{"url":"http://public2.vulnerablecode.io/api/packages/41843?format=json","purl":"pkg:pypi/django@5.0.7","type":"pypi","namespace":"","name":"django","version":"5.0.7","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"5.0.14","latest_non_vulnerable_version":"6.0.5","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36951?format=json","vulnerability_id":"VCID-2ft7-rbey-kuhx","summary":"An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. (Applications that use the jsonfield.has_key lookup via __ are unaffected.)","references":[{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://groups.google.com/g/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/g/django-announce"},{"reference_url":"https://www.openwall.com/lists/oss-security/2024/12/04/3","reference_id":"","reference_type":"","scores":[],"url":"https://www.openwall.com/lists/oss-security/2024/12/04/3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44199?format=json","purl":"pkg:pypi/django@5.0.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-pa7y-gpwp-6qgj"},{"vulnerability":"VCID-qw15-2kq7-wqed"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.10"},{"url":"http://public2.vulnerablecode.io/api/packages/44198?format=json","purl":"pkg:pypi/django@5.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5xtt-au84-zbb2"},{"vulnerability":"VCID-7c5n-nzwk-v7bz"},{"vulnerability":"VCID-9kvc-1bdz-n3bd"},{"vulnerability":"VCID-bb8b-hq41-s7a6"},{"vulnerability":"VCID-fcg9-xypn-ykhf"},{"vulnerability":"VCID-ga69-9y5g-77c3"},{"vulnerability":"VCID-pa7y-gpwp-6qgj"},{"vulnerability":"VCID-qw15-2kq7-wqed"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"},{"vulnerability":"VCID-whgc-pt2s-77ar"},{"vulnerability":"VCID-ynt9-h6ww-h7e9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.4"}],"aliases":["CVE-2024-53908","PYSEC-2024-157"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2ft7-rbey-kuhx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36847?format=json","vulnerability_id":"VCID-e12b-tw2c-53c9","summary":"An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.","references":[{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://groups.google.com/forum/#%21forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#%21forum/django-announce"},{"reference_url":"https://www.djangoproject.com/weblog/2024/aug/06/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2024/aug/06/security-releases/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/42126?format=json","purl":"pkg:pypi/django@5.0.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ft7-rbey-kuhx"},{"vulnerability":"VCID-hsjn-xnpp-5yeh"},{"vulnerability":"VCID-pa7y-gpwp-6qgj"},{"vulnerability":"VCID-qw15-2kq7-wqed"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"},{"vulnerability":"VCID-ud73-4t2c-n3at"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.8"}],"aliases":["CVE-2024-41991","PYSEC-2024-69"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e12b-tw2c-53c9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36884?format=json","vulnerability_id":"VCID-hsjn-xnpp-5yeh","summary":"An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.","references":[{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://groups.google.com/forum/#%21forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#%21forum/django-announce"},{"reference_url":"https://www.djangoproject.com/weblog/2024/sep/03/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2024/sep/03/security-releases/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/43562?format=json","purl":"pkg:pypi/django@5.0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ft7-rbey-kuhx"},{"vulnerability":"VCID-pa7y-gpwp-6qgj"},{"vulnerability":"VCID-qw15-2kq7-wqed"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"},{"vulnerability":"VCID-ud73-4t2c-n3at"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.9"},{"url":"http://public2.vulnerablecode.io/api/packages/43561?format=json","purl":"pkg:pypi/django@5.