{"url":"http://public2.vulnerablecode.io/api/packages/43562?format=json","purl":"pkg:pypi/django@5.0.9","type":"pypi","namespace":"","name":"django","version":"5.0.9","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"5.0.14","latest_non_vulnerable_version":"6.0.5","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36951?format=json","vulnerability_id":"VCID-2ft7-rbey-kuhx","summary":"An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. (Applications that use the jsonfield.has_key lookup via __ are unaffected.)","references":[{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://groups.google.com/g/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/g/django-announce"},{"reference_url":"https://www.openwall.com/lists/oss-security/2024/12/04/3","reference_id":"","reference_type":"","scores":[],"url":"https://www.openwall.com/lists/oss-security/2024/12/04/3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44199?format=json","purl":"pkg:pypi/django@5.0.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-pa7y-gpwp-6qgj"},{"vulnerability":"VCID-qw15-2kq7-wqed"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.10"},{"url":"http://public2.vulnerablecode.io/api/packages/44198?format=json","purl":"pkg:pypi/django@5.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5xtt-au84-zbb2"},{"vulnerability":"VCID-7c5n-nzwk-v7bz"},{"vulnerability":"VCID-9kvc-1bdz-n3bd"},{"vulnerability":"VCID-bb8b-hq41-s7a6"},{"vulnerability":"VCID-fcg9-xypn-ykhf"},{"vulnerability":"VCID-ga69-9y5g-77c3"},{"vulnerability":"VCID-pa7y-gpwp-6qgj"},{"vulnerability":"VCID-qw15-2kq7-wqed"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"},{"vulnerability":"VCID-whgc-pt2s-77ar"},{"vulnerability":"VCID-ynt9-h6ww-h7e9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.4"}],"aliases":["CVE-2024-53908","PYSEC-2024-157"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2ft7-rbey-kuhx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36958?format=json","vulnerability_id":"VCID-pa7y-gpwp-6qgj","summary":"An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (The django.db.models.GenericIPAddressField model field is not affected.)","references":[{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://groups.google.com/g/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/g/django-announce"},{"reference_url":"https://www.djangoproject.com/weblog/2025/jan/14/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2025/jan/14/security-releases/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/01/14/2","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2025/01/14/2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44333?format=json","purl":"pkg:pypi/django@5.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-qw15-2kq7-wqed"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.11"},{"url":"http://public2.vulnerablecode.io/api/packages/44332?format=json","purl":"pkg:pypi/django@5.1.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5xtt-au84-zbb2"},{"vulnerability":"VCID-7c5n-nzwk-v7bz"},{"vulnerability":"VCID-9kvc-1bdz-n3bd"},{"vulnerability":"VCID-bb8b-hq41-s7a6"},{"vulnerability":"VCID-fcg9-xypn-ykhf"},{"vulnerability":"VCID-ga69-9y5g-77c3"},{"vulnerability":"VCID-qw15-2kq7-wqed"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"},{"vulnerability":"VCID-whgc-pt2s-77ar"},{"vulnerability":"VCID-ynt9-h6ww-h7e9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.5"}],"aliases":["CVE-2024-56374","PYSEC-2025-1"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pa7y-gpwp-6qgj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37034?format=json","vulnerability_id":"VCID-qw15-2kq7-wqed","summary":"An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.","references":[{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://groups.google.com/g/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/g/django-announce"},{"reference_url":"https://www.djangoproject.com/weblog/2025/apr/02/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2025/apr/02/security-releases/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/04/02/2","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2025/04/02/2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44735?format=json","purl":"pkg:pypi/django@5.0.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.14"},{"url":"http://public2.vulnerablecode.io/api/packages/44734?format=json","purl":"pkg:pypi/django@5.1.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5xtt-au84-zbb2"},{"vulnerability":"VCID-7c5n-nzwk-v7bz"},{"vulnerability":"VCID-9kvc-1bdz-n3bd"},{"vulnerability":"VCID-bb8b-hq41-s7a6"},{"vulnerability":"VCID-fcg9-xypn-ykhf"},{"vulnerability":"VCID-ga69-9y5g-77c3"},{"vulnerability":"VCID-whgc-pt2s-77ar"},{"vulnerability":"VCID-ynt9-h6ww-h7e9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.8"}],"aliases":["CVE-2025-27556","PYSEC-2025-14"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qw15-2kq7-wqed"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36984?format=json","vulnerability_id":"VCID-qy1a-x3ff-4bc8","summary":"An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap() method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings.","references":[{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://groups.google.com/g/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/g/django-announce"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00012.