{"url":"http://public2.vulnerablecode.io/api/packages/42126?format=json","purl":"pkg:pypi/django@5.0.8","type":"pypi","namespace":"","name":"django","version":"5.0.8","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"5.0.14","latest_non_vulnerable_version":"6.0.5","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36951?format=json","vulnerability_id":"VCID-2ft7-rbey-kuhx","summary":"An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. (Applications that use the jsonfield.has_key lookup via __ are unaffected.)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53908.json","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53908.json"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-157.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-157.yaml"},{"reference_url":"https://groups.google.com/g/django-announce","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/django-announce"},{"reference_url":"https://www.djangoproject.com/weblog/2024/dec/04/security-releases","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2024/dec/04/security-releases"},{"reference_url":"https://www.openwall.com/lists/oss-security/2024/12/04/3","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2024/12/04/3"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2329287","reference_id":"2329287","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2329287"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53908","reference_id":"CVE-2024-53908","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53908"},{"reference_url":"https://github.com/advisories/GHSA-m9g8-fxxm-xg86","reference_id":"GHSA-m9g8-fxxm-xg86","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-m9g8-fxxm-xg86"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11144","reference_id":"RHSA-2024:11144","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11144"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11146","reference_id":"RHSA-2024:11146","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11146"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0340","reference_id":"RHSA-2025:0340","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0340"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0721","reference_id":"RHSA-2025:0721","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0721"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44199?format=json","purl":"pkg:pypi/django@5.0.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-pa7y-gpwp-6qgj"},{"vulnerability":"VCID-qw15-2kq7-wqed"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.10"},{"url":"http://public2.vulnerablecode.io/api/packages/44198?format=json","purl":"pkg:pypi/django@5.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5xtt-au84-zbb2"},{"vulnerability":"VCID-7c5n-nzwk-v7bz"},{"vulnerability":"VCID-9kvc-1bdz-n3bd"},{"vulnerability":"VCID-bb8b-hq41-s7a6"},{"vulnerability":"VCID-fcg9-xypn-ykhf"},{"vulnerability":"VCID-ga69-9y5g-77c3"},{"vulnerability":"VCID-pa7y-gpwp-6qgj"},{"vulnerability":"VCID-qw15-2kq7-wqed"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"},{"vulnerability":"VCID-whgc-pt2s-77ar"},{"vulnerability":"VCID-ynt9-h6ww-h7e9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.4"}],"aliases":["CVE-2024-53908","GHSA-m9g8-fxxm-xg86","PYSEC-2024-157"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2ft7-rbey-kuhx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36884?format=json","vulnerability_id":"VCID-hsjn-xnpp-5yeh","summary":"An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45230.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45230.json"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/022ab0a75c76ab2ea31dfcc5f2cf5501e378d397","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/022ab0a75c76ab2ea31dfcc5f2cf5501e378d397"},{"reference_url":"https://github.com/django/django/commit/813de2672bd7361e9a453ab62cd6e52f96b6525b","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/813de2672bd7361e9a453ab62cd6e52f96b6525b"},{"reference_url":"https://github.com/django/django/commit/d147a8ebbdf28c17cafbbe2884f0bc57e2bf82e2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/d147a8ebbdf28c17cafbbe2884f0bc57e2bf82e2"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-102.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-102.yaml"},{"reference_url":"https://groups.google.com/forum/#%21forum/django-announce","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#%21forum/django-announce"},{"reference_url":"https://www.djangoproject.com/weblog/2024/sep/03/security-releases","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2024/sep/03/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2024/sep/03/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2024/sep/03/security-releases/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2314485","reference_id":"2314485","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2314485"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45230","reference_id":"CVE-2024-45230","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45230"},{"reference_url":"https://github.com/advisories/GHSA-5hgc-2vfp-mqvc","reference_id":"GHSA-5hgc-2vfp-mqvc","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5hgc-2vfp-mqvc"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8534","reference_id":"RHSA-2024:8534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8534"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/43562?format=json","purl":"pkg:pypi/django@5.0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ft7-rbey-kuhx"},{"vulnerability":"VCID-pa7y-gpwp-6qgj"},{"vulnerability":"VCID-qw15-2kq7-wqed"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"},{"vulnerability":"VCID-ud73-4t2c-n3at"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.9"},{"url":"http://public2.vulnerablecode.io/api/packages/43561?format=json","purl":"pkg:pypi/django@5.