Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/python-django@1:1.11.29-1~deb10u1
Typedeb
Namespacedebian
Namepython-django
Version1:1.11.29-1~deb10u1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3:3.2.25-0+deb12u3
Latest_non_vulnerable_version3:5.2.15-1
Affected_by_vulnerabilities
0
url VCID-29qk-rv5n-efbm
vulnerability_id VCID-29qk-rv5n-efbm
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-36359
reference_id
reference_type
scores
0
value 0.0113
scoring_system epss
scoring_elements 0.78693
published_at 2026-06-06T12:55:00Z
1
value 0.0113
scoring_system epss
scoring_elements 0.78658
published_at 2026-06-04T12:55:00Z
2
value 0.0113
scoring_system epss
scoring_elements 0.78689
published_at 2026-06-09T12:55:00Z
3
value 0.0113
scoring_system epss
scoring_elements 0.78671
published_at 2026-06-08T12:55:00Z
4
value 0.0113
scoring_system epss
scoring_elements 0.78685
published_at 2026-06-05T12:55:00Z
5
value 0.0113
scoring_system epss
scoring_elements 0.78683
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-36359
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22818
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22818
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23833
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28346
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28346
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28347
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28347
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34265
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34265
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36359
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36359
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41323
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41323
8
reference_url https://docs.djangoproject.com/en/4.0/releases/security
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/4.0/releases/security
9
reference_url https://docs.djangoproject.com/en/4.0/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.0/releases/security/
10
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
11
reference_url https://github.com/advisories/GHSA-8x94-hmjh-97hq
reference_id
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8x94-hmjh-97hq
12
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
13
reference_url https://github.com/django/django/commit/b3e4494d759202a3b6bf247fd34455bf13be5b80
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/b3e4494d759202a3b6bf247fd34455bf13be5b80
14
reference_url https://github.com/django/django/commit/b7d9529cbe0af4adabb6ea5d01ed8dcce3668fb3
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/b7d9529cbe0af4adabb6ea5d01ed8dcce3668fb3
15
reference_url https://github.com/django/django/commit/bd062445cffd3f6cc6dcd20d13e2abed818fa173
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/bd062445cffd3f6cc6dcd20d13e2abed818fa173
16
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-245.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-245.yaml
17
reference_url https://groups.google.com/g/django-announce/c/8cz--gvaJr4
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/django-announce/c/8cz--gvaJr4
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-36359
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-36359
21
reference_url https://security.netapp.com/advisory/ntap-20220915-0008
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220915-0008
22
reference_url https://www.debian.org/security/2022/dsa-5254
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2022/dsa-5254
23
reference_url https://www.djangoproject.com/weblog/2022/aug/03/security-releases
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2022/aug/03/security-releases
24
reference_url https://www.djangoproject.com/weblog/2022/aug/03/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2022/aug/03/security-releases/
25
reference_url http://www.openwall.com/lists/oss-security/2022/08/03/1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/08/03/1
26
reference_url https://security.archlinux.org/AVG-2810
reference_id AVG-2810
reference_type
scores
0
value Unknown
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2810
27
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
28
reference_url https://usn.ubuntu.com/5549-1/
reference_id USN-5549-1
reference_type
scores
url https://usn.ubuntu.com/5549-1/
fixed_packages
0
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-4kcg-gx5y-cuaw
3
vulnerability VCID-4tyd-97z5-z3ar
4
vulnerability VCID-55xg-pw9n-zkdy
5
vulnerability VCID-5xtt-au84-zbb2
6
vulnerability VCID-9gq3-whr8-s7b8
7
vulnerability VCID-9kvc-1bdz-n3bd
8
vulnerability VCID-abpe-htm1-9ubp
9
vulnerability VCID-bb8b-hq41-s7a6
10
vulnerability VCID-e12b-tw2c-53c9
11
vulnerability VCID-e8j6-mybr-17fh
12
vulnerability VCID-eqsc-axng-ckca
13
vulnerability VCID-fcg9-xypn-ykhf
14
vulnerability VCID-fsaw-3ta1-x3dw
15
vulnerability VCID-fsz5-dkw2-hyap
16
vulnerability VCID-fxuu-kk52-r7ch
17
vulnerability VCID-ga7z-wj4j-63h1
18
vulnerability VCID-hsjn-xnpp-5yeh
19
vulnerability VCID-jgv9-vdbm-sycd
20
vulnerability VCID-jybd-p65h-xffy
21
vulnerability VCID-kxdd-yzp3-r7cb
22
vulnerability VCID-m33h-4p9q-63fb
23
vulnerability VCID-m4am-h2ea-3ffr
24
vulnerability VCID-n2v7-jqjy-37bc
25
vulnerability VCID-pa7y-gpwp-6qgj
26
vulnerability VCID-phkp-9abp-f3dq
27
vulnerability VCID-qgp1-4efd-6yg6
28
vulnerability VCID-qy1a-x3ff-4bc8
29
vulnerability VCID-rqqc-ta7c-ykgx
30
vulnerability VCID-s1rj-1xbw-fbg5
31
vulnerability VCID-shch-yusm-1uck
32
vulnerability VCID-shjc-2j68-2yfy
33
vulnerability VCID-tktt-vg92-6kae
34
vulnerability VCID-tuqc-c251-h7ds
35
vulnerability VCID-ud73-4t2c-n3at
36
vulnerability VCID-vgq9-s6th-yufg
37
vulnerability VCID-w777-44ns-cybg
38
vulnerability VCID-wa3g-27sx-mbcw
39
vulnerability VCID-whgc-pt2s-77ar
40
vulnerability VCID-xcmd-18ck-gqae
41
vulnerability VCID-ynt9-h6ww-h7e9
42
vulnerability VCID-yuda-1mur-8bbq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
aliases BIT-django-2022-36359, CVE-2022-36359, GHSA-8x94-hmjh-97hq, PYSEC-2022-245
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-29qk-rv5n-efbm
1
url VCID-2n2n-1fq2-7bbs
vulnerability_id VCID-2n2n-1fq2-7bbs
summary sql injection
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34265.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34265.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-34265
reference_id
reference_type
scores
0
value 0.92834
scoring_system epss
scoring_elements 0.99774
published_at 2026-06-09T12:55:00Z
1
value 0.92834
scoring_system epss
scoring_elements 0.99772
published_at 2026-06-04T12:55:00Z
2
value 0.92834
scoring_system epss
scoring_elements 0.99773
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-34265
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22818
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22818
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23833
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28346
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28346
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28347
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28347
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34265
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34265
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36359
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36359
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41323
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41323
9
reference_url https://docs.djangoproject.com/en/4.0/releases/security
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/4.0/releases/security
10
reference_url https://docs.djangoproject.com/en/4.0/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.0/releases/security/
11
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
12
reference_url https://github.com/advisories/GHSA-p64x-8rxx-wf6q
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-p64x-8rxx-wf6q
13
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
14
reference_url https://github.com/django/django/commit/0dc9c016fadb71a067e5a42be30164e3f96c0492
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/0dc9c016fadb71a067e5a42be30164e3f96c0492
15
reference_url https://github.com/django/django/commit/5e2f4ddf2940704a26a4ac782b851989668d74db
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/5e2f4ddf2940704a26a4ac782b851989668d74db
16
reference_url https://github.com/django/django/commit/877c800f255ccaa7abde1fb944de45d1616f5cc9
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/877c800f255ccaa7abde1fb944de45d1616f5cc9
17
reference_url https://github.com/django/django/commit/a9010fe5555e6086a9d9ae50069579400ef0685e
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/a9010fe5555e6086a9d9ae50069579400ef0685e
18
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-213.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-213.yaml
19
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!forum/django-announce
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-34265
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-34265
23
reference_url https://security.netapp.com/advisory/ntap-20220818-0006
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220818-0006
24
reference_url https://www.debian.org/security/2022/dsa-5254
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2022/dsa-5254
25
reference_url https://www.djangoproject.com/weblog/2022/jul/04/security-releases
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2022/jul/04/security-releases
26
reference_url https://www.djangoproject.com/weblog/2022/jul/04/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2022/jul/04/security-releases/
27
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014541
reference_id 1014541
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014541
28
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2102896
reference_id 2102896
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2102896
29
reference_url https://security.archlinux.org/AVG-2788
reference_id AVG-2788
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2788
30
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
31
reference_url https://access.redhat.com/errata/RHSA-2022:5738
reference_id RHSA-2022:5738
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5738
32
reference_url https://access.redhat.com/errata/RHSA-2022:8506
reference_id RHSA-2022:8506
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8506
33
reference_url https://usn.ubuntu.com/5501-1/
reference_id USN-5501-1
reference_type
scores
url https://usn.ubuntu.com/5501-1/
fixed_packages
0
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-4kcg-gx5y-cuaw
3
vulnerability VCID-4tyd-97z5-z3ar
4
vulnerability VCID-55xg-pw9n-zkdy
5
vulnerability VCID-5xtt-au84-zbb2
6
vulnerability VCID-9gq3-whr8-s7b8
7
vulnerability VCID-9kvc-1bdz-n3bd
8
vulnerability VCID-abpe-htm1-9ubp
9
vulnerability VCID-bb8b-hq41-s7a6
10
vulnerability VCID-e12b-tw2c-53c9
11
vulnerability VCID-e8j6-mybr-17fh
12
vulnerability VCID-eqsc-axng-ckca
13
vulnerability VCID-fcg9-xypn-ykhf
14
vulnerability VCID-fsaw-3ta1-x3dw
15
vulnerability VCID-fsz5-dkw2-hyap
16
vulnerability VCID-fxuu-kk52-r7ch
17
vulnerability VCID-ga7z-wj4j-63h1
18
vulnerability VCID-hsjn-xnpp-5yeh
19
vulnerability VCID-jgv9-vdbm-sycd
20
vulnerability VCID-jybd-p65h-xffy
21
vulnerability VCID-kxdd-yzp3-r7cb
22
vulnerability VCID-m33h-4p9q-63fb
23
vulnerability VCID-m4am-h2ea-3ffr
24
vulnerability VCID-n2v7-jqjy-37bc
25
vulnerability VCID-pa7y-gpwp-6qgj
26
vulnerability VCID-phkp-9abp-f3dq
27
vulnerability VCID-qgp1-4efd-6yg6
28
vulnerability VCID-qy1a-x3ff-4bc8
29
vulnerability VCID-rqqc-ta7c-ykgx
30
vulnerability VCID-s1rj-1xbw-fbg5
31
vulnerability VCID-shch-yusm-1uck
32
vulnerability VCID-shjc-2j68-2yfy
33
vulnerability VCID-tktt-vg92-6kae
34
vulnerability VCID-tuqc-c251-h7ds
35
vulnerability VCID-ud73-4t2c-n3at
36
vulnerability VCID-vgq9-s6th-yufg
37
vulnerability VCID-w777-44ns-cybg
38
vulnerability VCID-wa3g-27sx-mbcw
39
vulnerability VCID-whgc-pt2s-77ar
40
vulnerability VCID-xcmd-18ck-gqae
41
vulnerability VCID-ynt9-h6ww-h7e9
42
vulnerability VCID-yuda-1mur-8bbq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
aliases BIT-django-2022-34265, CVE-2022-34265, GHSA-p64x-8rxx-wf6q, PYSEC-2022-213
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2n2n-1fq2-7bbs
2
url VCID-4cp2-k4mn-8ffj
vulnerability_id VCID-4cp2-k4mn-8ffj
summary An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13596.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13596.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13596
reference_id
reference_type
scores
0
value 0.00571
scoring_system epss
scoring_elements 0.69047
published_at 2026-06-09T12:55:00Z
1
value 0.00571
scoring_system epss
scoring_elements 0.69027
published_at 2026-06-08T12:55:00Z
2
value 0.00571
scoring_system epss
scoring_elements 0.69042
published_at 2026-06-07T12:55:00Z
3
value 0.00571
scoring_system epss
scoring_elements 0.69
published_at 2026-06-04T12:55:00Z
4
value 0.00571
scoring_system epss
scoring_elements 0.69039
published_at 2026-06-05T12:55:00Z
5
value 0.00571
scoring_system epss
scoring_elements 0.69049
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13596
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13254
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13254
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13596
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13596
4
reference_url https://docs.djangoproject.com/en/3.0/releases/security
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/3.0/releases/security
5
reference_url https://docs.djangoproject.com/en/3.0/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/3.0/releases/security/
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/advisories/GHSA-2m34-jcjv-45xf
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-2m34-jcjv-45xf
8
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
9
reference_url https://github.com/django/django/commit/1f2dd37f6fcefdd10ed44cb233b2e62b520afb38
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/1f2dd37f6fcefdd10ed44cb233b2e62b520afb38
10
reference_url https://github.com/django/django/commit/6d61860b22875f358fac83d903dc629897934815
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/6d61860b22875f358fac83d903dc629897934815
11
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-32.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-32.yaml
12
reference_url https://groups.google.com/forum/#!msg/django-announce/pPEmb2ot4Fo/X-SMalYSBAAJ
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!msg/django-announce/pPEmb2ot4Fo/X-SMalYSBAAJ
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/
15
reference_url https://security.netapp.com/advisory/ntap-20200611-0002
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200611-0002
16
reference_url https://security.netapp.com/advisory/ntap-20200611-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20200611-0002/
17
reference_url https://usn.ubuntu.com/4381-1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4381-1
18
reference_url https://usn.ubuntu.com/4381-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4381-1/
19
reference_url https://usn.ubuntu.com/4381-2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4381-2
20
reference_url https://usn.ubuntu.com/4381-2/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4381-2/
21
reference_url https://www.debian.org/security/2020/dsa-4705
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2020/dsa-4705
22
reference_url https://www.djangoproject.com/weblog/2020/jun/03/security-releases
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2020/jun/03/security-releases
23
reference_url https://www.djangoproject.com/weblog/2020/jun/03/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2020/jun/03/security-releases/
24
reference_url https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2021.html
25
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1843625
reference_id 1843625
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1843625
26
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962323
reference_id 962323
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962323
27
reference_url https://security.archlinux.org/ASA-202006-8
reference_id ASA-202006-8
reference_type
scores
url https://security.archlinux.org/ASA-202006-8
28
reference_url https://security.archlinux.org/AVG-1176
reference_id AVG-1176
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1176
29
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13596
reference_id CVE-2020-13596
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13596
fixed_packages
0
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-4kcg-gx5y-cuaw
3
vulnerability VCID-4tyd-97z5-z3ar
4
vulnerability VCID-55xg-pw9n-zkdy
5
vulnerability VCID-5xtt-au84-zbb2
6
vulnerability VCID-9gq3-whr8-s7b8
7
vulnerability VCID-9kvc-1bdz-n3bd
8
vulnerability VCID-abpe-htm1-9ubp
9
vulnerability VCID-bb8b-hq41-s7a6
10
vulnerability VCID-e12b-tw2c-53c9
11
vulnerability VCID-e8j6-mybr-17fh
12
vulnerability VCID-eqsc-axng-ckca
13
vulnerability VCID-fcg9-xypn-ykhf
14
vulnerability VCID-fsaw-3ta1-x3dw
15
vulnerability VCID-fsz5-dkw2-hyap
16
vulnerability VCID-fxuu-kk52-r7ch
17
vulnerability VCID-ga7z-wj4j-63h1
18
vulnerability VCID-hsjn-xnpp-5yeh
19
vulnerability VCID-jgv9-vdbm-sycd
20
vulnerability VCID-jybd-p65h-xffy
21
vulnerability VCID-kxdd-yzp3-r7cb
22
vulnerability VCID-m33h-4p9q-63fb
23
vulnerability VCID-m4am-h2ea-3ffr
24
vulnerability VCID-n2v7-jqjy-37bc
25
vulnerability VCID-pa7y-gpwp-6qgj
26
vulnerability VCID-phkp-9abp-f3dq
27
vulnerability VCID-qgp1-4efd-6yg6
28
vulnerability VCID-qy1a-x3ff-4bc8
29
vulnerability VCID-rqqc-ta7c-ykgx
30
vulnerability VCID-s1rj-1xbw-fbg5
31
vulnerability VCID-shch-yusm-1uck
32
vulnerability VCID-shjc-2j68-2yfy
33
vulnerability VCID-tktt-vg92-6kae
34
vulnerability VCID-tuqc-c251-h7ds
35
vulnerability VCID-ud73-4t2c-n3at
36
vulnerability VCID-vgq9-s6th-yufg
37
vulnerability VCID-w777-44ns-cybg
38
vulnerability VCID-wa3g-27sx-mbcw
39
vulnerability VCID-whgc-pt2s-77ar
40
vulnerability VCID-xcmd-18ck-gqae
41
vulnerability VCID-ynt9-h6ww-h7e9
42
vulnerability VCID-yuda-1mur-8bbq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
aliases BIT-django-2020-13596, CVE-2020-13596, GHSA-2m34-jcjv-45xf, PYSEC-2020-32
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4cp2-k4mn-8ffj
3
url VCID-4kcg-gx5y-cuaw
vulnerability_id VCID-4kcg-gx5y-cuaw
summary 
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.
