Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/42455?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/42455?format=api", "purl": "pkg:pypi/django@5.0.9", "type": "pypi", "namespace": "", "name": "django", "version": "5.0.9", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "5.0.14", "latest_non_vulnerable_version": "6.0.5", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9286?format=api", "vulnerability_id": "VCID-1umb-2rxg-bbdk", "summary": "An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53907", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01038", "scoring_system": "epss", "scoring_elements": "0.77711", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53907" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00028.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00028.html" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2024/12/04/3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.openwall.com/lists/oss-security/2024/12/04/3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/43092?format=api", "purl": "pkg:pypi/django@5.0.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a3e2-se1v-2yb5" }, { "vulnerability": "VCID-chey-b3c1-pbe5" }, { "vulnerability": "VCID-nyc2-p1rp-xkb4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/43091?format=api", "purl": "pkg:pypi/django@5.1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d6k-rdsh-k7hm" }, { "vulnerability": "VCID-7jbt-5zw2-vff2" }, { "vulnerability": "VCID-9udu-eqvn-mqbj" }, { "vulnerability": "VCID-a3e2-se1v-2yb5" }, { "vulnerability": "VCID-ax7m-uv4s-zkc1" }, { "vulnerability": "VCID-chey-b3c1-pbe5" }, { "vulnerability": "VCID-em3c-ceug-cubp" }, { "vulnerability": "VCID-fbee-vj2y-cfeb" }, { "vulnerability": "VCID-nyc2-p1rp-xkb4" }, { "vulnerability": "VCID-u15a-4ste-43cy" }, { "vulnerability": "VCID-vpgq-jhzc-j7h2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.4" } ], "aliases": [ "CVE-2024-53907", "PYSEC-2024-156" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1umb-2rxg-bbdk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9287?format=api", "vulnerability_id": "VCID-4vry-9jdm-nyg9", "summary": "An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. (Applications that use the jsonfield.has_key lookup via __ are unaffected.)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53908", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00931", "scoring_system": "epss", "scoring_elements": "0.76454", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53908" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2024/12/04/3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.openwall.com/lists/oss-security/2024/12/04/3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/43092?format=api", "purl": "pkg:pypi/django@5.0.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a3e2-se1v-2yb5" }, { "vulnerability": "VCID-chey-b3c1-pbe5" }, { "vulnerability": "VCID-nyc2-p1rp-xkb4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/43091?format=api", "purl": "pkg:pypi/django@5.1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d6k-rdsh-k7hm" }, { "vulnerability": "VCID-7jbt-5zw2-vff2" }, { "vulnerability": "VCID-9udu-eqvn-mqbj" }, { "vulnerability": "VCID-a3e2-se1v-2yb5" }, { "vulnerability": "VCID-ax7m-uv4s-zkc1" }, { "vulnerability": "VCID-chey-b3c1-pbe5" }, { "vulnerability": "VCID-em3c-ceug-cubp" }, { "vulnerability": "VCID-fbee-vj2y-cfeb" }, { "vulnerability": "VCID-nyc2-p1rp-xkb4" }, { "vulnerability": "VCID-u15a-4ste-43cy" }, { "vulnerability": "VCID-vpgq-jhzc-j7h2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.4" } ], "aliases": [ "CVE-2024-53908", "PYSEC-2024-157" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4vry-9jdm-nyg9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9370?format=api", "vulnerability_id": "VCID-a3e2-se1v-2yb5", "summary": "An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27556", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01482", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27556" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/apr/02/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2025/apr/02/security-releases/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/04/02/2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2025/04/02/2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/43628?format=api", "purl": "pkg:pypi/django@5.0.