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ft7-rbey-kuhx"},{"vulnerability":"VCID-5xtt-au84-zbb2"},{"vulnerability":"VCID-7c5n-nzwk-v7bz"},{"vulnerability":"VCID-9kvc-1bdz-n3bd"},{"vulnerability":"VCID-bb8b-hq41-s7a6"},{"vulnerability":"VCID-fcg9-xypn-ykhf"},{"vulnerability":"VCID-ga69-9y5g-77c3"},{"vulnerability":"VCID-pa7y-gpwp-6qgj"},{"vulnerability":"VCID-qw15-2kq7-wqed"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"},{"vulnerability":"VCID-ud73-4t2c-n3at"},{"vulnerability":"VCID-whgc-pt2s-77ar"},{"vulnerability":"VCID-ynt9-h6ww-h7e9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.1"}],"aliases":["CVE-2024-45230","PYSEC-2024-102"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hsjn-xnpp-5yeh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36849?format=json","vulnerability_id":"VCID-jgv9-vdbm-sycd","summary":"An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent.","references":[{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://groups.google.com/forum/#%21forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#%21forum/django-announce"},{"reference_url":"https://www.djangoproject.com/weblog/2024/aug/06/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2024/aug/06/security-releases/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/42126?format=json","purl":"pkg:pypi/django@5.0.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ft7-rbey-kuhx"},{"vulnerability":"VCID-hsjn-xnpp-5yeh"},{"vulnerability":"VCID-pa7y-gpwp-6qgj"},{"vulnerability":"VCID-qw15-2kq7-wqed"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"},{"vulnerability":"VCID-ud73-4t2c-n3at"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.8"}],"aliases":["CVE-2024-41989","PYSEC-2024-67"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jgv9-vdbm-sycd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36958?format=json","vulnerability_id":"VCID-pa7y-gpwp-6qgj","summary":"An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (The django.db.models.GenericIPAddressField model field is not affected.)","references":[{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://groups.google.com/g/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/g/django-announce"},{"reference_url":"https://www.djangoproject.com/weblog/2025/jan/14/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2025/jan/14/security-releases/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/01/14/2","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2025/01/14/2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44333?format=json","purl":"pkg:pypi/django@5.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-qw15-2kq7-wqed"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.11"},{"url":"http://public2.vulnerablecode.io/api/packages/44332?format=json","purl":"pkg:pypi/django@5.1.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5xtt-au84-zbb2"},{"vulnerability":"VCID-7c5n-nzwk-v7bz"},{"vulnerability":"VCID-9kvc-1bdz-n3bd"},{"vulnerability":"VCID-bb8b-hq41-s7a6"},{"vulnerability":"VCID-fcg9-xypn-ykhf"},{"vulnerability":"VCID-ga69-9y5g-77c3"},{"vulnerability":"VCID-qw15-2kq7-wqed"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"},{"vulnerability":"VCID-whgc-pt2s-77ar"},{"vulnerability":"VCID-ynt9-h6ww-h7e9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.5"}],"aliases":["CVE-2024-56374","PYSEC-2025-1"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pa7y-gpwp-6qgj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37034?format=json","vulnerability_id":"VCID-qw15-2kq7-wqed","summary":"An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.","references":[{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://groups.google.com/g/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/g/django-announce"},{"reference_url":"https://www.djangoproject.com/weblog/2025/apr/02/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2025/apr/02/security-releases/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/04/02/2","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2025/04/02/2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44735?format=json","purl":"pkg:pypi/django@5.0.