Raster lookups on ``RasterField`` (only implemented on PostGIS) allows remote attackers to inject SQL via the band index parameter.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Tarek Nakkouch for reporting this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1207.json
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1207.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-1207
reference_id
reference_type
scores
0
value 0.06568
scoring_system epss
scoring_elements 0.91332
published_at 2026-06-09T12:55:00Z
1
value 0.06568
scoring_system epss
scoring_elements 0.91322
published_at 2026-06-07T12:55:00Z
2
value 0.06568
scoring_system epss
scoring_elements 0.91324
published_at 2026-06-05T12:55:00Z
3
value 0.06568
scoring_system epss
scoring_elements 0.91317
published_at 2026-06-08T12:55:00Z
4
value 0.06568
scoring_system epss
scoring_elements 0.91326
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-1207
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1207
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1207
3
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
4
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:21:06Z/
url https://docs.djangoproject.com/en/dev/releases/security/
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
7
reference_url https://github.com/django/django/commit/81aa5292967cd09319c45fe2c1a525ce7b6684d8
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/81aa5292967cd09319c45fe2c1a525ce7b6684d8
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2026-44.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2026-44.yaml
9
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:21:06Z/
url https://groups.google.com/g/django-announce
10
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
11
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:21:06Z/
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914
reference_id 1126914
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2436338
reference_id 2436338
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2436338
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1207
reference_id CVE-2026-1207
reference_type
scores
0
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-1207
15
reference_url https://github.com/advisories/GHSA-mwm9-4648-f68q
reference_id GHSA-mwm9-4648-f68q
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mwm9-4648-f68q
16
reference_url https://access.redhat.com/errata/RHSA-2026:14835
reference_id RHSA-2026:14835
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:14835
17
reference_url https://access.redhat.com/errata/RHSA-2026:2694
reference_id RHSA-2026:2694
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2694
18
reference_url https://access.redhat.com/errata/RHSA-2026:3958
reference_id RHSA-2026:3958
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3958
19
reference_url https://access.redhat.com/errata/RHSA-2026:3959
reference_id RHSA-2026:3959
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3959
20
reference_url https://access.redhat.com/errata/RHSA-2026:3960
reference_id RHSA-2026:3960
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3960
21
reference_url https://access.redhat.com/errata/RHSA-2026:3962
reference_id RHSA-2026:3962
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3962
22
reference_url https://access.redhat.com/errata/RHSA-2026:6291
reference_id RHSA-2026:6291
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6291
23
reference_url https://usn.ubuntu.com/8009-1/
reference_id USN-8009-1
reference_type
scores
url https://usn.ubuntu.com/8009-1/
fixed_packages
0
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-55xg-pw9n-zkdy
3
vulnerability VCID-9gq3-whr8-s7b8
4
vulnerability VCID-abpe-htm1-9ubp
5
vulnerability VCID-eqsc-axng-ckca
6
vulnerability VCID-fsz5-dkw2-hyap
7
vulnerability VCID-fxuu-kk52-r7ch
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-kxdd-yzp3-r7cb
11
vulnerability VCID-m4am-h2ea-3ffr
12
vulnerability VCID-phkp-9abp-f3dq
13
vulnerability VCID-rqqc-ta7c-ykgx
14
vulnerability VCID-tktt-vg92-6kae
15
vulnerability VCID-tuqc-c251-h7ds
16
vulnerability VCID-w777-44ns-cybg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
aliases BIT-django-2026-1207, CVE-2026-1207, GHSA-mwm9-4648-f68q, PYSEC-2026-44
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4kcg-gx5y-cuaw
4
url VCID-4tyd-97z5-z3ar
vulnerability_id VCID-4tyd-97z5-z3ar
summary 
Django allows enumeration of user e-mail addresses
An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45231.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45231.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-45231
reference_id
reference_type
scores
0
value 0.00235
scoring_system epss
scoring_elements 0.46517
published_at 2026-06-09T12:55:00Z
1
value 0.00235
scoring_system epss
scoring_elements 0.46505
published_at 2026-06-08T12:55:00Z
2
value 0.00235
scoring_system epss
scoring_elements 0.46531
published_at 2026-06-07T12:55:00Z
3
value 0.00235
scoring_system epss
scoring_elements 0.46552
published_at 2026-06-06T12:55:00Z
4
value 0.00235
scoring_system epss
scoring_elements 0.46551
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-45231
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
26
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
27
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
28
reference_url https://github.com/django/django/commit/3c733c78d6f8e50296d6e248968b6516c92a53ca
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/3c733c78d6f8e50296d6e248968b6516c92a53ca
29
reference_url https://github.com/django/django/commit/96d84047715ea1715b4bd1594e46122b8a77b9e2
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/96d84047715ea1715b4bd1594e46122b8a77b9e2
30
reference_url https://github.com/django/django/commit/bf4888d317ba4506d091eeac6e8b4f1fcc731199
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/bf4888d317ba4506d091eeac6e8b4f1fcc731199
31
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:35:34Z/
url https://groups.google.com/forum/#%21forum/django-announce
32
reference_url https://www.djangoproject.com/weblog/2024/sep/03/security-releases
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2024/sep/03/security-releases
33
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2314496
reference_id 2314496
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2314496
34
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-45231
reference_id CVE-2024-45231
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-45231
35
reference_url https://github.com/advisories/GHSA-rrqc-c2jx-6jgv
reference_id GHSA-rrqc-c2jx-6jgv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rrqc-c2jx-6jgv
36
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
37
reference_url https://usn.ubuntu.com/6987-1/
reference_id USN-6987-1
reference_type
scores
url https://usn.ubuntu.com/6987-1/
fixed_packages
0
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-55xg-pw9n-zkdy
3
vulnerability VCID-9gq3-whr8-s7b8
4
vulnerability VCID-abpe-htm1-9ubp
5
vulnerability VCID-eqsc-axng-ckca
6
vulnerability VCID-fsz5-dkw2-hyap
7
vulnerability VCID-fxuu-kk52-r7ch
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-kxdd-yzp3-r7cb
11
vulnerability VCID-m4am-h2ea-3ffr
12
vulnerability VCID-phkp-9abp-f3dq
13
vulnerability VCID-rqqc-ta7c-ykgx
14
vulnerability VCID-tktt-vg92-6kae
15
vulnerability VCID-tuqc-c251-h7ds
16
vulnerability VCID-w777-44ns-cybg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
aliases CVE-2024-45231, GHSA-rrqc-c2jx-6jgv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4tyd-97z5-z3ar
5
url VCID-4z4e-8ttu-tyd6
vulnerability_id VCID-4z4e-8ttu-tyd6
summary An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-24580.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-24580.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-24580
reference_id
reference_type
scores
0
value 0.19669
scoring_system epss
scoring_elements 0.95542
published_at 2026-06-04T12:55:00Z
1
value 0.19669
scoring_system epss
scoring_elements 0.95559
published_at 2026-06-09T12:55:00Z
2
value 0.19669
scoring_system epss
scoring_elements 0.95553
published_at 2026-06-06T12:55:00Z
3
value 0.19669
scoring_system epss
scoring_elements 0.95556
published_at 2026-06-08T12:55:00Z
4
value 0.19669
scoring_system epss
scoring_elements 0.95555
published_at 2026-06-07T12:55:00Z
5
value 0.19669
scoring_system epss
scoring_elements 0.95549
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-24580
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24580
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24580
3
reference_url https://docs.djangoproject.com/en/4.1/releases/security
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/4.1/releases/security
4
reference_url https://docs.djangoproject.com/en/4.1/releases/security/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T19:24:08Z/
url https://docs.djangoproject.com/en/4.1/releases/security/
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
7
reference_url https://github.com/django/django/commit/628b33a854a9c68ec8a0c51f382f304a0044ec92
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/628b33a854a9c68ec8a0c51f382f304a0044ec92
8
reference_url https://github.com/django/django/commit/83f1ea83e4553e211c1c5a0dfc197b66d4e50432
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/83f1ea83e4553e211c1c5a0dfc197b66d4e50432
9
reference_url https://github.com/django/django/commit/a665ed5179f5bbd3db95ce67286d0192eff041d8
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/a665ed5179f5bbd3db95ce67286d0192eff041d8
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-13.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-13.yaml
11
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T19:24:08Z/
url https://groups.google.com/forum/#%21forum/django-announce
12
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!forum/django-announce
13
reference_url https://lists.debian.org/debian-lts-announce/2023/02/msg00023.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T19:24:08Z/
url https://lists.debian.org/debian-lts-announce/2023/02/msg00023.html
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
22
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77
23
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP
24
reference_url https://security.netapp.com/advisory/ntap-20230316-0006
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230316-0006
25
reference_url https://www.djangoproject.com/weblog/2023/feb/14/security-releases
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2023/feb/14/security-releases
26
reference_url https://www.djangoproject.com/weblog/2023/feb/14/security-releases/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T19:24:08Z/
url https://www.djangoproject.com/weblog/2023/feb/14/security-releases/
27
reference_url http://www.openwall.com/lists/oss-security/2023/02/14/1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T19:24:08Z/
url http://www.openwall.com/lists/oss-security/2023/02/14/1
28
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031290
reference_id 1031290
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031290
29
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2169402
reference_id 2169402
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2169402
30
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-24580
reference_id CVE-2023-24580
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-24580
31
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B/
reference_id FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T19:24:08Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B/
32
reference_url https://github.com/advisories/GHSA-2hrw-hx67-34x6
reference_id GHSA-2hrw-hx67-34x6
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2hrw-hx67-34x6
33
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
34
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/
reference_id HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T19:24:08Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/
35
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/
reference_id LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T19:24:08Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/
36
reference_url https://security.netapp.com/advisory/ntap-20230316-0006/
reference_id ntap-20230316-0006
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T19:24:08Z/
url https://security.netapp.com/advisory/ntap-20230316-0006/
37
reference_url https://access.redhat.com/errata/RHSA-2023:2097
reference_id RHSA-2023:2097
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2097
38
reference_url https://access.redhat.com/errata/RHSA-2023:2101
reference_id RHSA-2023:2101
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2101
39
reference_url https://access.redhat.com/errata/RHSA-2023:4692
reference_id RHSA-2023:4692
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4692
40
reference_url https://usn.ubuntu.com/5868-1/
reference_id USN-5868-1
reference_type
scores
url https://usn.ubuntu.com/5868-1/
41
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77/
reference_id VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T19:24:08Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77/
42
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP/
reference_id YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T19:24:08Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP/
fixed_packages
0
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-4kcg-gx5y-cuaw
3
vulnerability VCID-4tyd-97z5-z3ar
4
vulnerability VCID-55xg-pw9n-zkdy
5
vulnerability VCID-5xtt-au84-zbb2
6
vulnerability VCID-9gq3-whr8-s7b8
7
vulnerability VCID-9kvc-1bdz-n3bd
8
vulnerability VCID-abpe-htm1-9ubp
9
vulnerability VCID-bb8b-hq41-s7a6
10
vulnerability VCID-e12b-tw2c-53c9
11
vulnerability VCID-e8j6-mybr-17fh
12
vulnerability VCID-eqsc-axng-ckca
13
vulnerability VCID-fcg9-xypn-ykhf
14
vulnerability VCID-fsaw-3ta1-x3dw
15
vulnerability VCID-fsz5-dkw2-hyap
16
vulnerability VCID-fxuu-kk52-r7ch
17
vulnerability VCID-ga7z-wj4j-63h1
18
vulnerability VCID-hsjn-xnpp-5yeh
19
vulnerability VCID-jgv9-vdbm-sycd
20
vulnerability VCID-jybd-p65h-xffy
21
vulnerability VCID-kxdd-yzp3-r7cb
22
vulnerability VCID-m33h-4p9q-63fb
23
vulnerability VCID-m4am-h2ea-3ffr
24
vulnerability VCID-n2v7-jqjy-37bc
25
vulnerability VCID-pa7y-gpwp-6qgj
26
vulnerability VCID-phkp-9abp-f3dq
27
vulnerability VCID-qgp1-4efd-6yg6
28
vulnerability VCID-qy1a-x3ff-4bc8
