Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:apk/alpine/py3-django@3.2.14-r0?arch=x86_64&distroversion=edge&reponame=community

Type apk

Namespace alpine

Name py3-django

Version 3.2.14-r0

Qualifiers

arch	x86_64
distroversion	edge
reponame	community

Subpath

Is_vulnerable false

Next_non_vulnerable_version 3.2.15-r0

Latest_non_vulnerable_version 5.2.13-r0

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-t6uc-dfrd-jyfg

vulnerability_id VCID-t6uc-dfrd-jyfg

summary An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34265.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34265.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-34265

reference_id

reference_type

scores

value	0.92834
scoring_system	epss
scoring_elements	0.99764
published_at	2026-04-09T12:55:00Z

value	0.92834
scoring_system	epss
scoring_elements	0.99763
published_at	2026-04-13T12:55:00Z

value	0.92834
scoring_system	epss
scoring_elements	0.99762
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-34265

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22818
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22818

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23833
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23833

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28346
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28346

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28347
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28347

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34265
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34265

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36359
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36359

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41323
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41323

reference_url

https://docs.djangoproject.com/en/4.0/releases/security

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://docs.djangoproject.com/en/4.0/releases/security

reference_url	https://docs.djangoproject.com/en/4.0/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/4.0/releases/security/

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/advisories/GHSA-p64x-8rxx-wf6q

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-p64x-8rxx-wf6q

reference_url

https://github.com/django/django

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django

reference_url

https://github.com/django/django/commit/0dc9c016fadb71a067e5a42be30164e3f96c0492

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/0dc9c016fadb71a067e5a42be30164e3f96c0492

reference_url

https://github.com/django/django/commit/5e2f4ddf2940704a26a4ac782b851989668d74db

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/5e2f4ddf2940704a26a4ac782b851989668d74db

reference_url

https://github.com/django/django/commit/877c800f255ccaa7abde1fb944de45d1616f5cc9

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/877c800f255ccaa7abde1fb944de45d1616f5cc9

reference_url

https://github.com/django/django/commit/a9010fe5555e6086a9d9ae50069579400ef0685e

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/a9010fe5555e6086a9d9ae50069579400ef0685e

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-213.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-213.yaml

reference_url

https://groups.google.com/forum/#!forum/django-announce

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!forum/django-announce

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-34265

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-34265

reference_url

https://security.netapp.com/advisory/ntap-20220818-0006

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220818-0006

reference_url

https://www.debian.org/security/2022/dsa-5254

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2022/dsa-5254

reference_url

https://www.djangoproject.com/weblog/2022/jul/04/security-releases

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.djangoproject.com/weblog/2022/jul/04/security-releases

reference_url	https://www.djangoproject.com/weblog/2022/jul/04/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2022/jul/04/security-releases/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014541
reference_id	1014541
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014541

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2102896
reference_id	2102896
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2102896

reference_url

https://security.archlinux.org/AVG-2788

reference_id

AVG-2788

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2788

reference_url	https://security.gentoo.org/glsa/202509-03
reference_id	GLSA-202509-03
reference_type
scores
url	https://security.gentoo.org/glsa/202509-03

reference_url	https://access.redhat.com/errata/RHSA-2022:5738
reference_id	RHSA-2022:5738
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5738

reference_url	https://access.redhat.com/errata/RHSA-2022:8506
reference_id	RHSA-2022:8506
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8506

reference_url	https://usn.ubuntu.com/5501-1/
reference_id	USN-5501-1
reference_type
scores
url	https://usn.ubuntu.com/5501-1/

fixed_packages

url	pkg:apk/alpine/py3-django@3.2.14-r0?arch=x86_64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/py3-django@3.2.14-r0?arch=x86_64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/py3-django@3.2.14-r0%3Farch=x86_64&distroversion=edge&reponame=community

aliases BIT-django-2022-34265, CVE-2022-34265, GHSA-p64x-8rxx-wf6q, PYSEC-2022-213

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t6uc-dfrd-jyfg

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/py3-django@3.2.14-r0%3Farch=x86_64&distroversion=edge&reponame=community

Package Instance