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.14"},{"url":"http://public2.vulnerablecode.io/api/packages/44734?format=json","purl":"pkg:pypi/django@5.1.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5xtt-au84-zbb2"},{"vulnerability":"VCID-7c5n-nzwk-v7bz"},{"vulnerability":"VCID-9kvc-1bdz-n3bd"},{"vulnerability":"VCID-bb8b-hq41-s7a6"},{"vulnerability":"VCID-fcg9-xypn-ykhf"},{"vulnerability":"VCID-ga69-9y5g-77c3"},{"vulnerability":"VCID-whgc-pt2s-77ar"},{"vulnerability":"VCID-ynt9-h6ww-h7e9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.8"}],"aliases":["CVE-2025-27556","PYSEC-2025-14"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qw15-2kq7-wqed"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36984?format=json","vulnerability_id":"VCID-qy1a-x3ff-4bc8","summary":"An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap() method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings.","references":[{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://groups.google.com/g/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/g/django-announce"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00012.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00012.html"},{"reference_url":"https://www.djangoproject.com/weblog/2025/mar/06/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2025/mar/06/security-releases/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/03/06/12","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2025/03/06/12"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44602?format=json","purl":"pkg:pypi/django@5.0.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-qw15-2kq7-wqed"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.13"},{"url":"http://public2.vulnerablecode.io/api/packages/44601?format=json","purl":"pkg:pypi/django@5.1.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5xtt-au84-zbb2"},{"vulnerability":"VCID-7c5n-nzwk-v7bz"},{"vulnerability":"VCID-9kvc-1bdz-n3bd"},{"vulnerability":"VCID-bb8b-hq41-s7a6"},{"vulnerability":"VCID-fcg9-xypn-ykhf"},{"vulnerability":"VCID-ga69-9y5g-77c3"},{"vulnerability":"VCID-qw15-2kq7-wqed"},{"vulnerability":"VCID-whgc-pt2s-77ar"},{"vulnerability":"VCID-ynt9-h6ww-h7e9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.7"}],"aliases":["CVE-2025-26699","PYSEC-2025-13"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qy1a-x3ff-4bc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36848?format=json","vulnerability_id":"VCID-rqqc-ta7c-ykgx","summary":"An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.","references":[{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://groups.google.com/forum/#%21forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#%21forum/django-announce"},{"reference_url":"https://www.djangoproject.com/weblog/2024/aug/06/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2024/aug/06/security-releases/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/42126?format=json","purl":"pkg:pypi/django@5.0.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ft7-rbey-kuhx"},{"vulnerability":"VCID-hsjn-xnpp-5yeh"},{"vulnerability":"VCID-pa7y-gpwp-6qgj"},{"vulnerability":"VCID-qw15-2kq7-wqed"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"},{"vulnerability":"VCID-ud73-4t2c-n3at"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.8"}],"aliases":["CVE-2024-41990","PYSEC-2024-68"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rqqc-ta7c-ykgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36950?format=json","vulnerability_id":"VCID-ud73-4t2c-n3at","summary":"An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities.","references":[{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://groups.google.com/g/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/g/django-announce"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/12/msg00028.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2024/12/msg00028.html"},{"reference_url":"https://www.openwall.com/lists/oss-security/2024/12/04/3","reference_id":"","reference_type":"","scores":[],"url":"https://www.openwall.com/lists/oss-security/2024/12/04/3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44199?format=json","purl":"pkg:pypi/django@5.0.