https://ryu22e.org/en/posts/2019/12/25/django-cve-2019-19844/","reference_id":"CVE-2019-19844","reference_type":"exploit","scores":[],"url":"https://ryu22e.org/en/posts/2019/12/25/django-cve-2019-19844/"},{"reference_url":"https://usn.ubuntu.com/6722-1/","reference_id":"USN-6722-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6722-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9783?format=json","purl":"pkg:pypi/django@1.11.27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-84mm-45p6-xkau"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-wb34-g6xq-rkfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.27"},{"url":"http://public2.vulnerablecode.io/api/packages/9784?format=json","purl":"pkg:pypi/django@2.2.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-84mm-45p6-xkau"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.9"},{"url":"http://public2.vulnerablecode.io/api/packages/10025?format=json","purl":"pkg:pypi/django@3.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-84mm-45p6-xkau"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-gan1-9gwu-63d2"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.1"}],"aliases":["CVE-2019-19844","GHSA-vfq6-hq5r-27r6","PYSEC-2019-16"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8jaq-53td-wbeg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5520?format=json","vulnerability_id":"VCID-8teq-9xr9-q3fg","summary":"The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2038.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-2038.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2039.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-2039.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2040.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-2040.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2041.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-2041.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2042.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-2042.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2043.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-2043.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7401.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7401.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7401","reference_id":"","reference_type":"","scores":[{"value":"0.04378","scoring_system":"epss","scoring_elements":"0.88978","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04378","scoring_system":"epss","scoring_elements":"0.88922","published_at":"2026-04-01T12:55:00Z"},{"value":"0.04378","scoring_system":"epss","scoring_elements":"0.8893","published_at":"2026-04-02T12:55:00Z"},{"value":"0.04378","scoring_system":"epss","scoring_elements":"0.88947","published_at":"2026-04-04T12:55:00Z"},{"value":"0.04378","scoring_system":"epss","scoring_elements":"0.88949","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04378","scoring_system":"epss","scoring_elements":"0.88968","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04378","scoring_system":"epss","scoring_elements":"0.88973","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04378","scoring_system":"epss","scoring_elements":"0.88985","published_at":"2026-04-11T12:55:00Z"},{"value":"0.04378","scoring_system":"epss","scoring_elements":"0.8898","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7401"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/6118ab7d0676f0d622278e5be215f14fb5410b6a","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/6118ab7d0676f0d622278e5be215f14fb5410b6a"},{"reference_url":"https://github.com/django/django/commit/6fe846a8f08dc959003f298b5407e321c6fe3735","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/6fe846a8f08dc959003f298b5407e321c6fe3735"},{"reference_url":"https://github.com/django/django/commit/d1bc980db1c0fffd6d60677e62f70beadb9fe64a","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/d1bc980db1c0fffd6d60677e62f70beadb9fe64a"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2016-3.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2016-3.yaml"},{"reference_url":"https://web.archive.org/web/20200227223637/http://www.securityfocus.com/bid/93182","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227223637/http://www.securityfocus.com/bid/93182"},{"reference_url":"https://web.archive.org/web/20210927195154/http://www.securitytracker.com/id/1036899","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210927195154/http://www.securitytracker.com/id/1036899"},{"reference_url":"https://www.djangoproject.com/weblog/2016/sep/26/security-releases","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2016/sep/26/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2016/sep/26/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2016/sep/26/security-releases/"},{"reference_url":"http://www.debian.org/security/2016/dsa-3678","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3678"},{"reference_url":"http://www.securityfocus.com/bid/93182","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/93182"},{"reference_url":"http://www.securitytracker.com/id/1036899","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1036899"},{"reference_url":"http://www.ubuntu.com/usn/USN-3089-1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-3089-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1377376","reference_id":"1377376","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1377376"},{"reference_url":"https://security.archlinux.org/ASA-201610-13","reference_id":"ASA-201610-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201610-13"},{"reference_url":"https://security.archlinux.org/AVG-35","reference_id":"AVG-35","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-35"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-7401","reference_id":"CVE-2016-7401","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-7401"},{"reference_url":"https://github.com/advisories/GHSA-crhm-qpjc-cm64","reference_id":"GHSA-crhm-qpjc-cm64","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-crhm-qpjc-cm64"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2038","reference_id":