Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/39590?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/39590?format=api", "purl": "pkg:pypi/django@5.0.2", "type": "pypi", "namespace": "", "name": "django", "version": "5.0.2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "5.0.14", "latest_non_vulnerable_version": "6.0.5", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36951?format=api", "vulnerability_id": "VCID-2ft7-rbey-kuhx", "summary": "An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. (Applications that use the jsonfield.has_key lookup via __ are unaffected.)", "references": [ { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2024/12/04/3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.openwall.com/lists/oss-security/2024/12/04/3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/44199?format=api", "purl": "pkg:pypi/django@5.0.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-pa7y-gpwp-6qgj" }, { "vulnerability": "VCID-qw15-2kq7-wqed" }, { "vulnerability": "VCID-qy1a-x3ff-4bc8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/44198?format=api", "purl": "pkg:pypi/django@5.1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5xtt-au84-zbb2" }, { "vulnerability": "VCID-7c5n-nzwk-v7bz" }, { "vulnerability": "VCID-9kvc-1bdz-n3bd" }, { "vulnerability": "VCID-bb8b-hq41-s7a6" }, { "vulnerability": "VCID-fcg9-xypn-ykhf" }, { "vulnerability": "VCID-ga69-9y5g-77c3" }, { "vulnerability": "VCID-pa7y-gpwp-6qgj" }, { "vulnerability": "VCID-qw15-2kq7-wqed" }, { "vulnerability": "VCID-qy1a-x3ff-4bc8" }, { "vulnerability": "VCID-whgc-pt2s-77ar" }, { "vulnerability": "VCID-ynt9-h6ww-h7e9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.4" } ], "aliases": [ "CVE-2024-53908", "PYSEC-2024-157" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2ft7-rbey-kuhx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36828?format=api", "vulnerability_id": "VCID-9gq3-whr8-s7b8", "summary": "An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets.", "references": [ { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://groups.google.com/forum/#%21forum/django-announce", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#%21forum/django-announce" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/jul/09/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2024/jul/09/security-releases/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/41843?format=api", "purl": "pkg:pypi/django@5.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ft7-rbey-kuhx" }, { "vulnerability": "VCID-e12b-tw2c-53c9" }, { "vulnerability": "VCID-hsjn-xnpp-5yeh" }, { "vulnerability": "VCID-jgv9-vdbm-sycd" }, { "vulnerability": "VCID-pa7y-gpwp-6qgj" }, { "vulnerability": "VCID-qw15-2kq7-wqed" }, { "vulnerability": "VCID-qy1a-x3ff-4bc8" }, { "vulnerability": "VCID-rqqc-ta7c-ykgx" }, { "vulnerability": "VCID-ud73-4t2c-n3at" }, { "vulnerability": "VCID-xcmd-18ck-gqae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.7" } ], "aliases": [ "CVE-2024-38875", "PYSEC-2024-56" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9gq3-whr8-s7b8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36847?format=api", "vulnerability_id": "VCID-e12b-tw2c-53c9", "summary": "An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.", "references": [ { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://groups.google.com/forum/#%21forum/django-announce", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#%21forum/django-announce" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/aug/06/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2024/aug/06/security-releases/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/42126?format=api", "purl": "pkg:pypi/django@5.0.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ft7-rbey-kuhx" }, { "vulnerability": "VCID-hsjn-xnpp-5yeh" }, { "vulnerability": "VCID-pa7y-gpwp-6qgj" }, { "vulnerability": "VCID-qw15-2kq7-wqed" }, { "vulnerability": "VCID-qy1a-x3ff-4bc8" }, { "vulnerability": "VCID-ud73-4t2c-n3at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.8" } ], "aliases": [ "CVE-2024-41991", "PYSEC-2024-69" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e12b-tw2c-53c9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36827?format=api", "vulnerability_id": "VCID-e8j6-mybr-17fh", "summary": "An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations from the parent class, potentially allow directory traversal via certain inputs during a save() call. (Built-in Storage sub-classes are unaffected.)", "references": [ { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://groups.google.com/forum/#%21forum/django-announce", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#%21forum/django-announce" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/jul/09/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2024/jul/09/security-releases/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/41843?format=api", "purl": "pkg:pypi/django@5.