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-pa7y-gpwp-6qgj"},{"vulnerability":"VCID-qw15-2kq7-wqed"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.10"},{"url":"http://public2.vulnerablecode.io/api/packages/44198?format=json","purl":"pkg:pypi/django@5.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5xtt-au84-zbb2"},{"vulnerability":"VCID-7c5n-nzwk-v7bz"},{"vulnerability":"VCID-9kvc-1bdz-n3bd"},{"vulnerability":"VCID-bb8b-hq41-s7a6"},{"vulnerability":"VCID-fcg9-xypn-ykhf"},{"vulnerability":"VCID-ga69-9y5g-77c3"},{"vulnerability":"VCID-pa7y-gpwp-6qgj"},{"vulnerability":"VCID-qw15-2kq7-wqed"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"},{"vulnerability":"VCID-whgc-pt2s-77ar"},{"vulnerability":"VCID-ynt9-h6ww-h7e9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.4"}],"aliases":["CVE-2024-53907","PYSEC-2024-156"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ud73-4t2c-n3at"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36850?format=json","vulnerability_id":"VCID-xcmd-18ck-gqae","summary":"An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.","references":[{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://groups.google.com/forum/#%21forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#%21forum/django-announce"},{"reference_url":"https://www.djangoproject.com/weblog/2024/aug/06/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2024/aug/06/security-releases/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/42126?format=json","purl":"pkg:pypi/django@5.0.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ft7-rbey-kuhx"},{"vulnerability":"VCID-hsjn-xnpp-5yeh"},{"vulnerability":"VCID-pa7y-gpwp-6qgj"},{"vulnerability":"VCID-qw15-2kq7-wqed"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"},{"vulnerability":"VCID-ud73-4t2c-n3at"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.8"}],"aliases":["CVE-2024-42005","PYSEC-2024-70"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xcmd-18ck-gqae"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36828?format=json","vulnerability_id":"VCID-9gq3-whr8-s7b8","summary":"An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets.","references":[{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://groups.google.com/forum/#%21forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#%21forum/django-announce"},{"reference_url":"https://www.djangoproject.com/weblog/2024/jul/09/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2024/jul/09/security-releases/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41844?format=json","purl":"pkg:pypi/django@4.2.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ft7-rbey-kuhx"},{"vulnerability":"VCID-4kcg-gx5y-cuaw"},{"vulnerability":"VCID-5xtt-au84-zbb2"},{"vulnerability":"VCID-7c5n-nzwk-v7bz"},{"vulnerability":"VCID-9kvc-1bdz-n3bd"},{"vulnerability":"VCID-bb8b-hq41-s7a6"},{"vulnerability":"VCID-e12b-tw2c-53c9"},{"vulnerability":"VCID-fcg9-xypn-ykhf"},{"vulnerability":"VCID-ga69-9y5g-77c3"},{"vulnerability":"VCID-ga7z-wj4j-63h1"},{"vulnerability":"VCID-hsjn-xnpp-5yeh"},{"vulnerability":"VCID-jgv9-vdbm-sycd"},{"vulnerability":"VCID-jybd-p65h-xffy"},{"vulnerability":"VCID-kxdd-yzp3-r7cb"},{"vulnerability":"VCID-pa7y-gpwp-6qgj"},{"vulnerability":"VCID-phkp-9abp-f3dq"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"},{"vulnerability":"VCID-r1vx-vv7d-gqaj"},{"vulnerability":"VCID-rqqc-ta7c-ykgx"},{"vulnerability":"VCID-shch-yusm-1uck"},{"vulnerability":"VCID-shjc-2j68-2yfy"},{"vulnerability":"VCID-tktt-vg92-6kae"},{"vulnerability":"VCID-tuqc-c251-h7ds"},{"vulnerability":"VCID-ud73-4t2c-n3at"},{"vulnerability":"VCID-wa3g-27sx-mbcw"},{"vulnerability":"VCID-whgc-pt2s-77ar"},{"vulnerability":"VCID-xcmd-18ck-gqae"},{"vulnerability":"VCID-ynt9-h6ww-h7e9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/41843?format=json","purl":"pkg:pypi/django@5.