"RHSA-2016:2038","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2038"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2039","reference_id":"RHSA-2016:2039","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2039"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2040","reference_id":"RHSA-2016:2040","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2040"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2041","reference_id":"RHSA-2016:2041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2042","reference_id":"RHSA-2016:2042","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2042"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2043","reference_id":"RHSA-2016:2043","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2043"},{"reference_url":"https://usn.ubuntu.com/3089-1/","reference_id":"USN-3089-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3089-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4487?format=json","purl":"pkg:pypi/django@1.8.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-84mm-45p6-xkau"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-bdms-nb18-guf9"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-jae8-w85w-cyfu"},{"vulnerability":"VCID-k25u-g17y-hyfh"},{"vulnerability":"VCID-k6s1-gnmc-e3ed"},{"vulnerability":"VCID-mv1p-yxvp-pbh6"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-uk1w-hehw-dyda"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-x516-xwze-6ba3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.15"},{"url":"http://public2.vulnerablecode.io/api/packages/4488?format=json","purl":"pkg:pypi/django@1.9.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-84mm-45p6-xkau"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-bdms-nb18-guf9"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-k25u-g17y-hyfh"},{"vulnerability":"VCID-k6s1-gnmc-e3ed"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-uk1w-hehw-dyda"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-x516-xwze-6ba3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.10"}],"aliases":["CVE-2016-7401","GHSA-crhm-qpjc-cm64","PYSEC-2016-3"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8teq-9xr9-q3fg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5527?format=json","vulnerability_id":"VCID-k6s1-gnmc-e3ed","summary":"Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9014.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9014.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9014","reference_id":"","reference_type":"","scores":[{"value":"0.03045","scoring_system":"epss","scoring_elements":"0.86685","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03045","scoring_system":"epss","scoring_elements":"0.86692","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03045","scoring_system":"epss","scoring_elements":"0.86695","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03045","scoring_system":"epss","scoring_elements":"0.86681","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03045","scoring_system":"epss","scoring_elements":"0.86671","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03045","scoring_system":"epss","scoring_elements":"0.86652","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03045","scoring_system":"epss","scoring_elements":"0.86653","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03045","scoring_system":"epss","scoring_elements":"0.86634","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03045","scoring_system":"epss","scoring_elements":"0.86622","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9014"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9013","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9013"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9014","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9014"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7233","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7233"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7234","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7234"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/45acd6d836895a4c36575f48b3fb36a3dae98d19","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/45acd6d836895a4c36575f48b3fb36a3dae98d19"},{"reference_url":"https://github.com/django/django/commit/884e113838e5a72b4b0ec9e5e87aa480f6aa4472","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/884e113838e5a72b4b0ec9e5e87aa480f6aa4472"},{"reference_url":"https://github.com/django/django/commit/c401ae9a7dfb1a94a8a61927ed541d6f93089587","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/c401ae9a7dfb1a94a8a61927ed541d6f93089587"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2016-18.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2016-18.yaml"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OG5ROMUPS6C7BXELD3TAUUH7OBYV56WQ","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OG5ROMUPS6C7BXELD3TAUUH7OBYV56WQ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OG5ROMUPS6C7BXELD3TAUUH7OBYV56WQ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OG5ROMUPS6C7BXELD3TAUUH7OBYV56WQ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXDKJYHN74BWY3P7AR2UZDVJREQMRE6S","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXDKJYHN74BWY3P7AR2UZDVJREQMRE6S"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXDKJYHN74BWY3P7AR2UZDVJREQMRE6S/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXDKJYHN74BWY3P7AR2UZDVJREQMRE6S/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9014","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9014"},{"reference_url":"https://web.archive.org/web/20210123185619/http://www.securityfocus.com/bid/94068","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210123185619/http://www.securityfocus.com/bid/94068"},{"reference_url":"https://web.archive.org/web/20211204043252/http://www.securitytracker.com/id/1037159","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20211204043252/http://www.securitytracker.com/id/1037159"},{"reference_url":"https://www.djangoproject.com/weblog/2016/nov/01/security-releases","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