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ft7-rbey-kuhx"},{"vulnerability":"VCID-5xtt-au84-zbb2"},{"vulnerability":"VCID-7c5n-nzwk-v7bz"},{"vulnerability":"VCID-9kvc-1bdz-n3bd"},{"vulnerability":"VCID-bb8b-hq41-s7a6"},{"vulnerability":"VCID-fcg9-xypn-ykhf"},{"vulnerability":"VCID-ga69-9y5g-77c3"},{"vulnerability":"VCID-pa7y-gpwp-6qgj"},{"vulnerability":"VCID-qw15-2kq7-wqed"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"},{"vulnerability":"VCID-ud73-4t2c-n3at"},{"vulnerability":"VCID-whgc-pt2s-77ar"},{"vulnerability":"VCID-ynt9-h6ww-h7e9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.1"}],"aliases":["CVE-2024-45230","GHSA-5hgc-2vfp-mqvc","PYSEC-2024-102"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hsjn-xnpp-5yeh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36958?format=json","vulnerability_id":"VCID-pa7y-gpwp-6qgj","summary":"An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (The django.db.models.GenericIPAddressField model field is not affected.)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56374.json","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56374.json"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/4806731e58f3e8700a3c802e77899d54ac6021fe","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/4806731e58f3e8700a3c802e77899d54ac6021fe"},{"reference_url":"https://github.com/django/django/commit/ad866a1ca3e7d60da888d25d27e46a8adb2ed36e","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/ad866a1ca3e7d60da888d25d27e46a8adb2ed36e"},{"reference_url":"https://github.com/django/django/commit/ca2be7724e1244a4cb723de40a070f873c6e94bf","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/ca2be7724e1244a4cb723de40a070f873c6e94bf"},{"reference_url":"https://github.com/django/django/commit/e8d4a2005955dcf962193600b53bf461b190b455","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/e8d4a2005955dcf962193600b53bf461b190b455"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-1.yaml"},{"reference_url":"https://groups.google.com/g/django-announce","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/django-announce"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00024.html","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00024.html"},{"reference_url":"https://www.djangoproject.com/weblog/2025/jan/14/security-releases","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2025/jan/14/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2025/jan/14/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2025/jan/14/security-releases/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/01/14/2","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/01/14/2"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093049","reference_id":"1093049","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093049"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2337996","reference_id":"2337996","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2337996"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-56374","reference_id":"CVE-2024-56374","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-56374"},{"reference_url":"https://github.com/advisories/GHSA-qcgg-j2x8-h9g8","reference_id":"GHSA-qcgg-j2x8-h9g8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qcgg-j2x8-h9g8"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0722","reference_id":"RHSA-2025:0722","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0722"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0777","reference_id":"RHSA-2025:0777","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0777"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0782","reference_id":"RHSA-2025:0782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2399","reference_id":"RHSA-2025:2399","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:2399"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4576","reference_id":"RHSA-2025:4576","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4576"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44333?format=json","purl":"pkg:pypi/django@5.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-qw15-2kq7-wqed"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.11"},{"url":"http://public2.vulnerablecode.io/api/packages/44332?format=json","purl":"pkg:pypi/django@5.1.