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ft7-rbey-kuhx"},{"vulnerability":"VCID-e12b-tw2c-53c9"},{"vulnerability":"VCID-hsjn-xnpp-5yeh"},{"vulnerability":"VCID-jgv9-vdbm-sycd"},{"vulnerability":"VCID-pa7y-gpwp-6qgj"},{"vulnerability":"VCID-qw15-2kq7-wqed"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"},{"vulnerability":"VCID-rqqc-ta7c-ykgx"},{"vulnerability":"VCID-ud73-4t2c-n3at"},{"vulnerability":"VCID-xcmd-18ck-gqae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.7"}],"aliases":["CVE-2024-38875","PYSEC-2024-56"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9gq3-whr8-s7b8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36827?format=json","vulnerability_id":"VCID-e8j6-mybr-17fh","summary":"An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations from the parent class, potentially allow directory traversal via certain inputs during a save() call. (Built-in Storage sub-classes are unaffected.)","references":[{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://groups.google.com/forum/#%21forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#%21forum/django-announce"},{"reference_url":"https://www.djangoproject.com/weblog/2024/jul/09/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2024/jul/09/security-releases/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41844?format=json","purl":"pkg:pypi/django@4.2.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ft7-rbey-kuhx"},{"vulnerability":"VCID-4kcg-gx5y-cuaw"},{"vulnerability":"VCID-5xtt-au84-zbb2"},{"vulnerability":"VCID-7c5n-nzwk-v7bz"},{"vulnerability":"VCID-9kvc-1bdz-n3bd"},{"vulnerability":"VCID-bb8b-hq41-s7a6"},{"vulnerability":"VCID-e12b-tw2c-53c9"},{"vulnerability":"VCID-fcg9-xypn-ykhf"},{"vulnerability":"VCID-ga69-9y5g-77c3"},{"vulnerability":"VCID-ga7z-wj4j-63h1"},{"vulnerability":"VCID-hsjn-xnpp-5yeh"},{"vulnerability":"VCID-jgv9-vdbm-sycd"},{"vulnerability":"VCID-jybd-p65h-xffy"},{"vulnerability":"VCID-kxdd-yzp3-r7cb"},{"vulnerability":"VCID-pa7y-gpwp-6qgj"},{"vulnerability":"VCID-phkp-9abp-f3dq"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"},{"vulnerability":"VCID-r1vx-vv7d-gqaj"},{"vulnerability":"VCID-rqqc-ta7c-ykgx"},{"vulnerability":"VCID-shch-yusm-1uck"},{"vulnerability":"VCID-shjc-2j68-2yfy"},{"vulnerability":"VCID-tktt-vg92-6kae"},{"vulnerability":"VCID-tuqc-c251-h7ds"},{"vulnerability":"VCID-ud73-4t2c-n3at"},{"vulnerability":"VCID-wa3g-27sx-mbcw"},{"vulnerability":"VCID-whgc-pt2s-77ar"},{"vulnerability":"VCID-xcmd-18ck-gqae"},{"vulnerability":"VCID-ynt9-h6ww-h7e9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/41843?format=json","purl":"pkg:pypi/django@5.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ft7-rbey-kuhx"},{"vulnerability":"VCID-e12b-tw2c-53c9"},{"vulnerability":"VCID-hsjn-xnpp-5yeh"},{"vulnerability":"VCID-jgv9-vdbm-sycd"},{"vulnerability":"VCID-pa7y-gpwp-6qgj"},{"vulnerability":"VCID-qw15-2kq7-wqed"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"},{"vulnerability":"VCID-rqqc-ta7c-ykgx"},{"vulnerability":"VCID-ud73-4t2c-n3at"},{"vulnerability":"VCID-xcmd-18ck-gqae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.7"}],"aliases":["CVE-2024-39330","PYSEC-2024-58"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e8j6-mybr-17fh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36826?format=json","vulnerability_id":"VCID-s1rj-1xbw-fbg5","summary":"An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters.","references":[{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://groups.google.com/forum/#%21forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#%21forum/django-announce"},{"reference_url":"https://www.djangoproject.com/weblog/2024/jul/09/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2024/jul/09/security-releases/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41844?format=json","purl":"pkg:pypi/django@4.2.