29
vulnerability VCID-rqqc-ta7c-ykgx
30
vulnerability VCID-s1rj-1xbw-fbg5
31
vulnerability VCID-shch-yusm-1uck
32
vulnerability VCID-shjc-2j68-2yfy
33
vulnerability VCID-tktt-vg92-6kae
34
vulnerability VCID-tuqc-c251-h7ds
35
vulnerability VCID-ud73-4t2c-n3at
36
vulnerability VCID-vgq9-s6th-yufg
37
vulnerability VCID-w777-44ns-cybg
38
vulnerability VCID-wa3g-27sx-mbcw
39
vulnerability VCID-whgc-pt2s-77ar
40
vulnerability VCID-xcmd-18ck-gqae
41
vulnerability VCID-ynt9-h6ww-h7e9
42
vulnerability VCID-yuda-1mur-8bbq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
aliases BIT-django-2023-24580, CVE-2023-24580, GHSA-2hrw-hx67-34x6, PYSEC-2023-13
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4z4e-8ttu-tyd6
6
url VCID-51tx-4tp9-kbcz
vulnerability_id VCID-51tx-4tp9-kbcz
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23833.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23833.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23833
reference_id
reference_type
scores
0
value 0.01058
scoring_system epss
scoring_elements 0.7796
published_at 2026-06-04T12:55:00Z
1
value 0.01058
scoring_system epss
scoring_elements 0.77987
published_at 2026-06-05T12:55:00Z
2
value 0.01058
scoring_system epss
scoring_elements 0.77984
published_at 2026-06-07T12:55:00Z
3
value 0.01058
scoring_system epss
scoring_elements 0.77994
published_at 2026-06-06T12:55:00Z
4
value 0.01058
scoring_system epss
scoring_elements 0.77991
published_at 2026-06-09T12:55:00Z
5
value 0.01058
scoring_system epss
scoring_elements 0.77973
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23833
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22818
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22818
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23833
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28346
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28346
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28347
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28347
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34265
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34265
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36359
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36359
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41323
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41323
9
reference_url https://docs.djangoproject.com/en/4.0/releases/security
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/4.0/releases/security
10
reference_url https://docs.djangoproject.com/en/4.0/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.0/releases/security/
11
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
12
reference_url https://github.com/advisories/GHSA-6cw3-g6wv-c2xv
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-6cw3-g6wv-c2xv
13
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
14
reference_url https://github.com/django/django/commit/c477b761804984c932704554ad35f78a2e230c6a
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/c477b761804984c932704554ad35f78a2e230c6a
15
reference_url https://github.com/django/django/commit/d16133568ef9c9b42cb7a08bdf9ff3feec2e5468
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/d16133568ef9c9b42cb7a08bdf9ff3feec2e5468
16
reference_url https://github.com/django/django/commit/f9c7d48fdd6f198a6494a9202f90242f176e4fc9
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/f9c7d48fdd6f198a6494a9202f90242f176e4fc9
17
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-20.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-20.yaml
18
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!forum/django-announce
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
20
reference_url https://security.netapp.com/advisory/ntap-20220221-0003
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220221-0003
21
reference_url https://www.debian.org/security/2022/dsa-5254
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2022/dsa-5254
22
reference_url https://www.djangoproject.com/weblog/2022/feb/01/security-releases
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2022/feb/01/security-releases
23
reference_url https://www.djangoproject.com/weblog/2022/feb/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2022/feb/01/security-releases/
24
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004752
reference_id 1004752
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004752
25
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2048778
reference_id 2048778
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2048778
26
reference_url https://security.archlinux.org/AVG-2808
reference_id AVG-2808
reference_type
scores
0
value Unknown
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2808
27
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-23833
reference_id CVE-2022-23833
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-23833
28
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
29
reference_url https://access.redhat.com/errata/RHSA-2022:5498
reference_id RHSA-2022:5498
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5498
30
reference_url https://access.redhat.com/errata/RHSA-2022:8853
reference_id RHSA-2022:8853
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8853
31
reference_url https://access.redhat.com/errata/RHSA-2022:8872
reference_id RHSA-2022:8872
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8872
32
reference_url https://usn.ubuntu.com/5269-1/
reference_id USN-5269-1
reference_type
scores
url https://usn.ubuntu.com/5269-1/
33
reference_url https://usn.ubuntu.com/5269-2/
reference_id USN-5269-2
reference_type
scores
url https://usn.ubuntu.com/5269-2/
fixed_packages
0
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-4kcg-gx5y-cuaw
3
vulnerability VCID-4tyd-97z5-z3ar
4
vulnerability VCID-55xg-pw9n-zkdy
5
vulnerability VCID-5xtt-au84-zbb2
6
vulnerability VCID-9gq3-whr8-s7b8
7
vulnerability VCID-9kvc-1bdz-n3bd
8
vulnerability VCID-abpe-htm1-9ubp
9
vulnerability VCID-bb8b-hq41-s7a6
10
vulnerability VCID-e12b-tw2c-53c9
11
vulnerability VCID-e8j6-mybr-17fh
12
vulnerability VCID-eqsc-axng-ckca
13
vulnerability VCID-fcg9-xypn-ykhf
14
vulnerability VCID-fsaw-3ta1-x3dw
15
vulnerability VCID-fsz5-dkw2-hyap
16
vulnerability VCID-fxuu-kk52-r7ch
17
vulnerability VCID-ga7z-wj4j-63h1
18
vulnerability VCID-hsjn-xnpp-5yeh
19
vulnerability VCID-jgv9-vdbm-sycd
20
vulnerability VCID-jybd-p65h-xffy
21
vulnerability VCID-kxdd-yzp3-r7cb
22
vulnerability VCID-m33h-4p9q-63fb
23
vulnerability VCID-m4am-h2ea-3ffr
24
vulnerability VCID-n2v7-jqjy-37bc
25
vulnerability VCID-pa7y-gpwp-6qgj
26
vulnerability VCID-phkp-9abp-f3dq
27
vulnerability VCID-qgp1-4efd-6yg6
28
vulnerability VCID-qy1a-x3ff-4bc8
29
vulnerability VCID-rqqc-ta7c-ykgx
30
vulnerability VCID-s1rj-1xbw-fbg5
31
vulnerability VCID-shch-yusm-1uck
32
vulnerability VCID-shjc-2j68-2yfy
33
vulnerability VCID-tktt-vg92-6kae
34
vulnerability VCID-tuqc-c251-h7ds
35
vulnerability VCID-ud73-4t2c-n3at
36
vulnerability VCID-vgq9-s6th-yufg
37
vulnerability VCID-w777-44ns-cybg
38
vulnerability VCID-wa3g-27sx-mbcw
39
vulnerability VCID-whgc-pt2s-77ar
40
vulnerability VCID-xcmd-18ck-gqae
41
vulnerability VCID-ynt9-h6ww-h7e9
42
vulnerability VCID-yuda-1mur-8bbq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
aliases BIT-django-2022-23833, CVE-2022-23833, GHSA-6cw3-g6wv-c2xv, PYSEC-2022-20
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-51tx-4tp9-kbcz
7
url VCID-5q58-pzt4-8uey
vulnerability_id VCID-5q58-pzt4-8uey
summary Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7471.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7471.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-7471
reference_id
reference_type
scores
0
value 0.1537
scoring_system epss
scoring_elements 0.94772
published_at 2026-06-05T12:55:00Z
1
value 0.1537
scoring_system epss
scoring_elements 0.9478
published_at 2026-06-09T12:55:00Z
2
value 0.1537
scoring_system epss
scoring_elements 0.94775
published_at 2026-06-08T12:55:00Z
3
value 0.1537
scoring_system epss
scoring_elements 0.94774
published_at 2026-06-06T12:55:00Z
4
value 0.1537
scoring_system epss
scoring_elements 0.94763
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-7471
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7471
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7471
3
reference_url https://docs.djangoproject.com/en/3.0/releases/security
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/3.0/releases/security
4
reference_url https://docs.djangoproject.com/en/3.0/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/3.0/releases/security/
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-hmr4-m2h5-33qx
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-hmr4-m2h5-33qx
7
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
8
reference_url https://github.com/django/django/commit/001b0634cd309e372edb6d7d95d083d02b8e37bd
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/001b0634cd309e372edb6d7d95d083d02b8e37bd
9
reference_url https://github.com/django/django/commit/505826b469b16ab36693360da9e11fd13213421b
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/505826b469b16ab36693360da9e11fd13213421b
10
reference_url https://github.com/django/django/commit/c67a368c16e4680b324b4f385398d638db4d8147
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/c67a368c16e4680b324b4f385398d638db4d8147
11
reference_url https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136
12
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-35.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-35.yaml
13
reference_url https://groups.google.com/forum/#!topic/django-announce/X45S86X5bZI
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/django-announce/X45S86X5bZI
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/
16
reference_url https://seclists.org/bugtraq/2020/Feb/30
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2020/Feb/30
17
reference_url https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202004-17
18
reference_url https://security.netapp.com/advisory/ntap-20200221-0006
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200221-0006
19
reference_url https://security.netapp.com/advisory/ntap-20200221-0006/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20200221-0006/
20
reference_url https://usn.ubuntu.com/4264-1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4264-1
21
reference_url https://usn.ubuntu.com/4264-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4264-1/
22
reference_url https://www.debian.org/security/2020/dsa-4629
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2020/dsa-4629
23
reference_url https://www.djangoproject.com/weblog/2020/feb/03/security-releases
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2020/feb/03/security-releases
24
reference_url https://www.djangoproject.com/weblog/2020/feb/03/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2020/feb/03/security-releases/
25
reference_url https://www.openwall.com/lists/oss-security/2020/02/03/1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2020/02/03/1
26
reference_url http://www.openwall.com/lists/oss-security/2020/02/03/1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/02/03/1
27
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1798515
reference_id 1798515
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1798515
28
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950581
reference_id 950581
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950581
29
reference_url https://security.archlinux.org/ASA-202002-1
reference_id ASA-202002-1
reference_type
scores
url https://security.archlinux.org/ASA-202002-1
30
reference_url https://security.archlinux.org/AVG-1091
reference_id AVG-1091
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1091
31
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-7471
reference_id CVE-2020-7471
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-7471
fixed_packages
0
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-4kcg-gx5y-cuaw
3
vulnerability VCID-4tyd-97z5-z3ar
4
vulnerability VCID-55xg-pw9n-zkdy
5
vulnerability VCID-5xtt-au84-zbb2
6
vulnerability VCID-9gq3-whr8-s7b8
7
vulnerability VCID-9kvc-1bdz-n3bd
8
vulnerability VCID-abpe-htm1-9ubp
9
vulnerability VCID-bb8b-hq41-s7a6
10
vulnerability VCID-e12b-tw2c-53c9
11
vulnerability VCID-e8j6-mybr-17fh
12
vulnerability VCID-eqsc-axng-ckca
13
vulnerability VCID-fcg9-xypn-ykhf
14
vulnerability VCID-fsaw-3ta1-x3dw
15
vulnerability VCID-fsz5-dkw2-hyap
16
vulnerability VCID-fxuu-kk52-r7ch
17
vulnerability VCID-ga7z-wj4j-63h1
18
vulnerability VCID-hsjn-xnpp-5yeh
19
vulnerability VCID-jgv9-vdbm-sycd
20
vulnerability VCID-jybd-p65h-xffy
21
vulnerability VCID-kxdd-yzp3-r7cb
22
vulnerability VCID-m33h-4p9q-63fb
23
vulnerability VCID-m4am-h2ea-3ffr
24
vulnerability VCID-n2v7-jqjy-37bc
25
vulnerability VCID-pa7y-gpwp-6qgj
26
vulnerability VCID-phkp-9abp-f3dq
27
vulnerability VCID-qgp1-4efd-6yg6
28
vulnerability VCID-qy1a-x3ff-4bc8
29
vulnerability VCID-rqqc-ta7c-ykgx
30
vulnerability VCID-s1rj-1xbw-fbg5
31
vulnerability VCID-shch-yusm-1uck
32
vulnerability VCID-shjc-2j68-2yfy
33
vulnerability VCID-tktt-vg92-6kae
34
vulnerability VCID-tuqc-c251-h7ds
35
vulnerability VCID-ud73-4t2c-n3at
36
vulnerability VCID-vgq9-s6th-yufg
37
vulnerability VCID-w777-44ns-cybg
38
vulnerability VCID-wa3g-27sx-mbcw
39
vulnerability VCID-whgc-pt2s-77ar
40
vulnerability VCID-xcmd-18ck-gqae
41
vulnerability VCID-ynt9-h6ww-h7e9
42
vulnerability VCID-yuda-1mur-8bbq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
aliases BIT-django-2020-7471, CVE-2020-7471, GHSA-hmr4-m2h5-33qx, PYSEC-2020-35
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5q58-pzt4-8uey
8
url VCID-5xtt-au84-zbb2
vulnerability_id VCID-5xtt-au84-zbb2
summary An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate(), and QuerySet.extra() are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to these methods (on MySQL and MariaDB).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59681.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59681.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-59681
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02692
published_at 2026-06-05T12:55:00Z
1
value 0.00015
scoring_system epss
scoring_elements 0.03371
published_at 2026-06-08T12:55:00Z
2
value 0.00015
scoring_system epss
scoring_elements 0.03372
published_at 2026-06-09T12:55:00Z
3
value 0.00015