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00012.html"},{"reference_url":"https://www.djangoproject.com/weblog/2025/mar/06/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2025/mar/06/security-releases/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/03/06/12","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2025/03/06/12"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44602?format=json","purl":"pkg:pypi/django@5.0.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-qw15-2kq7-wqed"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.13"},{"url":"http://public2.vulnerablecode.io/api/packages/44601?format=json","purl":"pkg:pypi/django@5.1.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5xtt-au84-zbb2"},{"vulnerability":"VCID-7c5n-nzwk-v7bz"},{"vulnerability":"VCID-9kvc-1bdz-n3bd"},{"vulnerability":"VCID-bb8b-hq41-s7a6"},{"vulnerability":"VCID-fcg9-xypn-ykhf"},{"vulnerability":"VCID-ga69-9y5g-77c3"},{"vulnerability":"VCID-qw15-2kq7-wqed"},{"vulnerability":"VCID-whgc-pt2s-77ar"},{"vulnerability":"VCID-ynt9-h6ww-h7e9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.7"}],"aliases":["CVE-2025-26699","PYSEC-2025-13"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qy1a-x3ff-4bc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36950?format=json","vulnerability_id":"VCID-ud73-4t2c-n3at","summary":"An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities.","references":[{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://groups.google.com/g/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/g/django-announce"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/12/msg00028.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2024/12/msg00028.html"},{"reference_url":"https://www.openwall.com/lists/oss-security/2024/12/04/3","reference_id":"","reference_type":"","scores":[],"url":"https://www.openwall.com/lists/oss-security/2024/12/04/3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44199?format=json","purl":"pkg:pypi/django@5.0.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-pa7y-gpwp-6qgj"},{"vulnerability":"VCID-qw15-2kq7-wqed"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.10"},{"url":"http://public2.vulnerablecode.io/api/packages/44198?format=json","purl":"pkg:pypi/django@5.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5xtt-au84-zbb2"},{"vulnerability":"VCID-7c5n-nzwk-v7bz"},{"vulnerability":"VCID-9kvc-1bdz-n3bd"},{"vulnerability":"VCID-bb8b-hq41-s7a6"},{"vulnerability":"VCID-fcg9-xypn-ykhf"},{"vulnerability":"VCID-ga69-9y5g-77c3"},{"vulnerability":"VCID-pa7y-gpwp-6qgj"},{"vulnerability":"VCID-qw15-2kq7-wqed"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"},{"vulnerability":"VCID-whgc-pt2s-77ar"},{"vulnerability":"VCID-ynt9-h6ww-h7e9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.4"}],"aliases":["CVE-2024-53907","PYSEC-2024-156"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ud73-4t2c-n3at"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36884?format=json","vulnerability_id":"VCID-hsjn-xnpp-5yeh","summary":"An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.","references":[{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://groups.google.com/forum/#%21forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#%21forum/django-announce"},{"reference_url":"https://www.djangoproject.com/weblog/2024/sep/03/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2024/sep/03/security-releases/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/43563?format=json","purl":"pkg:pypi/django@4.2.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ft7-rbey-kuhx"},{"vulnerability":"VCID-4kcg-gx5y-cuaw"},{"vulnerability":"VCID-5xtt-au84-zbb2"},{"vulnerability":"VCID-7c5n-nzwk-v7bz"},{"vulnerability":"VCID-9kvc-1bdz-n3bd"},{"vulnerability":"VCID-bb8b-hq41-s7a6"},{"vulnerability":"VCID-fcg9-xypn-ykhf"},{"vulnerability":"VCID-ga69-9y5g-77c3"},{"vulnerability":"VCID-ga7z-wj4j-63h1"},{"vulnerability":"VCID-jybd-p65h-xffy"},{"vulnerability":"VCID-kxdd-yzp3-r7cb"},{"vulnerability":"VCID-pa7y-gpwp-6qgj"},{"vulnerability":"VCID-phkp-9abp-f3dq"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"},{"vulnerability":"VCID-r1vx-vv7d-gqaj"},{"vulnerability":"VCID-shch-yusm-1uck"},{"vulnerability":"VCID-shjc-2j68-2yfy"},{"vulnerability":"VCID-tktt-vg92-6kae"},{"vulnerability":"VCID-tuqc-c251-h7ds"},{"vulnerability":"VCID-ud73-4t2c-n3at"},{"vulnerability":"VCID-wa3g-27sx-mbcw"},{"vulnerability":"VCID-whgc-pt2s-77ar"},{"vulnerability":"VCID-ynt9-h6ww-h7e9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.16"},{"url":"http://public2.vulnerablecode.io/api/packages/43562?format=json","purl":"pkg:pypi/django@5.0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ft7-rbey-kuhx"},{"vulnerability":"VCID-pa7y-gpwp-6qgj"},{"vulnerability":"VCID-qw15-2kq7-wqed"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"},{"vulnerability":"VCID-ud73-4t2c-n3at"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.9"},{"url":"http://public2.vulnerablecode.io/api/packages/43561?format=json","purl":"pkg:pypi/django@5.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ft7-rbey-kuhx"},{"vulnerability":"VCID-5xtt-au84-zbb2"},{"vulnerability":"VCID-7c5n-nzwk-v7bz"},{"vulnerability":"VCID-9kvc-1bdz-n3bd"},{"vulnerability":"VCID-bb8b-hq41-s7a6"},{"vulnerability":"VCID-fcg9-xypn-ykhf"},{"vulnerability":"VCID-ga69-9y5g-77c3"},{"vulnerability":"VCID-pa7y-gpwp-6qgj"},{"vulnerability":"VCID-qw15-2kq7-wqed"},{"vulnerability":"VCID-qy1a-x3ff-4bc8"},{"vulnerability":"VCID-ud73-4t2c-n3at"},{"vulnerability":"VCID-whgc-pt2s-77ar"},{"vulnerability":"VCID-ynt9-h6ww-h7e9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.1"}],"aliases":["CVE-2024-45230","PYSEC-2024-102"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hsjn-xnpp-5yeh"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.9"}