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ft7-rbey-kuhx"},{"vulnerability":"VCID-4kcg-gx5y-cuaw"},{"vulnerability":"VCID-5xtt-au84-zbb2"},{"vulnerability":"VCID-7c5n-nzwk-v7bz"},{"vulnerability":"VCID-9kvc-1bdz-n3bd"},{"vulnerability":"VCID-bb8b-hq41-s7a6"},{"vulnerability":"VCID-e12b-tw2c-53c9"},{"vulnerability":"VCID-fcg9-xypn-ykhf"},{"vulnerability":"VCID-ga69-9y5g-77c3"},{"vulnerability":"VCID-ga7z-wj4j-63h1"},{"vulnerability":"VCID-hsjn-xnpp-5yeh"},{"vulnerability":"VCID-jgv9-vdbm-sycd"},{"vulnerability":"VCID-jybd-p65h-xffy"},{"vulnerability":"VCID-kxdd-yzp3-r7cb"},{"vulnerability":"VCID-pa7y-gpwp-6qgj"},{"vulnerability":"VCID-phkp-9abp-f3dq"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"},{"vulnerability":"VCID-r1vx-vv7d-gqaj"},{"vulnerability":"VCID-rqqc-ta7c-ykgx"},{"vulnerability":"VCID-shch-yusm-1uck"},{"vulnerability":"VCID-shjc-2j68-2yfy"},{"vulnerability":"VCID-tktt-vg92-6kae"},{"vulnerability":"VCID-tuqc-c251-h7ds"},{"vulnerability":"VCID-ud73-4t2c-n3at"},{"vulnerability":"VCID-wa3g-27sx-mbcw"},{"vulnerability":"VCID-whgc-pt2s-77ar"},{"vulnerability":"VCID-xcmd-18ck-gqae"},{"vulnerability":"VCID-ynt9-h6ww-h7e9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/41843?format=json","purl":"pkg:pypi/django@5.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ft7-rbey-kuhx"},{"vulnerability":"VCID-e12b-tw2c-53c9"},{"vulnerability":"VCID-hsjn-xnpp-5yeh"},{"vulnerability":"VCID-jgv9-vdbm-sycd"},{"vulnerability":"VCID-pa7y-gpwp-6qgj"},{"vulnerability":"VCID-qw15-2kq7-wqed"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"},{"vulnerability":"VCID-rqqc-ta7c-ykgx"},{"vulnerability":"VCID-ud73-4t2c-n3at"},{"vulnerability":"VCID-xcmd-18ck-gqae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.7"}],"aliases":["CVE-2024-39614","PYSEC-2024-59"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s1rj-1xbw-fbg5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36829?format=json","vulnerability_id":"VCID-vgq9-s6th-yufg","summary":"An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate() method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password.","references":[{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://groups.google.com/forum/#%21forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#%21forum/django-announce"},{"reference_url":"https://www.djangoproject.com/weblog/2024/jul/09/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2024/jul/09/security-releases/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41844?format=json","purl":"pkg:pypi/django@4.2.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ft7-rbey-kuhx"},{"vulnerability":"VCID-4kcg-gx5y-cuaw"},{"vulnerability":"VCID-5xtt-au84-zbb2"},{"vulnerability":"VCID-7c5n-nzwk-v7bz"},{"vulnerability":"VCID-9kvc-1bdz-n3bd"},{"vulnerability":"VCID-bb8b-hq41-s7a6"},{"vulnerability":"VCID-e12b-tw2c-53c9"},{"vulnerability":"VCID-fcg9-xypn-ykhf"},{"vulnerability":"VCID-ga69-9y5g-77c3"},{"vulnerability":"VCID-ga7z-wj4j-63h1"},{"vulnerability":"VCID-hsjn-xnpp-5yeh"},{"vulnerability":"VCID-jgv9-vdbm-sycd"},{"vulnerability":"VCID-jybd-p65h-xffy"},{"vulnerability":"VCID-kxdd-yzp3-r7cb"},{"vulnerability":"VCID-pa7y-gpwp-6qgj"},{"vulnerability":"VCID-phkp-9abp-f3dq"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"},{"vulnerability":"VCID-r1vx-vv7d-gqaj"},{"vulnerability":"VCID-rqqc-ta7c-ykgx"},{"vulnerability":"VCID-shch-yusm-1uck"},{"vulnerability":"VCID-shjc-2j68-2yfy"},{"vulnerability":"VCID-tktt-vg92-6kae"},{"vulnerability":"VCID-tuqc-c251-h7ds"},{"vulnerability":"VCID-ud73-4t2c-n3at"},{"vulnerability":"VCID-wa3g-27sx-mbcw"},{"vulnerability":"VCID-whgc-pt2s-77ar"},{"vulnerability":"VCID-xcmd-18ck-gqae"},{"vulnerability":"VCID-ynt9-h6ww-h7e9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/41843?format=json","purl":"pkg:pypi/django@5.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ft7-rbey-kuhx"},{"vulnerability":"VCID-e12b-tw2c-53c9"},{"vulnerability":"VCID-hsjn-xnpp-5yeh"},{"vulnerability":"VCID-jgv9-vdbm-sycd"},{"vulnerability":"VCID-pa7y-gpwp-6qgj"},{"vulnerability":"VCID-qw15-2kq7-wqed"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"},{"vulnerability":"VCID-rqqc-ta7c-ykgx"},{"vulnerability":"VCID-ud73-4t2c-n3at"},{"vulnerability":"VCID-xcmd-18ck-gqae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.7"}],"aliases":["CVE-2024-39329","PYSEC-2024-57"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vgq9-s6th-yufg"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.7"}