scoring_system epss
scoring_elements 0.03406
published_at 2026-06-06T12:55:00Z
4
value 0.00015
scoring_system epss
scoring_elements 0.03392
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-59681
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
26
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T19:12:04Z/
url https://docs.djangoproject.com/en/dev/releases/security/
27
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
28
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
29
reference_url https://github.com/django/django/commit/41b43c74bda19753c757036673ea9db74acf494a
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/41b43c74bda19753c757036673ea9db74acf494a
30
reference_url https://github.com/django/django/commit/43d84aef04a9e71164c21a74885996981857e66e
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/43d84aef04a9e71164c21a74885996981857e66e
31
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-106.yaml
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-106.yaml
32
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T19:12:04Z/
url https://groups.google.com/g/django-announce
33
reference_url https://www.djangoproject.com/weblog/2025/oct/01/security-releases
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2025/oct/01/security-releases
34
reference_url https://www.djangoproject.com/weblog/2025/oct/01/security-releases/
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T19:12:04Z/
url https://www.djangoproject.com/weblog/2025/oct/01/security-releases/
35
reference_url http://www.openwall.com/lists/oss-security/2025/10/01/3
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/10/01/3
36
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116979
reference_id 1116979
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116979
37
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2400449
reference_id 2400449
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2400449
38
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-59681
reference_id CVE-2025-59681
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-59681
39
reference_url https://github.com/advisories/GHSA-hpr9-3m2g-3j9p
reference_id GHSA-hpr9-3m2g-3j9p
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hpr9-3m2g-3j9p
40
reference_url https://access.redhat.com/errata/RHSA-2025:18984
reference_id RHSA-2025:18984
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:18984
41
reference_url https://access.redhat.com/errata/RHSA-2025:23196
reference_id RHSA-2025:23196
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23196
42
reference_url https://usn.ubuntu.com/7794-1/
reference_id USN-7794-1
reference_type
scores
url https://usn.ubuntu.com/7794-1/
fixed_packages
0
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-55xg-pw9n-zkdy
3
vulnerability VCID-9gq3-whr8-s7b8
4
vulnerability VCID-abpe-htm1-9ubp
5
vulnerability VCID-eqsc-axng-ckca
6
vulnerability VCID-fsz5-dkw2-hyap
7
vulnerability VCID-fxuu-kk52-r7ch
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-kxdd-yzp3-r7cb
11
vulnerability VCID-m4am-h2ea-3ffr
12
vulnerability VCID-phkp-9abp-f3dq
13
vulnerability VCID-rqqc-ta7c-ykgx
14
vulnerability VCID-tktt-vg92-6kae
15
vulnerability VCID-tuqc-c251-h7ds
16
vulnerability VCID-w777-44ns-cybg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
aliases BIT-django-2025-59681, CVE-2025-59681, GHSA-hpr9-3m2g-3j9p, PYSEC-2025-106
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5xtt-au84-zbb2
9
url VCID-6jpg-yrf8-cufy
vulnerability_id VCID-6jpg-yrf8-cufy
summary An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where access to user registration was unrestricted, this provided a potential vector for a denial-of-service attack.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45115.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45115.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-45115
reference_id
reference_type
scores
0
value 0.00414
scoring_system epss
scoring_elements 0.61943
published_at 2026-06-04T12:55:00Z
1
value 0.00414
scoring_system epss
scoring_elements 0.61991
published_at 2026-06-05T12:55:00Z
2
value 0.00414
scoring_system epss
scoring_elements 0.61972
published_at 2026-06-08T12:55:00Z
3
value 0.00414
scoring_system epss
scoring_elements 0.61988
published_at 2026-06-09T12:55:00Z
4
value 0.00414
scoring_system epss
scoring_elements 0.61999
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-45115
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45115
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45115
3
reference_url https://docs.djangoproject.com/en/4.0/releases/security
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/4.0/releases/security
4
reference_url https://docs.djangoproject.com/en/4.0/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.0/releases/security/
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-53qw-q765-4fww
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-53qw-q765-4fww
7
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
8
reference_url https://github.com/django/django/commit/2135637fdd5ce994de110affef9e67dffdf77277
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/2135637fdd5ce994de110affef9e67dffdf77277
9
reference_url https://github.com/django/django/commit/a8b32fe13bcaed1c0b772fdc53de84abc224fb20
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/a8b32fe13bcaed1c0b772fdc53de84abc224fb20
10
reference_url https://github.com/django/django/commit/df79ef03ac867c93caaa6be56bc69e66abfeef8f
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/df79ef03ac867c93caaa6be56bc69e66abfeef8f
11
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-1.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-1.yaml
12
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!forum/django-announce
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
14
reference_url https://security.netapp.com/advisory/ntap-20220121-0005
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220121-0005
15
reference_url https://www.djangoproject.com/weblog/2022/jan/04/security-releases
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2022/jan/04/security-releases
16
reference_url https://www.djangoproject.com/weblog/2022/jan/04/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2022/jan/04/security-releases/
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003113
reference_id 1003113
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003113
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2037024
reference_id 2037024
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2037024
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-45115
reference_id CVE-2021-45115
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-45115
20
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
21
reference_url https://access.redhat.com/errata/RHSA-2022:5498
reference_id RHSA-2022:5498
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5498
22
reference_url https://usn.ubuntu.com/5204-1/
reference_id USN-5204-1
reference_type
scores
url https://usn.ubuntu.com/5204-1/
fixed_packages
0
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-4kcg-gx5y-cuaw
3
vulnerability VCID-4tyd-97z5-z3ar
4
vulnerability VCID-55xg-pw9n-zkdy
5
vulnerability VCID-5xtt-au84-zbb2
6
vulnerability VCID-9gq3-whr8-s7b8
7
vulnerability VCID-9kvc-1bdz-n3bd
8
vulnerability VCID-abpe-htm1-9ubp
9
vulnerability VCID-bb8b-hq41-s7a6
10
vulnerability VCID-e12b-tw2c-53c9
11
vulnerability VCID-e8j6-mybr-17fh
12
vulnerability VCID-eqsc-axng-ckca
13
vulnerability VCID-fcg9-xypn-ykhf
14
vulnerability VCID-fsaw-3ta1-x3dw
15
vulnerability VCID-fsz5-dkw2-hyap
16
vulnerability VCID-fxuu-kk52-r7ch
17
vulnerability VCID-ga7z-wj4j-63h1
18
vulnerability VCID-hsjn-xnpp-5yeh
19
vulnerability VCID-jgv9-vdbm-sycd
20
vulnerability VCID-jybd-p65h-xffy
21
vulnerability VCID-kxdd-yzp3-r7cb
22
vulnerability VCID-m33h-4p9q-63fb
23
vulnerability VCID-m4am-h2ea-3ffr
24
vulnerability VCID-n2v7-jqjy-37bc
25
vulnerability VCID-pa7y-gpwp-6qgj
26
vulnerability VCID-phkp-9abp-f3dq
27
vulnerability VCID-qgp1-4efd-6yg6
28
vulnerability VCID-qy1a-x3ff-4bc8
29
vulnerability VCID-rqqc-ta7c-ykgx
30
vulnerability VCID-s1rj-1xbw-fbg5
31
vulnerability VCID-shch-yusm-1uck
32
vulnerability VCID-shjc-2j68-2yfy
33
vulnerability VCID-tktt-vg92-6kae
34
vulnerability VCID-tuqc-c251-h7ds
35
vulnerability VCID-ud73-4t2c-n3at
36
vulnerability VCID-vgq9-s6th-yufg
37
vulnerability VCID-w777-44ns-cybg
38
vulnerability VCID-wa3g-27sx-mbcw
39
vulnerability VCID-whgc-pt2s-77ar
40
vulnerability VCID-xcmd-18ck-gqae
41
vulnerability VCID-ynt9-h6ww-h7e9
42
vulnerability VCID-yuda-1mur-8bbq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
aliases BIT-django-2021-45115, CVE-2021-45115, GHSA-53qw-q765-4fww, PYSEC-2022-1
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6jpg-yrf8-cufy
10
url VCID-9end-mq19-rke5
vulnerability_id VCID-9end-mq19-rke5
summary Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45452.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45452.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-45452
reference_id
reference_type
scores
0
value 0.00238
scoring_system epss
scoring_elements 0.47049
published_at 2026-06-04T12:55:00Z
1
value 0.00238
scoring_system epss
scoring_elements 0.47116
published_at 2026-06-06T12:55:00Z
2
value 0.00238
scoring_system epss
scoring_elements 0.47113
published_at 2026-06-05T12:55:00Z
3
value 0.00238
scoring_system epss
scoring_elements 0.47079
published_at 2026-06-09T12:55:00Z
4
value 0.00238
scoring_system epss
scoring_elements 0.47069
published_at 2026-06-08T12:55:00Z
5
value 0.00238
scoring_system epss
scoring_elements 0.47098
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-45452
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45452
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45452
3
reference_url https://docs.djangoproject.com/en/4.0/releases/security
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/4.0/releases/security
4
reference_url https://docs.djangoproject.com/en/4.0/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.0/releases/security/
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-jrh2-hc4r-7jwx
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-jrh2-hc4r-7jwx
7
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
8
reference_url https://github.com/django/django/commit/4cb35b384ceef52123fc66411a73c36a706825e1
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/4cb35b384ceef52123fc66411a73c36a706825e1
9
reference_url https://github.com/django/django/commit/8d2f7cff76200cbd2337b2cf1707e383eb1fb54b
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/8d2f7cff76200cbd2337b2cf1707e383eb1fb54b
10
reference_url https://github.com/django/django/commit/e1592e0f26302e79856cc7f2218ae848ae19b0f6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/e1592e0f26302e79856cc7f2218ae848ae19b0f6
11
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-3.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-3.yaml
12
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!forum/django-announce
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
14
reference_url https://security.netapp.com/advisory/ntap-20220121-0005
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220121-0005
15
reference_url https://www.djangoproject.com/weblog/2022/jan/04/security-releases
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2022/jan/04/security-releases
16
reference_url https://www.djangoproject.com/weblog/2022/jan/04/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2022/jan/04/security-releases/
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003113
reference_id 1003113
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003113
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2037028
reference_id 2037028
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2037028
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-45452
reference_id CVE-2021-45452
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-45452
20
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
21
reference_url https://access.redhat.com/errata/RHSA-2022:5498
reference_id RHSA-2022:5498
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5498
22
reference_url https://usn.ubuntu.com/5204-1/
reference_id USN-5204-1
reference_type
scores
url https://usn.ubuntu.com/5204-1/
fixed_packages
0
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-4kcg-gx5y-cuaw
3
vulnerability VCID-4tyd-97z5-z3ar
4
vulnerability VCID-55xg-pw9n-zkdy
5
vulnerability VCID-5xtt-au84-zbb2
6
vulnerability VCID-9gq3-whr8-s7b8
7
vulnerability VCID-9kvc-1bdz-n3bd
8
vulnerability VCID-abpe-htm1-9ubp
9
vulnerability VCID-bb8b-hq41-s7a6
10
vulnerability VCID-e12b-tw2c-53c9
11
vulnerability VCID-e8j6-mybr-17fh
12
vulnerability VCID-eqsc-axng-ckca
13
vulnerability VCID-fcg9-xypn-ykhf
14
vulnerability VCID-fsaw-3ta1-x3dw
15
vulnerability VCID-fsz5-dkw2-hyap
16
vulnerability VCID-fxuu-kk52-r7ch
17
vulnerability VCID-ga7z-wj4j-63h1
18
vulnerability VCID-hsjn-xnpp-5yeh
19
vulnerability VCID-jgv9-vdbm-sycd
20
vulnerability VCID-jybd-p65h-xffy
21
vulnerability VCID-kxdd-yzp3-r7cb
22
vulnerability VCID-m33h-4p9q-63fb
23
vulnerability VCID-m4am-h2ea-3ffr
24
vulnerability VCID-n2v7-jqjy-37bc
25
vulnerability VCID-pa7y-gpwp-6qgj
26
vulnerability VCID-phkp-9abp-f3dq
27
vulnerability VCID-qgp1-4efd-6yg6
28
vulnerability VCID-qy1a-x3ff-4bc8
29
vulnerability VCID-rqqc-ta7c-ykgx
30
vulnerability VCID-s1rj-1xbw-fbg5
31
vulnerability VCID-shch-yusm-1uck
32
vulnerability VCID-shjc-2j68-2yfy
33
vulnerability VCID-tktt-vg92-6kae
34
vulnerability VCID-tuqc-c251-h7ds
35
vulnerability VCID-ud73-4t2c-n3at
36
vulnerability VCID-vgq9-s6th-yufg
37
vulnerability VCID-w777-44ns-cybg
38
vulnerability VCID-wa3g-27sx-mbcw
39
vulnerability VCID-whgc-pt2s-77ar
40
vulnerability VCID-xcmd-18ck-gqae
41
vulnerability VCID-ynt9-h6ww-h7e9
42
vulnerability VCID-yuda-1mur-8bbq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
aliases BIT-django-2021-45452, CVE-2021-45452, GHSA-jrh2-hc4r-7jwx, PYSEC-2022-3
risk_score 3.4
exploitability 0.5
weighted_severity 6.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9end-mq19-rke5
11
url VCID-9kvc-1bdz-n3bd
vulnerability_id VCID-9kvc-1bdz-n3bd
summary denial of service
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32873.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32873.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-32873
reference_id
reference_type
scores
0
value 0.00188