2016/nov/01/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2016/nov/01/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2016/nov/01/security-releases/"},{"reference_url":"http://www.debian.org/security/2017/dsa-3835","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2017/dsa-3835"},{"reference_url":"http://www.securityfocus.com/bid/94068","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94068"},{"reference_url":"http://www.securitytracker.com/id/1037159","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1037159"},{"reference_url":"http://www.ubuntu.com/usn/USN-3115-1","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-3115-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1389417","reference_id":"1389417","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1389417"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842856","reference_id":"842856","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842856"},{"reference_url":"https://security.archlinux.org/ASA-201611-15","reference_id":"ASA-201611-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-15"},{"reference_url":"https://security.archlinux.org/AVG-57","reference_id":"AVG-57","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-57"},{"reference_url":"https://github.com/advisories/GHSA-3f2c-jm6v-cr35","reference_id":"GHSA-3f2c-jm6v-cr35","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3f2c-jm6v-cr35"},{"reference_url":"https://usn.ubuntu.com/3115-1/","reference_id":"USN-3115-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3115-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4504?format=json","purl":"pkg:pypi/django@1.8.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-84mm-45p6-xkau"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-bdms-nb18-guf9"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-jae8-w85w-cyfu"},{"vulnerability":"VCID-k25u-g17y-hyfh"},{"vulnerability":"VCID-mv1p-yxvp-pbh6"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-x516-xwze-6ba3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.16"},{"url":"http://public2.vulnerablecode.io/api/packages/4505?format=json","purl":"pkg:pypi/django@1.9.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-84mm-45p6-xkau"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-bdms-nb18-guf9"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-k25u-g17y-hyfh"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-x516-xwze-6ba3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.11"},{"url":"http://public2.vulnerablecode.io/api/packages/4506?format=json","purl":"pkg:pypi/django@1.10.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-438j-ce4y-zkan"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-84mm-45p6-xkau"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-bdms-nb18-guf9"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-k25u-g17y-hyfh"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-x516-xwze-6ba3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.10.3"}],"aliases":["CVE-2016-9014","GHSA-3f2c-jm6v-cr35","PYSEC-2016-18"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k6s1-gnmc-e3ed"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6472?format=json","vulnerability_id":"VCID-qm34-ec8s-tfd7","summary":"Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and only if) the default admindocs templates have been customized by application developers to also show file contents, then not only the existence but also the file contents would have been exposed. In other words, there is directory traversal outside of the template root directories.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33203.json","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33203.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33203","reference_id":"","reference_type":"","scores":[{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55629","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55646","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55666","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55657","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55654","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55489","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55603","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55625","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.556","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33203"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33203","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33203"},{"reference_url":"https://docs.djangoproject.com/en/3.2/releases/security","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/3.2/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/3.2/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/3.2/releases/security/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-68w8-qjq3-2gfm","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-68w8-qjq3-2gfm"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/053cc9534d174dc89daba36724ed2dcb36755b90","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/053cc9534d174dc89daba36724ed2dcb36755b90"},{"reference_url":"https://github.com/django/django/commit/20c67a0693c4ede2b09af02574823485e82e4c8f","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/20c67a0693c4ede2b09af02574823485e82e4c8f"},{"reference_url":"https://github.com/django/django/commit/dfaba12cda060b8b292ae1d271b44bf810b1c5b9","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/dfaba12cda060b8b292ae1d271b44bf810b1c5b9"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-98.