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ft7-rbey-kuhx" }, { "vulnerability": "VCID-e12b-tw2c-53c9" }, { "vulnerability": "VCID-hsjn-xnpp-5yeh" }, { "vulnerability": "VCID-jgv9-vdbm-sycd" }, { "vulnerability": "VCID-pa7y-gpwp-6qgj" }, { "vulnerability": "VCID-qw15-2kq7-wqed" }, { "vulnerability": "VCID-qy1a-x3ff-4bc8" }, { "vulnerability": "VCID-rqqc-ta7c-ykgx" }, { "vulnerability": "VCID-ud73-4t2c-n3at" }, { "vulnerability": "VCID-xcmd-18ck-gqae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.7" } ], "aliases": [ "CVE-2024-39330", "PYSEC-2024-58" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e8j6-mybr-17fh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36753?format=api", "vulnerability_id": "VCID-fsaw-3ta1-x3dw", "summary": "In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665.", "references": [ { "reference_url": "https://docs.djangoproject.com/en/5.0/releases/security", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/5.0/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/5.0/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/5.0/releases/security/" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/072963e4c4d0b3a7a8c5412bc0c7d27d1a9c3521", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django/commit/072963e4c4d0b3a7a8c5412bc0c7d27d1a9c3521" }, { "reference_url": "https://github.com/django/django/commit/3394fc6132436eca89e997083bae9985fb7e761e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django/commit/3394fc6132436eca89e997083bae9985fb7e761e" }, { "reference_url": "https://github.com/django/django/commit/3c9a2771cc80821e041b16eb36c1c37af5349d4a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django/commit/3c9a2771cc80821e041b16eb36c1c37af5349d4a" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-47.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-47.yaml" }, { "reference_url": "https://groups.google.com/forum/#%21forum/django-announce", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#%21forum/django-announce" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/mar/04/security-releases", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2024/mar/04/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/mar/04/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2024/mar/04/security-releases/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27351", "reference_id": "CVE-2024-27351", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27351" }, { "reference_url": "https://github.com/advisories/GHSA-vm8q-m57g-pff3", "reference_id": "GHSA-vm8q-m57g-pff3", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vm8q-m57g-pff3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40667?format=api", "purl": "pkg:pypi/django@5.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ft7-rbey-kuhx" }, { "vulnerability": "VCID-9gq3-whr8-s7b8" }, { "vulnerability": "VCID-e12b-tw2c-53c9" }, { "vulnerability": "VCID-e8j6-mybr-17fh" }, { "vulnerability": "VCID-hsjn-xnpp-5yeh" }, { "vulnerability": "VCID-jgv9-vdbm-sycd" }, { "vulnerability": "VCID-pa7y-gpwp-6qgj" }, { "vulnerability": "VCID-qw15-2kq7-wqed" }, { "vulnerability": "VCID-qy1a-x3ff-4bc8" }, { "vulnerability": "VCID-rqqc-ta7c-ykgx" }, { "vulnerability": "VCID-s1rj-1xbw-fbg5" }, { "vulnerability": "VCID-ud73-4t2c-n3at" }, { "vulnerability": "VCID-vgq9-s6th-yufg" }, { "vulnerability": "VCID-xcmd-18ck-gqae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.3" } ], "aliases": [ "CVE-2024-27351", "GHSA-vm8q-m57g-pff3", "PYSEC-2024-47" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fsaw-3ta1-x3dw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36884?format=api", "vulnerability_id": "VCID-hsjn-xnpp-5yeh", "summary": "An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.", "references": [ { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://groups.google.com/forum/#%21forum/django-announce", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#%21forum/django-announce" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/sep/03/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2024/sep/03/security-releases/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/43562?format=api", "purl": "pkg:pypi/django@5.0.