scoring_system epss
scoring_elements 0.4048
published_at 2026-06-05T12:55:00Z
1
value 0.00188
scoring_system epss
scoring_elements 0.40441
published_at 2026-06-09T12:55:00Z
2
value 0.00188
scoring_system epss
scoring_elements 0.40426
published_at 2026-06-08T12:55:00Z
3
value 0.00188
scoring_system epss
scoring_elements 0.40455
published_at 2026-06-07T12:55:00Z
4
value 0.00188
scoring_system epss
scoring_elements 0.40483
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-32873
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
26
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:36:22Z/
url https://docs.djangoproject.com/en/dev/releases/security/
27
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
28
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
29
reference_url https://github.com/django/django/commit/9f3419b519799d69f2aba70b9d25abe2e70d03e0
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/9f3419b519799d69f2aba70b9d25abe2e70d03e0
30
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-37.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-37.yaml
31
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:36:22Z/
url https://groups.google.com/g/django-announce
32
reference_url https://www.djangoproject.com/weblog/2025/may/07/security-releases
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2025/may/07/security-releases
33
reference_url https://www.djangoproject.com/weblog/2025/may/07/security-releases/
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:36:22Z/
url https://www.djangoproject.com/weblog/2025/may/07/security-releases/
34
reference_url http://www.openwall.com/lists/oss-security/2025/05/07/1
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/05/07/1
35
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104872
reference_id 1104872
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104872
36
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2364980
reference_id 2364980
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2364980
37
reference_url https://security.archlinux.org/ASA-202505-10
reference_id ASA-202505-10
reference_type
scores
url https://security.archlinux.org/ASA-202505-10
38
reference_url https://security.archlinux.org/AVG-2876
reference_id AVG-2876
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2876
39
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-32873
reference_id CVE-2025-32873
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-32873
40
reference_url https://github.com/advisories/GHSA-8j24-cjrq-gr2m
reference_id GHSA-8j24-cjrq-gr2m
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8j24-cjrq-gr2m
41
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
42
reference_url https://usn.ubuntu.com/7501-1/
reference_id USN-7501-1
reference_type
scores
url https://usn.ubuntu.com/7501-1/
43
reference_url https://usn.ubuntu.com/7501-2/
reference_id USN-7501-2
reference_type
scores
url https://usn.ubuntu.com/7501-2/
fixed_packages
0
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-55xg-pw9n-zkdy
3
vulnerability VCID-9gq3-whr8-s7b8
4
vulnerability VCID-abpe-htm1-9ubp
5
vulnerability VCID-eqsc-axng-ckca
6
vulnerability VCID-fsz5-dkw2-hyap
7
vulnerability VCID-fxuu-kk52-r7ch
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-kxdd-yzp3-r7cb
11
vulnerability VCID-m4am-h2ea-3ffr
12
vulnerability VCID-phkp-9abp-f3dq
13
vulnerability VCID-rqqc-ta7c-ykgx
14
vulnerability VCID-tktt-vg92-6kae
15
vulnerability VCID-tuqc-c251-h7ds
16
vulnerability VCID-w777-44ns-cybg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
aliases BIT-django-2025-32873, CVE-2025-32873, GHSA-8j24-cjrq-gr2m, PYSEC-2025-37
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9kvc-1bdz-n3bd
12
url VCID-9mpt-zxaw-kkeg
vulnerability_id VCID-9mpt-zxaw-kkeg
summary multiple issues
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33203.json
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33203.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-33203
reference_id
reference_type
scores
0
value 0.00143
scoring_system epss
scoring_elements 0.34186
published_at 2026-06-09T12:55:00Z
1
value 0.00143
scoring_system epss
scoring_elements 0.3424
published_at 2026-06-06T12:55:00Z
2
value 0.00143
scoring_system epss
scoring_elements 0.34125
published_at 2026-06-04T12:55:00Z
3
value 0.00143
scoring_system epss
scoring_elements 0.34207
published_at 2026-06-07T12:55:00Z
4
value 0.00143
scoring_system epss
scoring_elements 0.34225
published_at 2026-06-05T12:55:00Z
5
value 0.00143
scoring_system epss
scoring_elements 0.34166
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-33203
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33203
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33203
3
reference_url https://docs.djangoproject.com/en/3.2/releases/security
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/3.2/releases/security
4
reference_url https://docs.djangoproject.com/en/3.2/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/3.2/releases/security/
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-68w8-qjq3-2gfm
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-68w8-qjq3-2gfm
7
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
8
reference_url https://github.com/django/django/commit/053cc9534d174dc89daba36724ed2dcb36755b90
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/053cc9534d174dc89daba36724ed2dcb36755b90
9
reference_url https://github.com/django/django/commit/20c67a0693c4ede2b09af02574823485e82e4c8f
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/20c67a0693c4ede2b09af02574823485e82e4c8f
10
reference_url https://github.com/django/django/commit/dfaba12cda060b8b292ae1d271b44bf810b1c5b9
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/dfaba12cda060b8b292ae1d271b44bf810b1c5b9
11
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-98.yaml
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-98.yaml
12
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!forum/django-announce
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
14
reference_url https://security.netapp.com/advisory/ntap-20210727-0004
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210727-0004
15
reference_url https://www.djangoproject.com/weblog/2021/jun/02/security-releases
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2021/jun/02/security-releases
16
reference_url https://www.djangoproject.com/weblog/2021/jun/02/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2021/jun/02/security-releases/
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1966251
reference_id 1966251
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1966251
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989394
reference_id 989394
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989394
19
reference_url https://security.archlinux.org/ASA-202106-41
reference_id ASA-202106-41
reference_type
scores
url https://security.archlinux.org/ASA-202106-41
20
reference_url https://security.archlinux.org/AVG-2026
reference_id AVG-2026
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2026
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-33203
reference_id CVE-2021-33203
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-33203
22
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
23
reference_url https://access.redhat.com/errata/RHSA-2021:3490
reference_id RHSA-2021:3490
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3490
24
reference_url https://access.redhat.com/errata/RHSA-2021:4702
reference_id RHSA-2021:4702
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4702
25
reference_url https://access.redhat.com/errata/RHSA-2021:5070
reference_id RHSA-2021:5070
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5070
26
reference_url https://usn.ubuntu.com/4975-1/
reference_id USN-4975-1
reference_type
scores
url https://usn.ubuntu.com/4975-1/
27
reference_url https://usn.ubuntu.com/4975-2/
reference_id USN-4975-2
reference_type
scores
url https://usn.ubuntu.com/4975-2/
fixed_packages
0
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-4kcg-gx5y-cuaw
3
vulnerability VCID-4tyd-97z5-z3ar
4
vulnerability VCID-55xg-pw9n-zkdy
5
vulnerability VCID-5xtt-au84-zbb2
6
vulnerability VCID-9gq3-whr8-s7b8
7
vulnerability VCID-9kvc-1bdz-n3bd
8
vulnerability VCID-abpe-htm1-9ubp
9
vulnerability VCID-bb8b-hq41-s7a6
10
vulnerability VCID-e12b-tw2c-53c9
11
vulnerability VCID-e8j6-mybr-17fh
12
vulnerability VCID-eqsc-axng-ckca
13
vulnerability VCID-fcg9-xypn-ykhf
14
vulnerability VCID-fsaw-3ta1-x3dw
15
vulnerability VCID-fsz5-dkw2-hyap
16
vulnerability VCID-fxuu-kk52-r7ch
17
vulnerability VCID-ga7z-wj4j-63h1
18
vulnerability VCID-hsjn-xnpp-5yeh
19
vulnerability VCID-jgv9-vdbm-sycd
20
vulnerability VCID-jybd-p65h-xffy
21
vulnerability VCID-kxdd-yzp3-r7cb
22
vulnerability VCID-m33h-4p9q-63fb
23
vulnerability VCID-m4am-h2ea-3ffr
24
vulnerability VCID-n2v7-jqjy-37bc
25
vulnerability VCID-pa7y-gpwp-6qgj
26
vulnerability VCID-phkp-9abp-f3dq
27
vulnerability VCID-qgp1-4efd-6yg6
28
vulnerability VCID-qy1a-x3ff-4bc8
29
vulnerability VCID-rqqc-ta7c-ykgx
30
vulnerability VCID-s1rj-1xbw-fbg5
31
vulnerability VCID-shch-yusm-1uck
32
vulnerability VCID-shjc-2j68-2yfy
33
vulnerability VCID-tktt-vg92-6kae
34
vulnerability VCID-tuqc-c251-h7ds
35
vulnerability VCID-ud73-4t2c-n3at
36
vulnerability VCID-vgq9-s6th-yufg
37
vulnerability VCID-w777-44ns-cybg
38
vulnerability VCID-wa3g-27sx-mbcw
39
vulnerability VCID-whgc-pt2s-77ar
40
vulnerability VCID-xcmd-18ck-gqae
41
vulnerability VCID-ynt9-h6ww-h7e9
42
vulnerability VCID-yuda-1mur-8bbq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
aliases BIT-django-2021-33203, CVE-2021-33203, GHSA-68w8-qjq3-2gfm, PYSEC-2021-98
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9mpt-zxaw-kkeg
13
url VCID-attf-6gj8-ebaj
vulnerability_id VCID-attf-6gj8-ebaj
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22818.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22818.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-22818
reference_id
reference_type
scores
0
value 0.00554
scoring_system epss
scoring_elements 0.68476
published_at 2026-06-07T12:55:00Z
1
value 0.00554
scoring_system epss
scoring_elements 0.68482
published_at 2026-06-06T12:55:00Z
2
value 0.00554
scoring_system epss
scoring_elements 0.68478
published_at 2026-06-09T12:55:00Z
3
value 0.00554
scoring_system epss
scoring_elements 0.68433
published_at 2026-06-04T12:55:00Z
4
value 0.00554
scoring_system epss
scoring_elements 0.68474
published_at 2026-06-05T12:55:00Z
5
value 0.00554
scoring_system epss
scoring_elements 0.68459
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-22818
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22818
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22818
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23833
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28346
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28346
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28347
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28347
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34265
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34265
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36359
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36359
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41323
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41323
9
reference_url https://docs.djangoproject.com/en/4.0/releases/security
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/4.0/releases/security
10
reference_url https://docs.djangoproject.com/en/4.0/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.0/releases/security/
11
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
12
reference_url https://github.com/advisories/GHSA-95rw-fx8r-36v6
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-95rw-fx8r-36v6
13
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
14
reference_url https://github.com/django/django/commit/01422046065d2b51f8f613409cad2c81b39487e5
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/01422046065d2b51f8f613409cad2c81b39487e5
15
reference_url https://github.com/django/django/commit/1a1e8278c46418bde24c86a65443b0674bae65e2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/1a1e8278c46418bde24c86a65443b0674bae65e2
16
reference_url https://github.com/django/django/commit/c27a7eb9f40b64990398978152e62b6ff839c2e6
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/c27a7eb9f40b64990398978152e62b6ff839c2e6
17
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-19.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-19.yaml
18
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!forum/django-announce
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
20
reference_url https://security.netapp.com/advisory/ntap-20220221-0003
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220221-0003
21
reference_url https://www.debian.org/security/2022/dsa-5254
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2022/dsa-5254
22
reference_url https://www.djangoproject.com/weblog/2022/feb/01/security-releases
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2022/feb/01/security-releases
23
reference_url https://www.djangoproject.com/weblog/2022/feb/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2022/feb/01/security-releases/
24
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004752
reference_id 1004752
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004752
25
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2048775
reference_id 2048775
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2048775
26
reference_url https://security.archlinux.org/AVG-2808
reference_id AVG-2808
reference_type
scores
0
value Unknown
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2808
27
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-22818
reference_id CVE-2022-22818
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-22818
28
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
29
reference_url https://access.redhat.com/errata/RHSA-2022:5498
reference_id RHSA-2022:5498
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5498
30
reference_url https://access.redhat.com/errata/RHSA-2022:8506
reference_id RHSA-2022:8506
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8506
31
reference_url https://access.redhat.com/errata/RHSA-2022:8853
reference_id RHSA-2022:8853
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8853
32