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-98.yaml"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33203","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33203"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210727-0004","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210727-0004"},{"reference_url":"https://www.djangoproject.com/weblog/2021/jun/02/security-releases","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2021/jun/02/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2021/jun/02/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2021/jun/02/security-releases/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966251","reference_id":"1966251","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966251"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989394","reference_id":"989394","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989394"},{"reference_url":"https://security.archlinux.org/ASA-202106-41","reference_id":"ASA-202106-41","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-41"},{"reference_url":"https://security.archlinux.org/AVG-2026","reference_id":"AVG-2026","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2026"},{"reference_url":"https://security.gentoo.org/glsa/202509-03","reference_id":"GLSA-202509-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202509-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3490","reference_id":"RHSA-2021:3490","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3490"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4702","reference_id":"RHSA-2021:4702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4702"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5070","reference_id":"RHSA-2021:5070","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5070"},{"reference_url":"https://usn.ubuntu.com/4975-1/","reference_id":"USN-4975-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4975-1/"},{"reference_url":"https://usn.ubuntu.com/4975-2/","reference_id":"USN-4975-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4975-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/17548?format=json","purl":"pkg:pypi/django@2.2.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-84mm-45p6-xkau"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.24"},{"url":"http://public2.vulnerablecode.io/api/packages/17549?format=json","purl":"pkg:pypi/django@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-84mm-45p6-xkau"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-gan1-9gwu-63d2"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/17550?format=json","purl":"pkg:pypi/django@3.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-42x9-8c3c-bug1"},{"vulnerability":"VCID-4ztz-fq98-5fh1"},{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-78r4-85ms-63hm"},{"vulnerability":"VCID-7tca-pgcs-cuhd"},{"vulnerability":"VCID-84mm-45p6-xkau"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8m4b-y4va-kqgm"},{"vulnerability":"VCID-8xgs-8xjr-cber"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-gan1-9gwu-63d2"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-jh1e-72hp-fuf4"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-nese-5485-hkbs"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-t6uc-dfrd-jyfg"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-wz1q-1tjp-4qhw"},{"vulnerability":"VCID-ypub-ukuh-p3aw"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.4"}],"aliases":["BIT-django-2021-33203","CVE-2021-33203","GHSA-68w8-qjq3-2gfm","PYSEC-2021-98"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qm34-ec8s-tfd7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5498?format=json","vulnerability_id":"VCID-ukxp-wqpr-t3by","summary":"The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting (XSS) attacks via a URL containing basic authentication, as demonstrated by http://mysite.example.com\\@attacker.com.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0502.html","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0502.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0504.html","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0504.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0505.html","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0505.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0506.html","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0506.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2512.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2512.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2512","reference_id":"","reference_type":"","scores":[{"value":"0.01203","scoring_system":"epss","scoring_elements":"0.78945","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01203","scoring_system":"epss","scoring_elements":"0.7896","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01203","scoring_system":"epss","scoring_elements":"0.78937","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01203","scoring_system":"epss","scoring_elements":"0.78931","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01203","scoring_system":"epss","scoring_elements":"0.78906","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01203","scoring_system":"epss","scoring_elements":"0.78923","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01203","scoring_system":"epss","scoring_elements":"0.78895","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01203","scoring_system":"epss","scoring_elements":"0.78888","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01203","scoring_system":"epss","scoring_elements":"0.78935","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2512"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2512","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2512"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2513","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2513"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/382ab137312961ad62feb8109d70a5a581fe8350","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/382ab137312961ad62feb8109d70a5a581fe8350"},{"reference_url":"https://github.com/django/django/commit/c5544d289233f501917e25970c03ed444abbd4f0","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/c5544d289233f501917e25970c03ed444abbd4f0"},{"reference_url":"https://github.com/django/django/commit/fc6d147a63f89795dbcdecb0559256470fff4380","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/fc6d147a63f89795dbcdecb0559256470fff4380"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2016-15.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2016-15.