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/43627?format=api", "purl": "pkg:pypi/django@5.1.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d6k-rdsh-k7hm" }, { "vulnerability": "VCID-7jbt-5zw2-vff2" }, { "vulnerability": "VCID-9udu-eqvn-mqbj" }, { "vulnerability": "VCID-ax7m-uv4s-zkc1" }, { "vulnerability": "VCID-em3c-ceug-cubp" }, { "vulnerability": "VCID-fbee-vj2y-cfeb" }, { "vulnerability": "VCID-u15a-4ste-43cy" }, { "vulnerability": "VCID-vpgq-jhzc-j7h2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.8" } ], "aliases": [ "CVE-2025-27556", "PYSEC-2025-14" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a3e2-se1v-2yb5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9294?format=api", "vulnerability_id": "VCID-chey-b3c1-pbe5", "summary": "An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (The django.db.models.GenericIPAddressField model field is not affected.)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-56374", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24578", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-56374" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/jan/14/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2025/jan/14/security-releases/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/01/14/2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2025/01/14/2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/43226?format=api", "purl": "pkg:pypi/django@5.0.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a3e2-se1v-2yb5" }, { "vulnerability": "VCID-nyc2-p1rp-xkb4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/43225?format=api", "purl": "pkg:pypi/django@5.1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d6k-rdsh-k7hm" }, { "vulnerability": "VCID-7jbt-5zw2-vff2" }, { "vulnerability": "VCID-9udu-eqvn-mqbj" }, { "vulnerability": "VCID-a3e2-se1v-2yb5" }, { "vulnerability": "VCID-ax7m-uv4s-zkc1" }, { "vulnerability": "VCID-em3c-ceug-cubp" }, { "vulnerability": "VCID-fbee-vj2y-cfeb" }, { "vulnerability": "VCID-nyc2-p1rp-xkb4" }, { "vulnerability": "VCID-u15a-4ste-43cy" }, { "vulnerability": "VCID-vpgq-jhzc-j7h2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.5" } ], "aliases": [ "CVE-2024-56374", "PYSEC-2025-1" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-chey-b3c1-pbe5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9320?format=api", "vulnerability_id": "VCID-nyc2-p1rp-xkb4", "summary": "An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap() method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26699", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52366", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26699" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00012.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00012.html" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/mar/06/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2025/mar/06/security-releases/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/03/06/12", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2025/03/06/12" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/43495?format=api", "purl": "pkg:pypi/django@5.0.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a3e2-se1v-2yb5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/43494?format=api", "purl": "pkg:pypi/django@5.1.