reference_url https://access.redhat.com/errata/RHSA-2022:8872
reference_id RHSA-2022:8872
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8872
33
reference_url https://usn.ubuntu.com/5269-1/
reference_id USN-5269-1
reference_type
scores
url https://usn.ubuntu.com/5269-1/
34
reference_url https://usn.ubuntu.com/5269-2/
reference_id USN-5269-2
reference_type
scores
url https://usn.ubuntu.com/5269-2/
fixed_packages
0
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-4kcg-gx5y-cuaw
3
vulnerability VCID-4tyd-97z5-z3ar
4
vulnerability VCID-55xg-pw9n-zkdy
5
vulnerability VCID-5xtt-au84-zbb2
6
vulnerability VCID-9gq3-whr8-s7b8
7
vulnerability VCID-9kvc-1bdz-n3bd
8
vulnerability VCID-abpe-htm1-9ubp
9
vulnerability VCID-bb8b-hq41-s7a6
10
vulnerability VCID-e12b-tw2c-53c9
11
vulnerability VCID-e8j6-mybr-17fh
12
vulnerability VCID-eqsc-axng-ckca
13
vulnerability VCID-fcg9-xypn-ykhf
14
vulnerability VCID-fsaw-3ta1-x3dw
15
vulnerability VCID-fsz5-dkw2-hyap
16
vulnerability VCID-fxuu-kk52-r7ch
17
vulnerability VCID-ga7z-wj4j-63h1
18
vulnerability VCID-hsjn-xnpp-5yeh
19
vulnerability VCID-jgv9-vdbm-sycd
20
vulnerability VCID-jybd-p65h-xffy
21
vulnerability VCID-kxdd-yzp3-r7cb
22
vulnerability VCID-m33h-4p9q-63fb
23
vulnerability VCID-m4am-h2ea-3ffr
24
vulnerability VCID-n2v7-jqjy-37bc
25
vulnerability VCID-pa7y-gpwp-6qgj
26
vulnerability VCID-phkp-9abp-f3dq
27
vulnerability VCID-qgp1-4efd-6yg6
28
vulnerability VCID-qy1a-x3ff-4bc8
29
vulnerability VCID-rqqc-ta7c-ykgx
30
vulnerability VCID-s1rj-1xbw-fbg5
31
vulnerability VCID-shch-yusm-1uck
32
vulnerability VCID-shjc-2j68-2yfy
33
vulnerability VCID-tktt-vg92-6kae
34
vulnerability VCID-tuqc-c251-h7ds
35
vulnerability VCID-ud73-4t2c-n3at
36
vulnerability VCID-vgq9-s6th-yufg
37
vulnerability VCID-w777-44ns-cybg
38
vulnerability VCID-wa3g-27sx-mbcw
39
vulnerability VCID-whgc-pt2s-77ar
40
vulnerability VCID-xcmd-18ck-gqae
41
vulnerability VCID-ynt9-h6ww-h7e9
42
vulnerability VCID-yuda-1mur-8bbq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
aliases BIT-django-2022-22818, CVE-2022-22818, GHSA-95rw-fx8r-36v6, PYSEC-2022-19
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-attf-6gj8-ebaj
14
url VCID-au8h-vj9k-pufv
vulnerability_id VCID-au8h-vj9k-pufv
summary In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23969.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23969.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-23969
reference_id
reference_type
scores
0
value 0.05085
scoring_system epss
scoring_elements 0.89972
published_at 2026-06-04T12:55:00Z
1
value 0.05085
scoring_system epss
scoring_elements 0.89988
published_at 2026-06-06T12:55:00Z
2
value 0.05085
scoring_system epss
scoring_elements 0.89998
published_at 2026-06-09T12:55:00Z
3
value 0.05085
scoring_system epss
scoring_elements 0.89985
published_at 2026-06-07T12:55:00Z
4
value 0.05085
scoring_system epss
scoring_elements 0.89983
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-23969
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23969
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23969
3
reference_url https://docs.djangoproject.com/en/4.1/releases/security
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/4.1/releases/security
4
reference_url https://docs.djangoproject.com/en/4.1/releases/security/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-27T14:17:12Z/
url https://docs.djangoproject.com/en/4.1/releases/security/
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
7
reference_url https://github.com/django/django/commit/4452642f193533e288a52c02efb5bbc766a68f95
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/4452642f193533e288a52c02efb5bbc766a68f95
8
reference_url https://github.com/django/django/commit/9d7bd5a56b1ce0576e8e07a8001373576d277942
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/9d7bd5a56b1ce0576e8e07a8001373576d277942
9
reference_url https://github.com/django/django/commit/c7e0151fdf33e1b11d488b6f67b94fdf3a30614a
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/c7e0151fdf33e1b11d488b6f67b94fdf3a30614a
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-12.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-12.yaml
11
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!forum/django-announce
12
reference_url https://lists.debian.org/debian-lts-announce/2023/02/msg00000.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-27T14:17:12Z/
url https://lists.debian.org/debian-lts-announce/2023/02/msg00000.html
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
15
reference_url https://security.netapp.com/advisory/ntap-20230302-0007
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230302-0007
16
reference_url https://www.djangoproject.com/weblog/2023/feb/01/security-releases
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2023/feb/01/security-releases
17
reference_url https://www.djangoproject.com/weblog/2023/feb/01/security-releases/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-27T14:17:12Z/
url https://www.djangoproject.com/weblog/2023/feb/01/security-releases/
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030251
reference_id 1030251
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030251
19
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2166457
reference_id 2166457
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2166457
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-23969
reference_id CVE-2023-23969
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-23969
21
reference_url https://github.com/advisories/GHSA-q2jf-h9jm-m7p4
reference_id GHSA-q2jf-h9jm-m7p4
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q2jf-h9jm-m7p4
22
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
23
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/
reference_id HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-27T14:17:12Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/
24
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/
reference_id LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-27T14:17:12Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/
25
reference_url https://security.netapp.com/advisory/ntap-20230302-0007/
reference_id ntap-20230302-0007
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-27T14:17:12Z/
url https://security.netapp.com/advisory/ntap-20230302-0007/
26
reference_url https://access.redhat.com/errata/RHSA-2023:2097
reference_id RHSA-2023:2097
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2097
27
reference_url https://access.redhat.com/errata/RHSA-2023:2101
reference_id RHSA-2023:2101
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2101
28
reference_url https://usn.ubuntu.com/5837-1/
reference_id USN-5837-1
reference_type
scores
url https://usn.ubuntu.com/5837-1/
29
reference_url https://usn.ubuntu.com/5837-2/
reference_id USN-5837-2
reference_type
scores
url https://usn.ubuntu.com/5837-2/
fixed_packages
0
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-4kcg-gx5y-cuaw
3
vulnerability VCID-4tyd-97z5-z3ar
4
vulnerability VCID-55xg-pw9n-zkdy
5
vulnerability VCID-5xtt-au84-zbb2
6
vulnerability VCID-9gq3-whr8-s7b8
7
vulnerability VCID-9kvc-1bdz-n3bd
8
vulnerability VCID-abpe-htm1-9ubp
9
vulnerability VCID-bb8b-hq41-s7a6
10
vulnerability VCID-e12b-tw2c-53c9
11
vulnerability VCID-e8j6-mybr-17fh
12
vulnerability VCID-eqsc-axng-ckca
13
vulnerability VCID-fcg9-xypn-ykhf
14
vulnerability VCID-fsaw-3ta1-x3dw
15
vulnerability VCID-fsz5-dkw2-hyap
16
vulnerability VCID-fxuu-kk52-r7ch
17
vulnerability VCID-ga7z-wj4j-63h1
18
vulnerability VCID-hsjn-xnpp-5yeh
19
vulnerability VCID-jgv9-vdbm-sycd
20
vulnerability VCID-jybd-p65h-xffy
21
vulnerability VCID-kxdd-yzp3-r7cb
22
vulnerability VCID-m33h-4p9q-63fb
23
vulnerability VCID-m4am-h2ea-3ffr
24
vulnerability VCID-n2v7-jqjy-37bc
25
vulnerability VCID-pa7y-gpwp-6qgj
26
vulnerability VCID-phkp-9abp-f3dq
27
vulnerability VCID-qgp1-4efd-6yg6
28
vulnerability VCID-qy1a-x3ff-4bc8
29
vulnerability VCID-rqqc-ta7c-ykgx
30
vulnerability VCID-s1rj-1xbw-fbg5
31
vulnerability VCID-shch-yusm-1uck
32
vulnerability VCID-shjc-2j68-2yfy
33
vulnerability VCID-tktt-vg92-6kae
34
vulnerability VCID-tuqc-c251-h7ds
35
vulnerability VCID-ud73-4t2c-n3at
36
vulnerability VCID-vgq9-s6th-yufg
37
vulnerability VCID-w777-44ns-cybg
38
vulnerability VCID-wa3g-27sx-mbcw
39
vulnerability VCID-whgc-pt2s-77ar
40
vulnerability VCID-xcmd-18ck-gqae
41
vulnerability VCID-ynt9-h6ww-h7e9
42
vulnerability VCID-yuda-1mur-8bbq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
aliases BIT-django-2023-23969, CVE-2023-23969, GHSA-q2jf-h9jm-m7p4, PYSEC-2023-12
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-au8h-vj9k-pufv
15
url VCID-bb8b-hq41-s7a6
vulnerability_id VCID-bb8b-hq41-s7a6
summary An issue was discovered in Django 5.2 before 5.2.2, 5.1 before 5.1.10, and 4.2 before 4.2.22. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48432.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48432.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-48432
reference_id
reference_type
scores
0
value 0.00411
scoring_system epss
scoring_elements 0.61802
published_at 2026-06-09T12:55:00Z
1
value 0.00411
scoring_system epss
scoring_elements 0.61803
published_at 2026-06-05T12:55:00Z
2
value 0.00411
scoring_system epss
scoring_elements 0.61812
published_at 2026-06-06T12:55:00Z
3
value 0.00411
scoring_system epss
scoring_elements 0.618
published_at 2026-06-07T12:55:00Z
4
value 0.00411
scoring_system epss
scoring_elements 0.61785
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-48432
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
26
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/
url https://docs.djangoproject.com/en/dev/releases/security/
27
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
28
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
29
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-47.yaml
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-47.yaml
30
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/
url https://groups.google.com/g/django-announce
31
reference_url https://www.djangoproject.com/weblog/2025/jun/04/security-releases
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2025/jun/04/security-releases
32
reference_url https://www.djangoproject.com/weblog/2025/jun/04/security-releases/
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/
url https://www.djangoproject.com/weblog/2025/jun/04/security-releases/
33
reference_url https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases
34
reference_url http://www.openwall.com/lists/oss-security/2025/06/04/5
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/06/04/5
35
reference_url http://www.openwall.com/lists/oss-security/2025/06/10/2
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/06/10/2
36
reference_url http://www.openwall.com/lists/oss-security/2025/06/10/3
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/06/10/3
37
reference_url http://www.openwall.com/lists/oss-security/2025/06/10/4
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/06/10/4
38
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107282
reference_id 1107282
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107282
39
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2370365
reference_id 2370365
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2370365
40
reference_url https://security.archlinux.org/ASA-202506-6
reference_id ASA-202506-6
reference_type
scores
url https://security.archlinux.org/ASA-202506-6
41
reference_url https://security.archlinux.org/AVG-2894
reference_id AVG-2894
reference_type
scores
0
value Low
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2894
42
reference_url https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases/
reference_id bugfix-releases
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/
url https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases/
43
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-48432
reference_id CVE-2025-48432
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-48432
44
reference_url https://github.com/advisories/GHSA-7xr5-9hcq-chf9
reference_id GHSA-7xr5-9hcq-chf9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7xr5-9hcq-chf9
45
reference_url https://access.redhat.com/errata/RHSA-2025:14686
reference_id RHSA-2025:14686
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14686
46
reference_url https://access.redhat.com/errata/RHSA-2025:16487
reference_id RHSA-2025:16487
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:16487
47
reference_url https://usn.ubuntu.com/7555-1/
reference_id USN-7555-1
reference_type
scores
url https://usn.ubuntu.com/7555-1/
fixed_packages
0
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-55xg-pw9n-zkdy
3
vulnerability VCID-9gq3-whr8-s7b8
4
vulnerability VCID-abpe-htm1-9ubp
5
vulnerability VCID-eqsc-axng-ckca
6
vulnerability VCID-fsz5-dkw2-hyap
7
vulnerability VCID-fxuu-kk52-r7ch
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-kxdd-yzp3-r7cb
11
vulnerability VCID-m4am-h2ea-3ffr
12
vulnerability VCID-phkp-9abp-f3dq
13
vulnerability VCID-rqqc-ta7c-ykgx
14
vulnerability VCID-tktt-vg92-6kae
15
vulnerability VCID-tuqc-c251-h7ds
16
vulnerability VCID-w777-44ns-cybg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
aliases BIT-django-2025-48432, CVE-2025-48432, GHSA-7xr5-9hcq-chf9, PYSEC-2025-47
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bb8b-hq41-s7a6
16
url VCID-c3m7-fu62-2qd9
vulnerability_id VCID-c3m7-fu62-2qd9
summary An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14232.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14232.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14232
reference_id
reference_type
scores
0
value 0.0297
scoring_system epss
scoring_elements 0.86781
published_at 2026-06-07T12:55:00Z
1
value 0.0297
scoring_system epss
scoring_elements 0.86763
published_at 2026-06-04T12:55:00Z
2
value 0.0297
scoring_system epss
scoring_elements 0.86784
published_at 2026-06-06T12:55:00Z
3
value 0.0297
scoring_system epss
scoring_elements 0.86786
published_at 2026-06-05T12:55:00Z
4
value 0.0297
scoring_system epss
scoring_elements 0.86782
published_at 2026-06-09T12:55:00Z
5
value 0.0297
scoring_system epss
scoring_elements 0.8677
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14232
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14233
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14233
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14234