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2512","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N"},{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2512"},{"reference_url":"https://web.archive.org/web/20210123090815/http://www.securityfocus.com/bid/83879","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210123090815/http://www.securityfocus.com/bid/83879"},{"reference_url":"https://web.archive.org/web/20210413200202/http://www.securitytracker.com/id/1035152","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210413200202/http://www.securitytracker.com/id/1035152"},{"reference_url":"https://www.djangoproject.com/weblog/2016/mar/01/security-releases","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2016/mar/01/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2016/mar/01/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2016/mar/01/security-releases/"},{"reference_url":"http://www.debian.org/security/2016/dsa-3544","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3544"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"},{"reference_url":"http://www.securityfocus.com/bid/83879","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/83879"},{"reference_url":"http://www.securitytracker.com/id/1035152","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1035152"},{"reference_url":"http://www.ubuntu.com/usn/USN-2915-1","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2915-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-2915-2","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2915-2"},{"reference_url":"http://www.ubuntu.com/usn/USN-2915-3","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2915-3"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1311431","reference_id":"1311431","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1311431"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816434","reference_id":"816434","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816434"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:djangoproject:django:1.8.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:djangoproject:django:1.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:djangoproject:django:1.9.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:djangoproject:django:1.9.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.2:*:*:*:*:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-pw27-w7w4-9qc7","reference_id":"GHSA-pw27-w7w4-9qc7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pw27-w7w4-9qc7"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0502","reference_id":"RHSA-2016:0502","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0502"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0503","reference_id":"RHSA-2016:0503","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0503"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0504","reference_id":"RHSA-2016:0504","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0504"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0505","reference_id":"RHSA-2016:0505","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0505"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0506","reference_id":"RHSA-2016:0506","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0506"},{"reference_url":"https://usn.ubuntu.com/2915-1/","reference_id":"USN-2915-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2915-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4186?format=json","purl":"pkg:pypi/django@1.8.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-84mm-45p6-xkau"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8teq-9xr9-q3fg"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-bdms-nb18-guf9"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-jae8-w85w-cyfu"},{"vulnerability":"VCID-k25u-g17y-hyfh"},{"vulnerability":"VCID-k6s1-gnmc-e3ed"},{"vulnerability":"VCID-mv1p-yxvp-pbh6"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-uk1w-hehw-dyda"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-x4ev-6zjm-sbe4"},{"vulnerability":"VCID-x516-xwze-6ba3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.10"},{"url":"http://public2.vulnerablecode.io/api/packages/4187?format=json","purl":"pkg:pypi/django@1.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-84mm-45p6-xkau"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8teq-9xr9-q3fg"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-bdms-nb18-guf9"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-k25u-g17y-hyfh"},{"vulnerability":"VCID-k6s1-gnmc-e3ed"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-uk1w-hehw-dyda"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-x4ev-6zjm-sbe4"},{"vulnerability":"VCID-x516-xwze-6ba3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.3"}],"aliases":["CVE-2016-2512","GHSA-pw27-w7w4-9qc7","PYSEC-2016-15"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ukxp-wqpr-t3by"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5515?format=json","vulnerability_id":"VCID-x4ev-6zjm-sbe4","summary":"Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors involving unsafe usage of Element.innerHTML.","references":[{"reference_url":"http://packetstormsecurity.com/files/137965/Django-3.3.0-Script-Insertion.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/137965/Django-3.3.0-Script-Insertion.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1594.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-1594.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1595.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-1595.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1596.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-1596.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6186.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6186.