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5xtt-au84-zbb2"},{"vulnerability":"VCID-7c5n-nzwk-v7bz"},{"vulnerability":"VCID-9kvc-1bdz-n3bd"},{"vulnerability":"VCID-bb8b-hq41-s7a6"},{"vulnerability":"VCID-fcg9-xypn-ykhf"},{"vulnerability":"VCID-ga69-9y5g-77c3"},{"vulnerability":"VCID-qw15-2kq7-wqed"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"},{"vulnerability":"VCID-whgc-pt2s-77ar"},{"vulnerability":"VCID-ynt9-h6ww-h7e9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.5"}],"aliases":["CVE-2024-56374","GHSA-qcgg-j2x8-h9g8","PYSEC-2025-1"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pa7y-gpwp-6qgj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37034?format=json","vulnerability_id":"VCID-qw15-2kq7-wqed","summary":"An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27556.json","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27556.json"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/2cb311f7b069723027fb5def4044d1816d7d2afd","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/2cb311f7b069723027fb5def4044d1816d7d2afd"},{"reference_url":"https://github.com/django/django/commit/39e2297210d9d2938c75fc911d45f0e863dc4821","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/39e2297210d9d2938c75fc911d45f0e863dc4821"},{"reference_url":"https://github.com/django/django/commit/8c6871b097b6c49d2a782c0d80d908bcbe2116f1","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/8c6871b097b6c49d2a782c0d80d908bcbe2116f1"},{"reference_url":"https://github.com/django/django/commit/edc2716d01a6fdd84b173c02031695231bcee1f8","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/edc2716d01a6fdd84b173c02031695231bcee1f8"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-14.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-14.yaml"},{"reference_url":"https://groups.google.com/g/django-announce","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/django-announce"},{"reference_url":"https://www.djangoproject.com/weblog/2025/apr/02/security-releases","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2025/apr/02/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2025/apr/02/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2025/apr/02/security-releases/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/04/02/2","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/04/02/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2356899","reference_id":"2356899","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2356899"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27556","reference_id":"CVE-2025-27556","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27556"},{"reference_url":"https://github.com/advisories/GHSA-wqfg-m96j-85vm","reference_id":"GHSA-wqfg-m96j-85vm","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-wqfg-m96j-85vm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44735?format=json","purl":"pkg:pypi/django@5.0.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.14"},{"url":"http://public2.vulnerablecode.io/api/packages/44734?format=json","purl":"pkg:pypi/django@5.1.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5xtt-au84-zbb2"},{"vulnerability":"VCID-7c5n-nzwk-v7bz"},{"vulnerability":"VCID-9kvc-1bdz-n3bd"},{"vulnerability":"VCID-bb8b-hq41-s7a6"},{"vulnerability":"VCID-fcg9-xypn-ykhf"},{"vulnerability":"VCID-ga69-9y5g-77c3"},{"vulnerability":"VCID-whgc-pt2s-77ar"},{"vulnerability":"VCID-ynt9-h6ww-h7e9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.8"}],"aliases":["CVE-2025-27556","GHSA-wqfg-m96j-85vm","PYSEC-2025-14"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qw15-2kq7-wqed"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36984?format=json","vulnerability_id":"VCID-qy1a-x3ff-4bc8","summary":"An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap() method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26699.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26699.json"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-13.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-13.yaml"},{"reference_url":"https://groups.google.com/g/django-announce","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/django-announce"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00012.html","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00012.html"},{"reference_url":"https://www.djangoproject.com/weblog/2025/mar/06/security-releases","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2025/mar/06/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2025/mar/06/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2025/mar/06/security-releases/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/03/06/12","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/03/06/12"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099682","reference_id":"1099682","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099682"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2348993","reference_id":"2348993","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2348993"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-26699","reference_id":"CVE-2025-26699","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-26699"},{"reference_url":"https://github.com/advisories/GHSA-p3fp-8748-vqfq","reference_id":"GHSA-p3fp-8748-vqfq","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-p3fp-8748-vqfq"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3160","reference_id":"RHSA-2025:3160","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3160"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3162","reference_id":"RHSA-2025:3162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3162"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3709","reference_id":"RHSA-2025:3709","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3709"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4553","reference_id":"RHSA-2025:4553","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4553"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8609","reference_id":"RHSA-2025:8609","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8609"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44602?format=json","purl":"pkg:pypi/django@5.0.