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d6k-rdsh-k7hm" }, { "vulnerability": "VCID-7jbt-5zw2-vff2" }, { "vulnerability": "VCID-9udu-eqvn-mqbj" }, { "vulnerability": "VCID-a3e2-se1v-2yb5" }, { "vulnerability": "VCID-ax7m-uv4s-zkc1" }, { "vulnerability": "VCID-em3c-ceug-cubp" }, { "vulnerability": "VCID-fbee-vj2y-cfeb" }, { "vulnerability": "VCID-u15a-4ste-43cy" }, { "vulnerability": "VCID-vpgq-jhzc-j7h2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.7" } ], "aliases": [ "CVE-2025-26699", "PYSEC-2025-13" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nyc2-p1rp-xkb4" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/264200?format=api", "vulnerability_id": "VCID-ax42-esfz-vud2", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45231", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46478", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45231" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://github.com/django/django/commit/3c733c78d6f8e50296d6e248968b6516c92a53ca", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django/commit/3c733c78d6f8e50296d6e248968b6516c92a53ca" }, { "reference_url": "https://github.com/django/django/commit/96d84047715ea1715b4bd1594e46122b8a77b9e2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django/commit/96d84047715ea1715b4bd1594e46122b8a77b9e2" }, { "reference_url": "https://github.com/django/django/commit/bf4888d317ba4506d091eeac6e8b4f1fcc731199", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django/commit/bf4888d317ba4506d091eeac6e8b4f1fcc731199" }, { "reference_url": "https://groups.google.com/forum/#%21forum/django-announce", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#%21forum/django-announce" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/sep/03/security-releases", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2024/sep/03/security-releases" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45231", "reference_id": "CVE-2024-45231", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45231" }, { "reference_url": "https://github.com/advisories/GHSA-rrqc-c2jx-6jgv", "reference_id": "GHSA-rrqc-c2jx-6jgv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rrqc-c2jx-6jgv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/42456?format=api", "purl": "pkg:pypi/django@4.2.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1umb-2rxg-bbdk" }, { "vulnerability": "VCID-32d1-b8f2-hud5" }, { "vulnerability": "VCID-3d6k-rdsh-k7hm" }, { "vulnerability": "VCID-4vry-9jdm-nyg9" }, { "vulnerability": "VCID-5fbx-3yfb-fudx" }, { "vulnerability": "VCID-62jv-ab6d-sqdb" }, { "vulnerability": "VCID-63c7-mkxw-ufav" }, { "vulnerability": "VCID-7jbt-5zw2-vff2" }, { "vulnerability": "VCID-92bp-6kte-tyfs" }, { "vulnerability": "VCID-9udu-eqvn-mqbj" }, { "vulnerability": "VCID-ax7m-uv4s-zkc1" }, { "vulnerability": "VCID-cbsj-1qqg-1ba6" }, { "vulnerability": "VCID-cg44-thdw-cygg" }, { "vulnerability": "VCID-chey-b3c1-pbe5" }, { "vulnerability": "VCID-em3c-ceug-cubp" }, { "vulnerability": "VCID-enen-3w2h-g3b8" }, { "vulnerability": "VCID-fbee-vj2y-cfeb" }, { "vulnerability": "VCID-heum-8mwz-sbcw" }, { "vulnerability": "VCID-j2uz-w2ur-7ud4" }, { "vulnerability": "VCID-jma1-9ags-xbfm" }, { "vulnerability": "VCID-nyc2-p1rp-xkb4" }, { "vulnerability": "VCID-u15a-4ste-43cy" }, { "vulnerability": "VCID-vpgq-jhzc-j7h2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/42455?format=api", "purl": "pkg:pypi/django@5.0.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1umb-2rxg-bbdk" }, { "vulnerability": "VCID-4vry-9jdm-nyg9" }, { "vulnerability": "VCID-a3e2-se1v-2yb5" }, { "vulnerability": "VCID-chey-b3c1-pbe5" }, { "vulnerability": "VCID-nyc2-p1rp-xkb4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/42454?format=api", "purl": "pkg:pypi/django@5.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1umb-2rxg-bbdk" }, { "vulnerability": "VCID-3d6k-rdsh-k7hm" }, { "vulnerability": "VCID-4vry-9jdm-nyg9" }, { "vulnerability": "VCID-7jbt-5zw2-vff2" }, { "vulnerability": "VCID-9udu-eqvn-mqbj" }, { "vulnerability": "VCID-a3e2-se1v-2yb5" }, { "vulnerability": "VCID-ax7m-uv4s-zkc1" }, { "vulnerability": "VCID-chey-b3c1-pbe5" }, { "vulnerability": "VCID-em3c-ceug-cubp" }, { "vulnerability": "VCID-fbee-vj2y-cfeb" }, { "vulnerability": "VCID-nyc2-p1rp-xkb4" }, { "vulnerability": "VCID-u15a-4ste-43cy" }, { "vulnerability": "VCID-vpgq-jhzc-j7h2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.1" } ], "aliases": [ "CVE-2024-45231", "GHSA-rrqc-c2jx-6jgv" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ax42-esfz-vud2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9220?format=api", "vulnerability_id": "VCID-jt9m-kd3k-uqca", "summary": "An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45230", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02721", "scoring_system": "epss", "scoring_elements": "0.86191", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45230" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://github.com/django/django/commit/022ab0a75c76ab2ea31dfcc5f2cf5501e378d397", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django/commit/022ab0a75c76ab2ea31dfcc5f2cf5501e378d397" }, { "reference_url": "https://github.com/django/django/commit/813de2672bd7361e9a453ab62cd6e52f96b6525b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django/commit/813de2672bd7361e9a453ab62cd6e52f96b6525b" }, { "reference_url": "https://github.com/django/django/commit/d147a8ebbdf28c17cafbbe2884f0bc57e2bf82e2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django/commit/d147a8ebbdf28c17cafbbe2884f0bc57e2bf82e2" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-102.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-102.yaml" }, { "reference_url": "https://groups.google.com/forum/#%21forum/django-announce", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#%21forum/django-announce" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/sep/03/security-releases", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2024/sep/03/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/sep/03/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2024/sep/03/security-releases/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45230", "reference_id": "CVE-2024-45230", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45230" }, { "reference_url": "https://github.com/advisories/GHSA-5hgc-2vfp-mqvc", "reference_id": "GHSA-5hgc-2vfp-mqvc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5hgc-2vfp-mqvc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/42456?format=api", "purl": "pkg:pypi/django@4.2.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1umb-2rxg-bbdk" }, { "vulnerability": "VCID-32d1-b8f2-hud5" }, { "vulnerability": "VCID-3d6k-rdsh-k7hm" }, { "vulnerability": "VCID-4vry-9jdm-nyg9" }, { "vulnerability": "VCID-5fbx-3yfb-fudx" }, { "vulnerability": "VCID-62jv-ab6d-sqdb" }, { "vulnerability": "VCID-63c7-mkxw-ufav" }, { "vulnerability": "VCID-7jbt-5zw2-vff2" }, { "vulnerability": "VCID-92bp-6kte-tyfs" }, { "vulnerability": "VCID-9udu-eqvn-mqbj" }, { "vulnerability": "VCID-ax7m-uv4s-zkc1" }, { "vulnerability": "VCID-cbsj-1qqg-1ba6" }, { "vulnerability": "VCID-cg44-thdw-cygg" }, { "vulnerability": "VCID-chey-b3c1-pbe5" }, { "vulnerability": "VCID-em3c-ceug-cubp" }, { "vulnerability": "VCID-enen-3w2h-g3b8" }, { "vulnerability": "VCID-fbee-vj2y-cfeb" }, { "vulnerability": "VCID-heum-8mwz-sbcw" }, { "vulnerability": "VCID-j2uz-w2ur-7ud4" }, { "vulnerability": "VCID-jma1-9ags-xbfm" }, { "vulnerability": "VCID-nyc2-p1rp-xkb4" }, { "vulnerability": "VCID-u15a-4ste-43cy" }, { "vulnerability": "VCID-vpgq-jhzc-j7h2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/42455?format=api", "purl": "pkg:pypi/django@5.0.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1umb-2rxg-bbdk" }, { "vulnerability": "VCID-4vry-9jdm-nyg9" }, { "vulnerability": "VCID-a3e2-se1v-2yb5" }, { "vulnerability": "VCID-chey-b3c1-pbe5" }, { "vulnerability": "VCID-nyc2-p1rp-xkb4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/42454?format=api", "purl": "pkg:pypi/django@5.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1umb-2rxg-bbdk" }, { "vulnerability": "VCID-3d6k-rdsh-k7hm" }, { "vulnerability": "VCID-4vry-9jdm-nyg9" }, { "vulnerability": "VCID-7jbt-5zw2-vff2" }, { "vulnerability": "VCID-9udu-eqvn-mqbj" }, { "vulnerability": "VCID-a3e2-se1v-2yb5" }, { "vulnerability": "VCID-ax7m-uv4s-zkc1" }, { "vulnerability": "VCID-chey-b3c1-pbe5" }, { "vulnerability": "VCID-em3c-ceug-cubp" }, { "vulnerability": "VCID-fbee-vj2y-cfeb" }, { "vulnerability": "VCID-nyc2-p1rp-xkb4" }, { "vulnerability": "VCID-u15a-4ste-43cy" }, { "vulnerability": "VCID-vpgq-jhzc-j7h2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.1" } ], "aliases": [ "CVE-2024-45230", "GHSA-5hgc-2vfp-mqvc", "PYSEC-2024-102" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jt9m-kd3k-uqca" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.9" }