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6186","reference_id":"","reference_type":"","scores":[{"value":"0.13095","scoring_system":"epss","scoring_elements":"0.94081","published_at":"2026-04-02T12:55:00Z"},{"value":"0.13095","scoring_system":"epss","scoring_elements":"0.94113","published_at":"2026-04-13T12:55:00Z"},{"value":"0.13095","scoring_system":"epss","scoring_elements":"0.94112","published_at":"2026-04-12T12:55:00Z"},{"value":"0.13095","scoring_system":"epss","scoring_elements":"0.94107","published_at":"2026-04-09T12:55:00Z"},{"value":"0.13095","scoring_system":"epss","scoring_elements":"0.94071","published_at":"2026-04-01T12:55:00Z"},{"value":"0.13095","scoring_system":"epss","scoring_elements":"0.94103","published_at":"2026-04-08T12:55:00Z"},{"value":"0.13095","scoring_system":"epss","scoring_elements":"0.94095","published_at":"2026-04-07T12:55:00Z"},{"value":"0.13095","scoring_system":"epss","scoring_elements":"0.94091","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6186"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6186","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6186"},{"reference_url":"http://seclists.org/fulldisclosure/2016/Jul/53","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2016/Jul/53"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/6fa150b2f8b601668083042324c4add534143cb1","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/6fa150b2f8b601668083042324c4add534143cb1"},{"reference_url":"https://github.com/django/django/commit/d03bf6fe4e9bf5b07de62c1a271c4b41a7d3d158","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/d03bf6fe4e9bf5b07de62c1a271c4b41a7d3d158"},{"reference_url":"https://github.com/django/django/commit/f68e5a99164867ab0e071a936470958ed867479d","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/f68e5a99164867ab0e071a936470958ed867479d"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2016-2.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2016-2.yaml"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DMLLFAUT4J4IP4P2KI4NOVWRMHA22WUJ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DMLLFAUT4J4IP4P2KI4NOVWRMHA22WUJ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KHHPN6MISX5I6UTXQHYLPTLEEUE6WDXW/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KHHPN6MISX5I6UTXQHYLPTLEEUE6WDXW/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DMLLFAUT4J4IP4P2KI4NOVWRMHA22WUJ","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DMLLFAUT4J4IP4P2KI4NOVWRMHA22WUJ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DMLLFAUT4J4IP4P2KI4NOVWRMHA22WUJ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DMLLFAUT4J4IP4P2KI4NOVWRMHA22WUJ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KHHPN6MISX5I6UTXQHYLPTLEEUE6WDXW","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KHHPN6MISX5I6UTXQHYLPTLEEUE6WDXW"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KHHPN6MISX5I6UTXQHYLPTLEEUE6WDXW/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KHHPN6MISX5I6UTXQHYLPTLEEUE6WDXW/"},{"reference_url":"https://web.archive.org/web/20201022155237/http://www.securityfocus.com/archive/1/538947/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20201022155237/http://www.securityfocus.com/archive/1/538947/100/0/threaded"},{"reference_url":"https://web.archive.org/web/20210123154652/http://www.securityfocus.com/bid/92058","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210123154652/http://www.securityfocus.com/bid/92058"},{"reference_url":"https://web.archive.org/web/20211204042848/http://www.securitytracker.com/id/1036338","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20211204042848/http://www.securitytracker.com/id/1036338"},{"reference_url":"https://www.djangoproject.com/weblog/2016/jul/18/security-releases","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2016/jul/18/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2016/jul/18/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2016/jul/18/security-releases/"},{"reference_url":"https://www.exploit-db.com/exploits/40129","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/40129"},{"reference_url":"https://www.exploit-db.com/exploits/40129/","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/40129/"},{"reference_url":"http://www.debian.org/security/2016/dsa-3622","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3622"},{"reference_url":"http://www.securityfocus.com/archive/1/538947/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/538947/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/92058","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/92058"},{"reference_url":"http://www.securitytracker.com/id/1036338","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1036338"},{"reference_url":"http://www.ubuntu.com/usn/USN-3039-1","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-3039-1"},{"reference_url":"http://www.vulnerability-lab.com/get_content.php?id=1869","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vulnerability-lab.com/get_content.php?id=1869"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1355663","reference_id":"1355663","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1355663"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=831799","reference_id":"831799","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=831799"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10:alpha1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:djangoproject:django:1.10:alpha1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10:alpha1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10:beta1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:djangoproject:django:1.10:beta1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10:beta1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:djangoproject:django:1.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.0:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:djangoproject:django:1.9.0:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.0:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:djangoproject:django:1.9.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:djangoproject:django:1.9.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:djangoproject:django:1.9.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:djangoproject:django:1.9.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:djangoproject:django:1.9.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:djangoproject:django:1.9.