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ft7-rbey-kuhx" }, { "vulnerability": "VCID-pa7y-gpwp-6qgj" }, { "vulnerability": "VCID-qw15-2kq7-wqed" }, { "vulnerability": "VCID-qy1a-x3ff-4bc8" }, { "vulnerability": "VCID-ud73-4t2c-n3at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/43561?format=api", "purl": "pkg:pypi/django@5.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ft7-rbey-kuhx" }, { "vulnerability": "VCID-5xtt-au84-zbb2" }, { "vulnerability": "VCID-7c5n-nzwk-v7bz" }, { "vulnerability": "VCID-9kvc-1bdz-n3bd" }, { "vulnerability": "VCID-bb8b-hq41-s7a6" }, { "vulnerability": "VCID-fcg9-xypn-ykhf" }, { "vulnerability": "VCID-ga69-9y5g-77c3" }, { "vulnerability": "VCID-pa7y-gpwp-6qgj" }, { "vulnerability": "VCID-qw15-2kq7-wqed" }, { "vulnerability": "VCID-qy1a-x3ff-4bc8" }, { "vulnerability": "VCID-ud73-4t2c-n3at" }, { "vulnerability": "VCID-whgc-pt2s-77ar" }, { "vulnerability": "VCID-ynt9-h6ww-h7e9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.1" } ], "aliases": [ "CVE-2024-45230", "PYSEC-2024-102" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hsjn-xnpp-5yeh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36849?format=api", "vulnerability_id": "VCID-jgv9-vdbm-sycd", "summary": "An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent.", "references": [ { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://groups.google.com/forum/#%21forum/django-announce", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#%21forum/django-announce" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/aug/06/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2024/aug/06/security-releases/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/42126?format=api", "purl": "pkg:pypi/django@5.0.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ft7-rbey-kuhx" }, { "vulnerability": "VCID-hsjn-xnpp-5yeh" }, { "vulnerability": "VCID-pa7y-gpwp-6qgj" }, { "vulnerability": "VCID-qw15-2kq7-wqed" }, { "vulnerability": "VCID-qy1a-x3ff-4bc8" }, { "vulnerability": "VCID-ud73-4t2c-n3at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.8" } ], "aliases": [ "CVE-2024-41989", "PYSEC-2024-67" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jgv9-vdbm-sycd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36958?format=api", "vulnerability_id": "VCID-pa7y-gpwp-6qgj", "summary": "An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (The django.db.models.GenericIPAddressField model field is not affected.)", "references": [ { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/jan/14/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2025/jan/14/security-releases/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/01/14/2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2025/01/14/2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/44333?format=api", "purl": "pkg:pypi/django@5.0.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-qw15-2kq7-wqed" }, { "vulnerability": "VCID-qy1a-x3ff-4bc8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/44332?format=api", "purl": "pkg:pypi/django@5.1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5xtt-au84-zbb2" }, { "vulnerability": "VCID-7c5n-nzwk-v7bz" }, { "vulnerability": "VCID-9kvc-1bdz-n3bd" }, { "vulnerability": "VCID-bb8b-hq41-s7a6" }, { "vulnerability": "VCID-fcg9-xypn-ykhf" }, { "vulnerability": "VCID-ga69-9y5g-77c3" }, { "vulnerability": "VCID-qw15-2kq7-wqed" }, { "vulnerability": "VCID-qy1a-x3ff-4bc8" }, { "vulnerability": "VCID-whgc-pt2s-77ar" }, { "vulnerability": "VCID-ynt9-h6ww-h7e9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.5" } ], "aliases": [ "CVE-2024-56374", "PYSEC-2025-1" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pa7y-gpwp-6qgj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37034?format=api", "vulnerability_id": "VCID-qw15-2kq7-wqed", "summary": "An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.", "references": [ { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/apr/02/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2025/apr/02/security-releases/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/04/02/2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2025/04/02/2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/44735?format=api", "purl": "pkg:pypi/django@5.0.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/44734?format=api", "purl": "pkg:pypi/django@5.1.