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-qw15-2kq7-wqed"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.13"},{"url":"http://public2.vulnerablecode.io/api/packages/44601?format=json","purl":"pkg:pypi/django@5.1.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5xtt-au84-zbb2"},{"vulnerability":"VCID-7c5n-nzwk-v7bz"},{"vulnerability":"VCID-9kvc-1bdz-n3bd"},{"vulnerability":"VCID-bb8b-hq41-s7a6"},{"vulnerability":"VCID-fcg9-xypn-ykhf"},{"vulnerability":"VCID-ga69-9y5g-77c3"},{"vulnerability":"VCID-qw15-2kq7-wqed"},{"vulnerability":"VCID-whgc-pt2s-77ar"},{"vulnerability":"VCID-ynt9-h6ww-h7e9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.7"}],"aliases":["CVE-2025-26699","GHSA-p3fp-8748-vqfq","PYSEC-2025-13"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qy1a-x3ff-4bc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36950?format=json","vulnerability_id":"VCID-ud73-4t2c-n3at","summary":"An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53907.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53907.json"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-156.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-156.yaml"},{"reference_url":"https://groups.google.com/g/django-announce","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/django-announce"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/12/msg00028.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2024/12/msg00028.html"},{"reference_url":"https://www.djangoproject.com/weblog/2024/dec/04/security-releases","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2024/dec/04/security-releases"},{"reference_url":"https://www.openwall.com/lists/oss-security/2024/12/04/3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2024/12/04/3"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2329288","reference_id":"2329288","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2329288"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53907","reference_id":"CVE-2024-53907","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53907"},{"reference_url":"https://github.com/advisories/GHSA-8498-2h75-472j","reference_id":"GHSA-8498-2h75-472j","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-8498-2h75-472j"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11144","reference_id":"RHSA-2024:11144","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11144"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11146","reference_id":"RHSA-2024:11146","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11146"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0340","reference_id":"RHSA-2025:0340","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0340"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0777","reference_id":"RHSA-2025:0777","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0777"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44199?format=json","purl":"pkg:pypi/django@5.0.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-pa7y-gpwp-6qgj"},{"vulnerability":"VCID-qw15-2kq7-wqed"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.10"},{"url":"http://public2.vulnerablecode.io/api/packages/44198?format=json","purl":"pkg:pypi/django@5.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5xtt-au84-zbb2"},{"vulnerability":"VCID-7c5n-nzwk-v7bz"},{"vulnerability":"VCID-9kvc-1bdz-n3bd"},{"vulnerability":"VCID-bb8b-hq41-s7a6"},{"vulnerability":"VCID-fcg9-xypn-ykhf"},{"vulnerability":"VCID-ga69-9y5g-77c3"},{"vulnerability":"VCID-pa7y-gpwp-6qgj"},{"vulnerability":"VCID-qw15-2kq7-wqed"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"},{"vulnerability":"VCID-whgc-pt2s-77ar"},{"vulnerability":"VCID-ynt9-h6ww-h7e9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.4"}],"aliases":["CVE-2024-53907","GHSA-8498-2h75-472j","PYSEC-2024-156"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ud73-4t2c-n3at"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36847?format=json","vulnerability_id":"VCID-e12b-tw2c-53c9","summary":"An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41991.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41991.json"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/523da8771bce321023f490f70d71a9e973ddc927","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/523da8771bce321023f490f70d71a9e973ddc927"},{"reference_url":"https://github.com/django/django/commit/efea1ef7e2190e3f77ca0651b5458297bc0f6a9f","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/efea1ef7e2190e3f77ca0651b5458297bc0f6a9f"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-69.