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14234
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14235
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14235
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
25
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
26
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
27
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
28
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
29
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
30
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
31
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/
url https://docs.djangoproject.com/en/dev/releases/security/
32
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
33
reference_url https://github.com/advisories/GHSA-c4qh-4vgv-qc6g
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-c4qh-4vgv-qc6g
34
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
35
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-11.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-11.yaml
36
reference_url https://github.com/pypa/advisory-db/tree/main/vulns/django/PYSEC-2019-11.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-db/tree/main/vulns/django/PYSEC-2019-11.yaml
37
reference_url https://groups.google.com/forum/#%21topic/django-announce/jIoju2-KLDs
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/
url https://groups.google.com/forum/#%21topic/django-announce/jIoju2-KLDs
38
reference_url https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
39
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK
40
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK
41
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
42
reference_url https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/3LGJSPCN3VEG2UJPYCUB6TU75JTIV2TQ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/3LGJSPCN3VEG2UJPYCUB6TU75JTIV2TQ
43
reference_url https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/5XTP44JEOSNXRVW4JDZXA5XGMBDZLWSW
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/5XTP44JEOSNXRVW4JDZXA5XGMBDZLWSW
44
reference_url https://seclists.org/bugtraq/2019/Aug/15
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/
url https://seclists.org/bugtraq/2019/Aug/15
45
reference_url https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/
url https://security.gentoo.org/glsa/202004-17
46
reference_url https://security.netapp.com/advisory/ntap-20190828-0002
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190828-0002
47
reference_url https://security.netapp.com/advisory/ntap-20190828-0002/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/
url https://security.netapp.com/advisory/ntap-20190828-0002/
48
reference_url https://www.debian.org/security/2019/dsa-4498
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/
url https://www.debian.org/security/2019/dsa-4498
49
reference_url https://www.djangoproject.com/weblog/2019/aug/01/security-releases
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2019/aug/01/security-releases
50
reference_url https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/
url https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
51
reference_url https://www.openwall.com/lists/oss-security/2023/10/04/6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2023/10/04/6
52
reference_url http://www.openwall.com/lists/oss-security/2023/10/04/6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/
url http://www.openwall.com/lists/oss-security/2023/10/04/6
53
reference_url http://www.openwall.com/lists/oss-security/2024/03/04/1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/
url http://www.openwall.com/lists/oss-security/2024/03/04/1
54
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1734405
reference_id 1734405
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1734405
55
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934026
reference_id 934026
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934026
56
reference_url https://security.archlinux.org/ASA-201908-2
reference_id ASA-201908-2
reference_type
scores
url https://security.archlinux.org/ASA-201908-2
57
reference_url https://security.archlinux.org/AVG-1015
reference_id AVG-1015
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1015
58
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14232
reference_id CVE-2019-14232
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-14232
59
reference_url https://access.redhat.com/errata/RHSA-2020:1324
reference_id RHSA-2020:1324
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1324
60
reference_url https://access.redhat.com/errata/RHSA-2020:4390
reference_id RHSA-2020:4390
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4390
61
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
reference_id STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
62
reference_url https://usn.ubuntu.com/4084-1/
reference_id USN-4084-1
reference_type
scores
url https://usn.ubuntu.com/4084-1/
fixed_packages
0
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-4kcg-gx5y-cuaw
3
vulnerability VCID-4tyd-97z5-z3ar
4
vulnerability VCID-55xg-pw9n-zkdy
5
vulnerability VCID-5xtt-au84-zbb2
6
vulnerability VCID-9gq3-whr8-s7b8
7
vulnerability VCID-9kvc-1bdz-n3bd
8
vulnerability VCID-abpe-htm1-9ubp
9
vulnerability VCID-bb8b-hq41-s7a6
10
vulnerability VCID-e12b-tw2c-53c9
11
vulnerability VCID-e8j6-mybr-17fh
12
vulnerability VCID-eqsc-axng-ckca
13
vulnerability VCID-fcg9-xypn-ykhf
14
vulnerability VCID-fsaw-3ta1-x3dw
15
vulnerability VCID-fsz5-dkw2-hyap
16
vulnerability VCID-fxuu-kk52-r7ch
17
vulnerability VCID-ga7z-wj4j-63h1
18
vulnerability VCID-hsjn-xnpp-5yeh
19
vulnerability VCID-jgv9-vdbm-sycd
20
vulnerability VCID-jybd-p65h-xffy
21
vulnerability VCID-kxdd-yzp3-r7cb
22
vulnerability VCID-m33h-4p9q-63fb
23
vulnerability VCID-m4am-h2ea-3ffr
24
vulnerability VCID-n2v7-jqjy-37bc
25
vulnerability VCID-pa7y-gpwp-6qgj
26
vulnerability VCID-phkp-9abp-f3dq
27
vulnerability VCID-qgp1-4efd-6yg6
28
vulnerability VCID-qy1a-x3ff-4bc8
29
vulnerability VCID-rqqc-ta7c-ykgx
30
vulnerability VCID-s1rj-1xbw-fbg5
31
vulnerability VCID-shch-yusm-1uck
32
vulnerability VCID-shjc-2j68-2yfy
33
vulnerability VCID-tktt-vg92-6kae
34
vulnerability VCID-tuqc-c251-h7ds
35
vulnerability VCID-ud73-4t2c-n3at
36
vulnerability VCID-vgq9-s6th-yufg
37
vulnerability VCID-w777-44ns-cybg
38
vulnerability VCID-wa3g-27sx-mbcw
39
vulnerability VCID-whgc-pt2s-77ar
40
vulnerability VCID-xcmd-18ck-gqae
41
vulnerability VCID-ynt9-h6ww-h7e9
42
vulnerability VCID-yuda-1mur-8bbq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
aliases CVE-2019-14232, GHSA-c4qh-4vgv-qc6g, PYSEC-2019-11
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c3m7-fu62-2qd9
17
url VCID-drwp-htkk-bkfh
vulnerability_id VCID-drwp-htkk-bkfh
summary sql injection
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28347.json
reference_id
reference_type
scores
0
value 9.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28347.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-28347
reference_id
reference_type
scores
0
value 0.00748
scoring_system epss
scoring_elements 0.73481
published_at 2026-06-07T12:55:00Z
1
value 0.00748
scoring_system epss
scoring_elements 0.73453
published_at 2026-06-04T12:55:00Z
2
value 0.00748
scoring_system epss
scoring_elements 0.73489
published_at 2026-06-05T12:55:00Z
3
value 0.00748
scoring_system epss
scoring_elements 0.73494
published_at 2026-06-09T12:55:00Z
4
value 0.00748
scoring_system epss
scoring_elements 0.73469
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-28347
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22818
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22818
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23833
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28346
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28346
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28347
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28347
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34265
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34265
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36359
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36359
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41323
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41323
9
reference_url https://docs.djangoproject.com/en/4.0/releases/security
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/4.0/releases/security
10
reference_url https://docs.djangoproject.com/en/4.0/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.0/releases/security/
11
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
12
reference_url https://github.com/advisories/GHSA-w24h-v9qh-8gxj
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-w24h-v9qh-8gxj
13
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
14
reference_url https://github.com/django/django/commit/00b0fc50e1738c7174c495464a5ef069408a4402
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/00b0fc50e1738c7174c495464a5ef069408a4402
15
reference_url https://github.com/django/django/commit/29a6c98b4c13af82064f993f0acc6e8fafa4d3f5
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/29a6c98b4c13af82064f993f0acc6e8fafa4d3f5
16
reference_url https://github.com/django/django/commit/6723a26e59b0b5429a0c5873941e01a2e1bdbb81
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/6723a26e59b0b5429a0c5873941e01a2e1bdbb81
17
reference_url https://github.com/django/django/commit/9e19accb6e0a00ba77d5a95a91675bf18877c72d
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/9e19accb6e0a00ba77d5a95a91675bf18877c72d
18
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-191.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-191.yaml
19
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!forum/django-announce
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
22
reference_url https://www.debian.org/security/2022/dsa-5254
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2022/dsa-5254
23
reference_url https://www.djangoproject.com/weblog/2022/apr/11/security-releases
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2022/apr/11/security-releases
24
reference_url https://www.djangoproject.com/weblog/2022/apr/11/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2022/apr/11/security-releases/
25
reference_url http://www.openwall.com/lists/oss-security/2022/04/11/1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/04/11/1
26
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009677
reference_id 1009677
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009677
27
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2072459
reference_id 2072459
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2072459
28
reference_url https://security.archlinux.org/ASA-202204-9
reference_id ASA-202204-9
reference_type
scores
url https://security.archlinux.org/ASA-202204-9
29
reference_url https://security.archlinux.org/AVG-2667
reference_id AVG-2667
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2667
30
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-28347
reference_id CVE-2022-28347
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-28347
31
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
32
reference_url https://access.redhat.com/errata/RHSA-2022:5498
reference_id RHSA-2022:5498
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5498
33
reference_url https://access.redhat.com/errata/RHSA-2022:5602
reference_id RHSA-2022:5602
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5602
34
reference_url https://access.redhat.com/errata/RHSA-2022:5702
reference_id RHSA-2022:5702
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5702
35
reference_url https://access.redhat.com/errata/RHSA-2022:5703
reference_id RHSA-2022:5703
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5703
36
reference_url https://usn.ubuntu.com/5373-1/
reference_id USN-5373-1
reference_type
scores
url https://usn.ubuntu.com/5373-1/
fixed_packages
0
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-4kcg-gx5y-cuaw
3
vulnerability VCID-4tyd-97z5-z3ar
4
vulnerability VCID-55xg-pw9n-zkdy
5
vulnerability VCID-5xtt-au84-zbb2
6
vulnerability VCID-9gq3-whr8-s7b8
7
vulnerability VCID-9kvc-1bdz-n3bd
8
vulnerability VCID-abpe-htm1-9ubp
9
vulnerability VCID-bb8b-hq41-s7a6
10
vulnerability VCID-e12b-tw2c-53c9
11
vulnerability VCID-e8j6-mybr-17fh
12
vulnerability VCID-eqsc-axng-ckca
13
vulnerability VCID-fcg9-xypn-ykhf
14
vulnerability VCID-fsaw-3ta1-x3dw
15
vulnerability VCID-fsz5-dkw2-hyap
16
vulnerability VCID-fxuu-kk52-r7ch
17
vulnerability VCID-ga7z-wj4j-63h1
18
vulnerability VCID-hsjn-xnpp-5yeh
19
vulnerability VCID-jgv9-vdbm-sycd
20
vulnerability VCID-jybd-p65h-xffy
21
vulnerability VCID-kxdd-yzp3-r7cb
22
vulnerability VCID-m33h-4p9q-63fb
23
vulnerability VCID-m4am-h2ea-3ffr
24
vulnerability VCID-n2v7-jqjy-37bc
25
vulnerability VCID-pa7y-gpwp-6qgj
26
vulnerability VCID-phkp-9abp-f3dq
27
vulnerability VCID-qgp1-4efd-6yg6
28
vulnerability VCID-qy1a-x3ff-4bc8
29
vulnerability VCID-rqqc-ta7c-ykgx
30
vulnerability VCID-s1rj-1xbw-fbg5
31
vulnerability VCID-shch-yusm-1uck
32
vulnerability VCID-shjc-2j68-2yfy
33
vulnerability VCID-tktt-vg92-6kae
34
vulnerability VCID-tuqc-c251-h7ds
35
vulnerability VCID-ud73-4t2c-n3at
36
vulnerability VCID-vgq9-s6th-yufg
37
vulnerability VCID-w777-44ns-cybg
38
vulnerability VCID-wa3g-27sx-mbcw
39
vulnerability VCID-whgc-pt2s-77ar
40
vulnerability VCID-xcmd-18ck-gqae
41
vulnerability VCID-ynt9-h6ww-h7e9
42
vulnerability VCID-yuda-1mur-8bbq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
aliases BIT-django-2022-28347, CVE-2022-28347, GHSA-w24h-v9qh-8gxj, PYSEC-2022-191
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-drwp-htkk-bkfh
18
url VCID-e12b-tw2c-53c9
vulnerability_id VCID-e12b-tw2c-53c9
summary An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41991.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41991.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-41991
reference_id
reference_type
scores
0
value 0.0091
scoring_system epss
scoring_elements 0.76222
published_at 2026-06-05T12:55:00Z
1
value 0.0091
scoring_system epss
scoring_elements 0.7623
published_at 2026-06-09T12:55:00Z
2
value 0.0091
scoring_system epss
scoring_elements 0.76224
published_at 2026-06-06T12:55:00Z
3
value 0.0091
scoring_system epss
scoring_elements 0.76206
published_at 2026-06-08T12:55:00Z
4
value 0.0091
scoring_system epss
