{"url":"http://public2.vulnerablecode.io/api/packages/410627?format=json","purl":"pkg:pypi/django-sql-explorer@0.9.2","type":"pypi","namespace":"","name":"django-sql-explorer","version":"0.9.2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.1","latest_non_vulnerable_version":"1.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/361852?format=json","vulnerability_id":"VCID-e2f3-h83b-wqdf","summary":"This package is vulnerable to Cross-Site Scripting (XSS) attacks. The autoescaping method was disabled by default, allowing an attacker to alter database values.","references":[{"reference_url":"https://github.com/groveco/django-sql-explorer/commit/adb3bf8b12350e875b02db43409ca07c7368f576","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/groveco/django-sql-explorer/commit/adb3bf8b12350e875b02db43409ca07c7368f576"},{"reference_url":"https://github.com/groveco/django-sql-explorer/issues/267","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/groveco/django-sql-explorer/issues/267"},{"reference_url":"https://github.com/groveco/django-sql-explorer/pull/286","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/groveco/django-sql-explorer/pull/286"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/388748?format=json","purl":"pkg:pypi/django-sql-explorer@1.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django-sql-explorer@1.1"}],"aliases":["GMS-2016-94"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e2f3-h83b-wqdf"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django-sql-explorer@0.9.2"}