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-69.yaml"},{"reference_url":"https://groups.google.com/forum/#%21forum/django-announce","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#%21forum/django-announce"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240905-0007","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240905-0007"},{"reference_url":"https://www.djangoproject.com/weblog/2024/aug/06/security-releases","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2024/aug/06/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2024/aug/06/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2024/aug/06/security-releases/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074","reference_id":"1078074","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2302435","reference_id":"2302435","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2302435"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41991","reference_id":"CVE-2024-41991","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41991"},{"reference_url":"https://github.com/advisories/GHSA-r836-hh6v-rg5g","reference_id":"GHSA-r836-hh6v-rg5g","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-r836-hh6v-rg5g"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6428","reference_id":"RHSA-2024:6428","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6428"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7987","reference_id":"RHSA-2024:7987","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7987"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1335","reference_id":"RHSA-2025:1335","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1335"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/42127?format=json","purl":"pkg:pypi/django@4.2.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ft7-rbey-kuhx"},{"vulnerability":"VCID-4kcg-gx5y-cuaw"},{"vulnerability":"VCID-5xtt-au84-zbb2"},{"vulnerability":"VCID-7c5n-nzwk-v7bz"},{"vulnerability":"VCID-9kvc-1bdz-n3bd"},{"vulnerability":"VCID-bb8b-hq41-s7a6"},{"vulnerability":"VCID-fcg9-xypn-ykhf"},{"vulnerability":"VCID-ga69-9y5g-77c3"},{"vulnerability":"VCID-ga7z-wj4j-63h1"},{"vulnerability":"VCID-hsjn-xnpp-5yeh"},{"vulnerability":"VCID-jybd-p65h-xffy"},{"vulnerability":"VCID-kxdd-yzp3-r7cb"},{"vulnerability":"VCID-pa7y-gpwp-6qgj"},{"vulnerability":"VCID-phkp-9abp-f3dq"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"},{"vulnerability":"VCID-r1vx-vv7d-gqaj"},{"vulnerability":"VCID-shch-yusm-1uck"},{"vulnerability":"VCID-shjc-2j68-2yfy"},{"vulnerability":"VCID-tktt-vg92-6kae"},{"vulnerability":"VCID-tuqc-c251-h7ds"},{"vulnerability":"VCID-ud73-4t2c-n3at"},{"vulnerability":"VCID-wa3g-27sx-mbcw"},{"vulnerability":"VCID-whgc-pt2s-77ar"},{"vulnerability":"VCID-ynt9-h6ww-h7e9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.15"},{"url":"http://public2.vulnerablecode.io/api/packages/42126?format=json","purl":"pkg:pypi/django@5.0.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ft7-rbey-kuhx"},{"vulnerability":"VCID-hsjn-xnpp-5yeh"},{"vulnerability":"VCID-pa7y-gpwp-6qgj"},{"vulnerability":"VCID-qw15-2kq7-wqed"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"},{"vulnerability":"VCID-ud73-4t2c-n3at"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.8"}],"aliases":["CVE-2024-41991","GHSA-r836-hh6v-rg5g","PYSEC-2024-69"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e12b-tw2c-53c9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36849?format=json","vulnerability_id":"VCID-jgv9-vdbm-sycd","summary":"An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41989.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41989.json"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/27900fe56f3d3cabb4aeb6ccb82f92bab29073a8","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/27900fe56f3d3cabb4aeb6ccb82f92bab29073a8"},{"reference_url":"https://github.com/django/django/commit/fc76660f589ac07e45e9cd34ccb8087aeb11904b","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/fc76660f589ac07e45e9cd34ccb8087aeb11904b"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-67.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-67.yaml"},{"reference_url":"https://groups.google.com/forum/#%21forum/django-announce","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#%21forum/django-announce"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240905-0007","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240905-0007"},{"reference_url":"https://www.djangoproject.com/weblog/2024/aug/06/security-releases","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2024/aug/06/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2024/aug/06/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2024/aug/06/security-releases/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074","reference_id":"1078074","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2302433","reference_id":"2302433","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2302433"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41989","reference_id":"CVE-2024-41989","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41989"},{"reference_url":"https://github.com/advisories/GHSA-jh75-99hh-qvx9","reference_id":"GHSA-jh75-99hh-qvx9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-jh75-99hh-qvx9"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6428","reference_id":"RHSA-2024:6428","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6428"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8534","reference_id":"RHSA-2024:8534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8534"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1335","reference_id":"RHSA-2025:1335","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1335"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/42127?format=json","purl":"pkg:pypi/django@4.2.