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5xtt-au84-zbb2" }, { "vulnerability": "VCID-7c5n-nzwk-v7bz" }, { "vulnerability": "VCID-9kvc-1bdz-n3bd" }, { "vulnerability": "VCID-bb8b-hq41-s7a6" }, { "vulnerability": "VCID-fcg9-xypn-ykhf" }, { "vulnerability": "VCID-ga69-9y5g-77c3" }, { "vulnerability": "VCID-whgc-pt2s-77ar" }, { "vulnerability": "VCID-ynt9-h6ww-h7e9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.8" } ], "aliases": [ "CVE-2025-27556", "PYSEC-2025-14" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qw15-2kq7-wqed" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36984?format=api", "vulnerability_id": "VCID-qy1a-x3ff-4bc8", "summary": "An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap() method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings.", "references": [ { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00012.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00012.html" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/mar/06/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2025/mar/06/security-releases/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/03/06/12", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2025/03/06/12" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/44602?format=api", "purl": "pkg:pypi/django@5.0.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-qw15-2kq7-wqed" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/44601?format=api", "purl": "pkg:pypi/django@5.1.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5xtt-au84-zbb2" }, { "vulnerability": "VCID-7c5n-nzwk-v7bz" }, { "vulnerability": "VCID-9kvc-1bdz-n3bd" }, { "vulnerability": "VCID-bb8b-hq41-s7a6" }, { "vulnerability": "VCID-fcg9-xypn-ykhf" }, { "vulnerability": "VCID-ga69-9y5g-77c3" }, { "vulnerability": "VCID-qw15-2kq7-wqed" }, { "vulnerability": "VCID-whgc-pt2s-77ar" }, { "vulnerability": "VCID-ynt9-h6ww-h7e9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.7" } ], "aliases": [ "CVE-2025-26699", "PYSEC-2025-13" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qy1a-x3ff-4bc8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36848?format=api", "vulnerability_id": "VCID-rqqc-ta7c-ykgx", "summary": "An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.", "references": [ { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://groups.google.com/forum/#%21forum/django-announce", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#%21forum/django-announce" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/aug/06/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2024/aug/06/security-releases/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/42126?format=api", "purl": "pkg:pypi/django@5.0.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ft7-rbey-kuhx" }, { "vulnerability": "VCID-hsjn-xnpp-5yeh" }, { "vulnerability": "VCID-pa7y-gpwp-6qgj" }, { "vulnerability": "VCID-qw15-2kq7-wqed" }, { "vulnerability": "VCID-qy1a-x3ff-4bc8" }, { "vulnerability": "VCID-ud73-4t2c-n3at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.8" } ], "aliases": [ "CVE-2024-41990", "PYSEC-2024-68" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rqqc-ta7c-ykgx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36826?format=api", "vulnerability_id": "VCID-s1rj-1xbw-fbg5", "summary": "An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters.", "references": [ { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://groups.google.com/forum/#%21forum/django-announce", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#%21forum/django-announce" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/jul/09/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2024/jul/09/security-releases/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/41843?format=api", "purl": "pkg:pypi/django@5.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ft7-rbey-kuhx" }, { "vulnerability": "VCID-e12b-tw2c-53c9" }, { "vulnerability": "VCID-hsjn-xnpp-5yeh" }, { "vulnerability": "VCID-jgv9-vdbm-sycd" }, { "vulnerability": "VCID-pa7y-gpwp-6qgj" }, { "vulnerability": "VCID-qw15-2kq7-wqed" }, { "vulnerability": "VCID-qy1a-x3ff-4bc8" }, { "vulnerability": "VCID-rqqc-ta7c-ykgx" }, { "vulnerability": "VCID-ud73-4t2c-n3at" }, { "vulnerability": "VCID-xcmd-18ck-gqae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.7" } ], "aliases": [ "CVE-2024-39614", "PYSEC-2024-59" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s1rj-1xbw-fbg5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36950?format=api", "vulnerability_id": "VCID-ud73-4t2c-n3at", "summary": "An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities.", "references": [ { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00028.