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:djangoproject:django:1.9.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/webapps/40129.txt","reference_id":"CVE-2016-6186","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/webapps/40129.txt"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6186","reference_id":"CVE-2016-6186","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6186"},{"reference_url":"https://www.vulnerability-lab.com/get_content.php?id=1869","reference_id":"CVE-2016-6186","reference_type":"exploit","scores":[],"url":"https://www.vulnerability-lab.com/get_content.php?id=1869"},{"reference_url":"https://github.com/advisories/GHSA-c8c8-9472-w52h","reference_id":"GHSA-c8c8-9472-w52h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c8c8-9472-w52h"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1594","reference_id":"RHSA-2016:1594","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1594"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1595","reference_id":"RHSA-2016:1595","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1595"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1596","reference_id":"RHSA-2016:1596","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1596"},{"reference_url":"https://usn.ubuntu.com/3039-1/","reference_id":"USN-3039-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3039-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4302?format=json","purl":"pkg:pypi/django@1.8.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-84mm-45p6-xkau"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8teq-9xr9-q3fg"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-bdms-nb18-guf9"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-jae8-w85w-cyfu"},{"vulnerability":"VCID-k25u-g17y-hyfh"},{"vulnerability":"VCID-k6s1-gnmc-e3ed"},{"vulnerability":"VCID-mv1p-yxvp-pbh6"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-uk1w-hehw-dyda"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-x516-xwze-6ba3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.14"},{"url":"http://public2.vulnerablecode.io/api/packages/4303?format=json","purl":"pkg:pypi/django@1.9.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-84mm-45p6-xkau"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8teq-9xr9-q3fg"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-bdms-nb18-guf9"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-k25u-g17y-hyfh"},{"vulnerability":"VCID-k6s1-gnmc-e3ed"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-uk1w-hehw-dyda"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-x516-xwze-6ba3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.8"},{"url":"http://public2.vulnerablecode.io/api/packages/4304?format=json","purl":"pkg:pypi/django@1.10rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-438j-ce4y-zkan"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-84mm-45p6-xkau"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-bdms-nb18-guf9"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-k6s1-gnmc-e3ed"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-uk1w-hehw-dyda"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-x516-xwze-6ba3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.10rc1"}],"aliases":["CVE-2016-6186","GHSA-c8c8-9472-w52h","PYSEC-2016-2"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x4ev-6zjm-sbe4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90613?format=json","vulnerability_id":"VCID-x516-xwze-6ba3","summary":"Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.)","references":[{"reference_url":"http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html","reference_id":"","reference_type":"","scores":[],"url":"http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/"},{"reference_url":"https://seclists.org/bugtraq/2020/Jan/9","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2020/Jan/9"},{"reference_url":"https://security.gentoo.org/glsa/202004-17","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202004-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200110-0003/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20200110-0003/"},{"reference_url":"https://usn.ubuntu.com/4224-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4224-1/"},{"reference_url":"https://www.debian.org/security/2020/dsa-4598","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2020/dsa-4598"},{"reference_url":"https://www.djangoproject.com/weblog/2019/dec/18/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2019/dec/18/security-releases/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9783?format=json","purl":"pkg:pypi/django@1.11.27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-84mm-45p6-xkau"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-wb34-g6xq-rkfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.27"},{"url":"http://public2.vulnerablecode.io/api/packages/9784?format=json","purl":"pkg:pypi/django@2.2.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-66w1-4zku-gyfp"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-84mm-45p6-xkau"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-9k9t-vp1a-z7bt"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-c8s7-3g9m-d3cw"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-gp5e-nguh-5fdk"},{"vulnerability":"VCID-hwa2-n7a2-pyg1"},{"vulnerability":"VCID-j4br-4y39-s3gs"},{"vulnerability":"VCID-kypj-ptb9-8qhz"},{"vulnerability":"VCID-mmay-juu6-5ua9"},{"vulnerability":"VCID-mzdk-m12w-q3fc"},{"vulnerability":"VCID-pa75-6avj-duf7"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-th9v-dk98-3kea"},{"vulnerability":"VCID-u7m5-tzv2-c7hn"},{"vulnerability":"VCID-ume2-wt6y-jye7"},{"vulnerability":"VCID-upy5-adtx-n7hg"},{"vulnerability":"VCID-v4ad-xxy8-wfc9"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-w6k8-js68-87g4"},{"vulnerability":"VCID-wb34-g6xq-rkfx"},{"vulnerability":"VCID-wkrc-62bd-bbgx"},{"vulnerability":"VCID-z8z1-cjee-kfeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.9"}],"aliases":["PYSEC-2019-86"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x516-xwze-6ba3"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8rc1"}