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ft7-rbey-kuhx"},{"vulnerability":"VCID-4kcg-gx5y-cuaw"},{"vulnerability":"VCID-5xtt-au84-zbb2"},{"vulnerability":"VCID-7c5n-nzwk-v7bz"},{"vulnerability":"VCID-9kvc-1bdz-n3bd"},{"vulnerability":"VCID-bb8b-hq41-s7a6"},{"vulnerability":"VCID-fcg9-xypn-ykhf"},{"vulnerability":"VCID-ga69-9y5g-77c3"},{"vulnerability":"VCID-ga7z-wj4j-63h1"},{"vulnerability":"VCID-hsjn-xnpp-5yeh"},{"vulnerability":"VCID-jybd-p65h-xffy"},{"vulnerability":"VCID-kxdd-yzp3-r7cb"},{"vulnerability":"VCID-pa7y-gpwp-6qgj"},{"vulnerability":"VCID-phkp-9abp-f3dq"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"},{"vulnerability":"VCID-r1vx-vv7d-gqaj"},{"vulnerability":"VCID-shch-yusm-1uck"},{"vulnerability":"VCID-shjc-2j68-2yfy"},{"vulnerability":"VCID-tktt-vg92-6kae"},{"vulnerability":"VCID-tuqc-c251-h7ds"},{"vulnerability":"VCID-ud73-4t2c-n3at"},{"vulnerability":"VCID-wa3g-27sx-mbcw"},{"vulnerability":"VCID-whgc-pt2s-77ar"},{"vulnerability":"VCID-ynt9-h6ww-h7e9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.15"},{"url":"http://public2.vulnerablecode.io/api/packages/42126?format=json","purl":"pkg:pypi/django@5.0.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ft7-rbey-kuhx"},{"vulnerability":"VCID-hsjn-xnpp-5yeh"},{"vulnerability":"VCID-pa7y-gpwp-6qgj"},{"vulnerability":"VCID-qw15-2kq7-wqed"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"},{"vulnerability":"VCID-ud73-4t2c-n3at"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.8"}],"aliases":["CVE-2024-41989","GHSA-jh75-99hh-qvx9","PYSEC-2024-67"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jgv9-vdbm-sycd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36848?format=json","vulnerability_id":"VCID-rqqc-ta7c-ykgx","summary":"An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41990.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41990.json"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/7b7b909579c8311c140c89b8a9431bf537febf93","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/7b7b909579c8311c140c89b8a9431bf537febf93"},{"reference_url":"https://github.com/django/django/commit/d0a82e26a74940bf0c78204933c3bdd6a283eb88","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/d0a82e26a74940bf0c78204933c3bdd6a283eb88"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-68.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-68.yaml"},{"reference_url":"https://groups.google.com/forum/#%21forum/django-announce","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#%21forum/django-announce"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240905-0007","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240905-0007"},{"reference_url":"https://www.djangoproject.com/weblog/2024/aug/06/security-releases","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2024/aug/06/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2024/aug/06/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2024/aug/06/security-releases/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074","reference_id":"1078074","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2302434","reference_id":"2302434","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2302434"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41990","reference_id":"CVE-2024-41990","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41990"},{"reference_url":"https://github.com/advisories/GHSA-795c-9xpc-xw6g","reference_id":"GHSA-795c-9xpc-xw6g","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-795c-9xpc-xw6g"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6428","reference_id":"RHSA-2024:6428","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6428"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1335","reference_id":"RHSA-2025:1335","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1335"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/42127?format=json","purl":"pkg:pypi/django@4.2.