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00028.html" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2024/12/04/3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.openwall.com/lists/oss-security/2024/12/04/3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/44199?format=api", "purl": "pkg:pypi/django@5.0.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-pa7y-gpwp-6qgj" }, { "vulnerability": "VCID-qw15-2kq7-wqed" }, { "vulnerability": "VCID-qy1a-x3ff-4bc8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/44198?format=api", "purl": "pkg:pypi/django@5.1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5xtt-au84-zbb2" }, { "vulnerability": "VCID-7c5n-nzwk-v7bz" }, { "vulnerability": "VCID-9kvc-1bdz-n3bd" }, { "vulnerability": "VCID-bb8b-hq41-s7a6" }, { "vulnerability": "VCID-fcg9-xypn-ykhf" }, { "vulnerability": "VCID-ga69-9y5g-77c3" }, { "vulnerability": "VCID-pa7y-gpwp-6qgj" }, { "vulnerability": "VCID-qw15-2kq7-wqed" }, { "vulnerability": "VCID-qy1a-x3ff-4bc8" }, { "vulnerability": "VCID-whgc-pt2s-77ar" }, { "vulnerability": "VCID-ynt9-h6ww-h7e9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.4" } ], "aliases": [ "CVE-2024-53907", "PYSEC-2024-156" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ud73-4t2c-n3at" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36829?format=api", "vulnerability_id": "VCID-vgq9-s6th-yufg", "summary": "An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate() method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password.", "references": [ { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://groups.google.com/forum/#%21forum/django-announce", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#%21forum/django-announce" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/jul/09/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2024/jul/09/security-releases/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/41843?format=api", "purl": "pkg:pypi/django@5.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ft7-rbey-kuhx" }, { "vulnerability": "VCID-e12b-tw2c-53c9" }, { "vulnerability": "VCID-hsjn-xnpp-5yeh" }, { "vulnerability": "VCID-jgv9-vdbm-sycd" }, { "vulnerability": "VCID-pa7y-gpwp-6qgj" }, { "vulnerability": "VCID-qw15-2kq7-wqed" }, { "vulnerability": "VCID-qy1a-x3ff-4bc8" }, { "vulnerability": "VCID-rqqc-ta7c-ykgx" }, { "vulnerability": "VCID-ud73-4t2c-n3at" }, { "vulnerability": "VCID-xcmd-18ck-gqae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.7" } ], "aliases": [ "CVE-2024-39329", "PYSEC-2024-57" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vgq9-s6th-yufg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36850?format=api", "vulnerability_id": "VCID-xcmd-18ck-gqae", "summary": "An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.", "references": [ { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://groups.google.com/forum/#%21forum/django-announce", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#%21forum/django-announce" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/aug/06/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2024/aug/06/security-releases/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/42126?format=api", "purl": "pkg:pypi/django@5.0.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ft7-rbey-kuhx" }, { "vulnerability": "VCID-hsjn-xnpp-5yeh" }, { "vulnerability": "VCID-pa7y-gpwp-6qgj" }, { "vulnerability": "VCID-qw15-2kq7-wqed" }, { "vulnerability": "VCID-qy1a-x3ff-4bc8" }, { "vulnerability": "VCID-ud73-4t2c-n3at" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.8" } ], "aliases": [ "CVE-2024-42005", "PYSEC-2024-70" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xcmd-18ck-gqae" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36720?format=api", "vulnerability_id": "VCID-yuda-1mur-8bbq", "summary": "An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.", "references": [ { "reference_url": "https://docs.djangoproject.com/en/5.0/releases/security", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/5.0/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/5.0/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/5.0/releases/security/" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/16a8fe18a3b81250f4fa57e3f93f0599dc4895bc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django/commit/16a8fe18a3b81250f4fa57e3f93f0599dc4895bc" }, { "reference_url": "https://github.com/django/django/commit/55519d6cf8998fe4c8f5c8abffc2b10a7c3d14e9", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django/commit/55519d6cf8998fe4c8f5c8abffc2b10a7c3d14e9" }, { "reference_url": "https://github.com/django/django/commit/572ea07e84b38ea8de0551f4b4eda685d91d09d2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django/commit/572ea07e84b38ea8de0551f4b4eda685d91d09d2" }, { "reference_url": "https://github.com/django/django/commit/c1171ffbd570db90ca206c30f8e2b9f691243820", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django/commit/c1171ffbd570db90ca206c30f8e2b9f691243820" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-28.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-28.yaml" }, { "reference_url": "https://groups.google.com/forum/#%21forum/django-announce", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#%21forum/django-announce" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/feb/06/security-releases", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2024/feb/06/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/feb/06/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2024/feb/06/security-releases/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24680", "reference_id": "CVE-2024-24680", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24680" }, { "reference_url": "https://github.com/advisories/GHSA-xxj9-f6rv-m3x4", "reference_id": "GHSA-xxj9-f6rv-m3x4", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-xxj9-f6rv-m3x4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39588?format=api", "purl": "pkg:pypi/django@3.2.24", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fsaw-3ta1-x3dw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.24" }, { "url": "http://public2.vulnerablecode.io/api/packages/39589?format=api", "purl": "pkg:pypi/django@4.2.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ft7-rbey-kuhx" }, { "vulnerability": "VCID-4kcg-gx5y-cuaw" }, { "vulnerability": "VCID-5xtt-au84-zbb2" }, { "vulnerability": "VCID-7c5n-nzwk-v7bz" }, { "vulnerability": "VCID-9gq3-whr8-s7b8" }, { "vulnerability": "VCID-9kvc-1bdz-n3bd" }, { "vulnerability": "VCID-bb8b-hq41-s7a6" }, { "vulnerability": "VCID-e12b-tw2c-53c9" }, { "vulnerability": "VCID-e8j6-mybr-17fh" }, { "vulnerability": "VCID-fcg9-xypn-ykhf" }, { "vulnerability": "VCID-fsaw-3ta1-x3dw" }, { "vulnerability": "VCID-ga69-9y5g-77c3" }, { "vulnerability": "VCID-ga7z-wj4j-63h1" }, { "vulnerability": "VCID-hsjn-xnpp-5yeh" }, { "vulnerability": "VCID-jgv9-vdbm-sycd" }, { "vulnerability": "VCID-jybd-p65h-xffy" }, { "vulnerability": "VCID-kxdd-yzp3-r7cb" }, { "vulnerability": "VCID-pa7y-gpwp-6qgj" }, { "vulnerability": "VCID-phkp-9abp-f3dq" }, { "vulnerability": "VCID-qy1a-x3ff-4bc8" }, { "vulnerability": "VCID-r1vx-vv7d-gqaj" }, { "vulnerability": "VCID-rqqc-ta7c-ykgx" }, { "vulnerability": "VCID-s1rj-1xbw-fbg5" }, { "vulnerability": "VCID-shch-yusm-1uck" }, { "vulnerability": "VCID-shjc-2j68-2yfy" }, { "vulnerability": "VCID-tktt-vg92-6kae" }, { "vulnerability": "VCID-tuqc-c251-h7ds" }, { "vulnerability": "VCID-ud73-4t2c-n3at" }, { "vulnerability": "VCID-vgq9-s6th-yufg" }, { "vulnerability": "VCID-wa3g-27sx-mbcw" }, { "vulnerability": "VCID-whgc-pt2s-77ar" }, { "vulnerability": "VCID-xcmd-18ck-gqae" }, { "vulnerability": "VCID-ynt9-h6ww-h7e9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/39590?format=api", "purl": "pkg:pypi/django@5.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ft7-rbey-kuhx" }, { "vulnerability": "VCID-9gq3-whr8-s7b8" }, { "vulnerability": "VCID-e12b-tw2c-53c9" }, { "vulnerability": "VCID-e8j6-mybr-17fh" }, { "vulnerability": "VCID-fsaw-3ta1-x3dw" }, { "vulnerability": "VCID-hsjn-xnpp-5yeh" }, { "vulnerability": "VCID-jgv9-vdbm-sycd" }, { "vulnerability": "VCID-pa7y-gpwp-6qgj" }, { "vulnerability": "VCID-qw15-2kq7-wqed" }, { "vulnerability": "VCID-qy1a-x3ff-4bc8" }, { "vulnerability": "VCID-rqqc-ta7c-ykgx" }, { "vulnerability": "VCID-s1rj-1xbw-fbg5" }, { "vulnerability": "VCID-ud73-4t2c-n3at" }, { "vulnerability": "VCID-vgq9-s6th-yufg" }, { "vulnerability": "VCID-xcmd-18ck-gqae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.2" } ], "aliases": [ "CVE-2024-24680", "GHSA-xxj9-f6rv-m3x4", "PYSEC-2024-28" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yuda-1mur-8bbq" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.2" }