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ft7-rbey-kuhx"},{"vulnerability":"VCID-4kcg-gx5y-cuaw"},{"vulnerability":"VCID-5xtt-au84-zbb2"},{"vulnerability":"VCID-7c5n-nzwk-v7bz"},{"vulnerability":"VCID-9kvc-1bdz-n3bd"},{"vulnerability":"VCID-bb8b-hq41-s7a6"},{"vulnerability":"VCID-fcg9-xypn-ykhf"},{"vulnerability":"VCID-ga69-9y5g-77c3"},{"vulnerability":"VCID-ga7z-wj4j-63h1"},{"vulnerability":"VCID-hsjn-xnpp-5yeh"},{"vulnerability":"VCID-jybd-p65h-xffy"},{"vulnerability":"VCID-kxdd-yzp3-r7cb"},{"vulnerability":"VCID-pa7y-gpwp-6qgj"},{"vulnerability":"VCID-phkp-9abp-f3dq"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"},{"vulnerability":"VCID-r1vx-vv7d-gqaj"},{"vulnerability":"VCID-shch-yusm-1uck"},{"vulnerability":"VCID-shjc-2j68-2yfy"},{"vulnerability":"VCID-tktt-vg92-6kae"},{"vulnerability":"VCID-tuqc-c251-h7ds"},{"vulnerability":"VCID-ud73-4t2c-n3at"},{"vulnerability":"VCID-wa3g-27sx-mbcw"},{"vulnerability":"VCID-whgc-pt2s-77ar"},{"vulnerability":"VCID-ynt9-h6ww-h7e9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.15"},{"url":"http://public2.vulnerablecode.io/api/packages/42126?format=json","purl":"pkg:pypi/django@5.0.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ft7-rbey-kuhx"},{"vulnerability":"VCID-hsjn-xnpp-5yeh"},{"vulnerability":"VCID-pa7y-gpwp-6qgj"},{"vulnerability":"VCID-qw15-2kq7-wqed"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"},{"vulnerability":"VCID-ud73-4t2c-n3at"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.8"}],"aliases":["CVE-2024-41990","GHSA-795c-9xpc-xw6g","PYSEC-2024-68"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rqqc-ta7c-ykgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36850?format=json","vulnerability_id":"VCID-xcmd-18ck-gqae","summary":"An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42005.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42005.json"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/32ebcbf2e1fe3e5ba79a6554a167efce81f7422d","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/32ebcbf2e1fe3e5ba79a6554a167efce81f7422d"},{"reference_url":"https://github.com/django/django/commit/f4af67b9b41e0f4c117a8741da3abbd1c869ab28","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/f4af67b9b41e0f4c117a8741da3abbd1c869ab28"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-70.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-70.yaml"},{"reference_url":"https://groups.google.com/forum/#%21forum/django-announce","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#%21forum/django-announce"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240905-0007","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240905-0007"},{"reference_url":"https://www.djangoproject.com/weblog/2024/aug/06/security-releases","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2024/aug/06/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2024/aug/06/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2024/aug/06/security-releases/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074","reference_id":"1078074","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2302436","reference_id":"2302436","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2302436"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-42005","reference_id":"CVE-2024-42005","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-42005"},{"reference_url":"https://github.com/advisories/GHSA-pv4p-cwwg-4rph","reference_id":"GHSA-pv4p-cwwg-4rph","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-pv4p-cwwg-4rph"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6428","reference_id":"RHSA-2024:6428","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6428"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8906","reference_id":"RHSA-2024:8906","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8906"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1335","reference_id":"RHSA-2025:1335","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1335"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/42127?format=json","purl":"pkg:pypi/django@4.2.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ft7-rbey-kuhx"},{"vulnerability":"VCID-4kcg-gx5y-cuaw"},{"vulnerability":"VCID-5xtt-au84-zbb2"},{"vulnerability":"VCID-7c5n-nzwk-v7bz"},{"vulnerability":"VCID-9kvc-1bdz-n3bd"},{"vulnerability":"VCID-bb8b-hq41-s7a6"},{"vulnerability":"VCID-fcg9-xypn-ykhf"},{"vulnerability":"VCID-ga69-9y5g-77c3"},{"vulnerability":"VCID-ga7z-wj4j-63h1"},{"vulnerability":"VCID-hsjn-xnpp-5yeh"},{"vulnerability":"VCID-jybd-p65h-xffy"},{"vulnerability":"VCID-kxdd-yzp3-r7cb"},{"vulnerability":"VCID-pa7y-gpwp-6qgj"},{"vulnerability":"VCID-phkp-9abp-f3dq"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"},{"vulnerability":"VCID-r1vx-vv7d-gqaj"},{"vulnerability":"VCID-shch-yusm-1uck"},{"vulnerability":"VCID-shjc-2j68-2yfy"},{"vulnerability":"VCID-tktt-vg92-6kae"},{"vulnerability":"VCID-tuqc-c251-h7ds"},{"vulnerability":"VCID-ud73-4t2c-n3at"},{"vulnerability":"VCID-wa3g-27sx-mbcw"},{"vulnerability":"VCID-whgc-pt2s-77ar"},{"vulnerability":"VCID-ynt9-h6ww-h7e9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.15"},{"url":"http://public2.vulnerablecode.io/api/packages/42126?format=json","purl":"pkg:pypi/django@5.0.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ft7-rbey-kuhx"},{"vulnerability":"VCID-hsjn-xnpp-5yeh"},{"vulnerability":"VCID-pa7y-gpwp-6qgj"},{"vulnerability":"VCID-qw15-2kq7-wqed"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"},{"vulnerability":"VCID-ud73-4t2c-n3at"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.8"}],"aliases":["CVE-2024-42005","GHSA-pv4p-cwwg-4rph","PYSEC-2024-70"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xcmd-18ck-gqae"}],"risk_score":"4.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.8"}