scoring_elements 0.76217
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-41991
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
26
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-07T17:57:11Z/
url https://docs.djangoproject.com/en/dev/releases/security/
27
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
28
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
29
reference_url https://github.com/django/django/commit/523da8771bce321023f490f70d71a9e973ddc927
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/523da8771bce321023f490f70d71a9e973ddc927
30
reference_url https://github.com/django/django/commit/efea1ef7e2190e3f77ca0651b5458297bc0f6a9f
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/efea1ef7e2190e3f77ca0651b5458297bc0f6a9f
31
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-69.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-69.yaml
32
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-07T17:57:11Z/
url https://groups.google.com/forum/#%21forum/django-announce
33
reference_url https://security.netapp.com/advisory/ntap-20240905-0007
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240905-0007
34
reference_url https://www.djangoproject.com/weblog/2024/aug/06/security-releases
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2024/aug/06/security-releases
35
reference_url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-07T17:57:11Z/
url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
36
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074
reference_id 1078074
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074
37
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2302435
reference_id 2302435
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2302435
38
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-41991
reference_id CVE-2024-41991
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-41991
39
reference_url https://github.com/advisories/GHSA-r836-hh6v-rg5g
reference_id GHSA-r836-hh6v-rg5g
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r836-hh6v-rg5g
40
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
41
reference_url https://access.redhat.com/errata/RHSA-2024:6428
reference_id RHSA-2024:6428
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6428
42
reference_url https://access.redhat.com/errata/RHSA-2024:7987
reference_id RHSA-2024:7987
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:7987
43
reference_url https://access.redhat.com/errata/RHSA-2025:1335
reference_id RHSA-2025:1335
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1335
44
reference_url https://usn.ubuntu.com/6946-1/
reference_id USN-6946-1
reference_type
scores
url https://usn.ubuntu.com/6946-1/
fixed_packages
0
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-55xg-pw9n-zkdy
3
vulnerability VCID-9gq3-whr8-s7b8
4
vulnerability VCID-abpe-htm1-9ubp
5
vulnerability VCID-eqsc-axng-ckca
6
vulnerability VCID-fsz5-dkw2-hyap
7
vulnerability VCID-fxuu-kk52-r7ch
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-kxdd-yzp3-r7cb
11
vulnerability VCID-m4am-h2ea-3ffr
12
vulnerability VCID-phkp-9abp-f3dq
13
vulnerability VCID-rqqc-ta7c-ykgx
14
vulnerability VCID-tktt-vg92-6kae
15
vulnerability VCID-tuqc-c251-h7ds
16
vulnerability VCID-w777-44ns-cybg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
aliases BIT-django-2024-41991, CVE-2024-41991, GHSA-r836-hh6v-rg5g, PYSEC-2024-69
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e12b-tw2c-53c9
19
url VCID-e8j6-mybr-17fh
vulnerability_id VCID-e8j6-mybr-17fh
summary An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations from the parent class, potentially allow directory traversal via certain inputs during a save() call. (Built-in Storage sub-classes are unaffected.)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39330.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39330.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-39330
reference_id
reference_type
scores
0
value 0.00186
scoring_system epss
scoring_elements 0.40254
published_at 2026-06-09T12:55:00Z
1
value 0.00186
scoring_system epss
scoring_elements 0.4024
published_at 2026-06-08T12:55:00Z
2
value 0.00186
scoring_system epss
scoring_elements 0.40269
published_at 2026-06-07T12:55:00Z
3
value 0.00186
scoring_system epss
scoring_elements 0.40297
published_at 2026-06-06T12:55:00Z
4
value 0.00186
scoring_system epss
scoring_elements 0.40294
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-39330
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
26
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-10T13:59:56Z/
url https://docs.djangoproject.com/en/dev/releases/security/
27
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
28
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
29
reference_url https://github.com/django/django/commit/2b00edc0151a660d1eb86da4059904a0fc4e095e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/2b00edc0151a660d1eb86da4059904a0fc4e095e
30
reference_url https://github.com/django/django/commit/9f4f63e9ebb7bf6cb9547ee4e2526b9b96703270
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/9f4f63e9ebb7bf6cb9547ee4e2526b9b96703270
31
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-58.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-58.yaml
32
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-10T13:59:56Z/
url https://groups.google.com/forum/#%21forum/django-announce
33
reference_url https://security.netapp.com/advisory/ntap-20240808-0005
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240808-0005
34
reference_url https://www.djangoproject.com/weblog/2024/jul/09/security-releases
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2024/jul/09/security-releases
35
reference_url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-10T13:59:56Z/
url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
36
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076069
reference_id 1076069
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076069
37
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2295937
reference_id 2295937
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2295937
38
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-39330
reference_id CVE-2024-39330
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-39330
39
reference_url https://github.com/advisories/GHSA-9jmf-237g-qf46
reference_id GHSA-9jmf-237g-qf46
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9jmf-237g-qf46
40
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
41
reference_url https://access.redhat.com/errata/RHSA-2024:6428
reference_id RHSA-2024:6428
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6428
42
reference_url https://access.redhat.com/errata/RHSA-2024:8906
reference_id RHSA-2024:8906
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8906
43
reference_url https://access.redhat.com/errata/RHSA-2024:9481
reference_id RHSA-2024:9481
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9481
44
reference_url https://usn.ubuntu.com/6888-1/
reference_id USN-6888-1
reference_type
scores
url https://usn.ubuntu.com/6888-1/
45
reference_url https://usn.ubuntu.com/6888-2/
reference_id USN-6888-2
reference_type
scores
url https://usn.ubuntu.com/6888-2/
fixed_packages
0
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-55xg-pw9n-zkdy
3
vulnerability VCID-9gq3-whr8-s7b8
4
vulnerability VCID-abpe-htm1-9ubp
5
vulnerability VCID-eqsc-axng-ckca
6
vulnerability VCID-fsz5-dkw2-hyap
7
vulnerability VCID-fxuu-kk52-r7ch
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-kxdd-yzp3-r7cb
11
vulnerability VCID-m4am-h2ea-3ffr
12
vulnerability VCID-phkp-9abp-f3dq
13
vulnerability VCID-rqqc-ta7c-ykgx
14
vulnerability VCID-tktt-vg92-6kae
15
vulnerability VCID-tuqc-c251-h7ds
16
vulnerability VCID-w777-44ns-cybg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
aliases BIT-django-2024-39330, CVE-2024-39330, GHSA-9jmf-237g-qf46, PYSEC-2024-58
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e8j6-mybr-17fh
20
url VCID-f4a7-tcz5-byfj
vulnerability_id VCID-f4a7-tcz5-byfj
summary In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36053.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36053.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-36053
reference_id
reference_type
scores
0
value 0.08919
scoring_system epss
scoring_elements 0.9273
published_at 2026-06-08T12:55:00Z
1
value 0.08919
scoring_system epss
scoring_elements 0.92742
published_at 2026-06-05T12:55:00Z
2
value 0.08919
scoring_system epss
scoring_elements 0.92737
published_at 2026-06-06T12:55:00Z
3
value 0.08919
scoring_system epss
scoring_elements 0.92745
published_at 2026-06-09T12:55:00Z
4
value 0.08919
scoring_system epss
scoring_elements 0.92732
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-36053
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36053
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36053
3
reference_url https://docs.djangoproject.com/en/4.2/releases/security
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/4.2/releases/security
4
reference_url https://docs.djangoproject.com/en/4.2/releases/security/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:03:28Z/
url https://docs.djangoproject.com/en/4.2/releases/security/
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
7
reference_url https://github.com/django/django/commit/454f2fb93437f98917283336201b4048293f7582
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/454f2fb93437f98917283336201b4048293f7582
8
reference_url https://github.com/django/django/commit/ad0410ec4f458aa39803e5f6b9a3736527062dcd
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/ad0410ec4f458aa39803e5f6b9a3736527062dcd
9
reference_url https://github.com/django/django/commit/b7c5feb35a31799de6e582ad6a5a91a9de74e0f9
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/b7c5feb35a31799de6e582ad6a5a91a9de74e0f9
10
reference_url https://github.com/django/django/commit/beb3f3d55940d9aa7198bf9d424ab74e873aec3d
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/beb3f3d55940d9aa7198bf9d424ab74e873aec3d
11
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-100.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-100.yaml
12
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:03:28Z/
url https://groups.google.com/forum/#%21forum/django-announce
13
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!forum/django-announce
14
reference_url https://lists.debian.org/debian-lts-announce/2023/07/msg00022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:03:28Z/
url https://lists.debian.org/debian-lts-announce/2023/07/msg00022.html
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
21
reference_url https://www.debian.org/security/2023/dsa-5465
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:03:28Z/
url https://www.debian.org/security/2023/dsa-5465
22
reference_url https://www.djangoproject.com/weblog/2023/jul/03/security-releases
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2023/jul/03/security-releases
23
reference_url https://www.djangoproject.com/weblog/2023/jul/03/security-releases/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:03:28Z/
url https://www.djangoproject.com/weblog/2023/jul/03/security-releases/
24
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040225
reference_id 1040225
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040225
25
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2218004
reference_id 2218004
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2218004
26
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-36053
reference_id CVE-2023-36053
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-36053
27
reference_url https://github.com/advisories/GHSA-jh3w-4vvf-mjgr
reference_id GHSA-jh3w-4vvf-mjgr
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jh3w-4vvf-mjgr
28
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A/
reference_id NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:03:28Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A/
29
reference_url https://access.redhat.com/errata/RHSA-2023:4692
reference_id RHSA-2023:4692
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4692
30
reference_url https://access.redhat.com/errata/RHSA-2023:4693
reference_id RHSA-2023:4693
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4693
31
reference_url https://access.redhat.com/errata/RHSA-2023:5931
reference_id RHSA-2023:5931
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5931
32
reference_url https://access.redhat.com/errata/RHSA-2023:6818
reference_id RHSA-2023:6818
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6818
33
reference_url https://access.redhat.com/errata/RHSA-2024:0212
reference_id RHSA-2024:0212
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0212
34
reference_url https://access.redhat.com/errata/RHSA-2024:1878
reference_id RHSA-2024:1878
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1878
35
reference_url https://usn.ubuntu.com/6203-1/
reference_id USN-6203-1
reference_type
scores
url https://usn.ubuntu.com/6203-1/
36
reference_url https://usn.ubuntu.com/6203-2/
reference_id USN-6203-2
reference_type
scores
url https://usn.ubuntu.com/6203-2/
37
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS/
reference_id XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:03:28Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS/
38
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/
reference_id ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:03:28Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/
fixed_packages
0
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-4kcg-gx5y-cuaw
3
vulnerability VCID-4tyd-97z5-z3ar
4
vulnerability VCID-55xg-pw9n-zkdy
5
vulnerability VCID-5xtt-au84-zbb2
6
vulnerability VCID-9gq3-whr8-s7b8
7
vulnerability VCID-9kvc-1bdz-n3bd
8
vulnerability VCID-abpe-htm1-9ubp
9
vulnerability VCID-bb8b-hq41-s7a6
10
vulnerability VCID-e12b-tw2c-53c9
11
vulnerability VCID-e8j6-mybr-17fh
12
vulnerability VCID-eqsc-axng-ckca
13
vulnerability VCID-fcg9-xypn-ykhf
14
vulnerability VCID-fsaw-3ta1-x3dw
15
vulnerability VCID-fsz5-dkw2-hyap
16
vulnerability VCID-fxuu-kk52-r7ch
17
vulnerability VCID-ga7z-wj4j-63h1
18
vulnerability VCID-hsjn-xnpp-5yeh
19
vulnerability VCID-jgv9-vdbm-sycd
20
vulnerability VCID-jybd-p65h-xffy
21
vulnerability VCID-kxdd-yzp3-r7cb
22
vulnerability VCID-m33h-4p9q-63fb
23
vulnerability VCID-m4am-h2ea-3ffr
24
vulnerability VCID-n2v7-jqjy-37bc
25
vulnerability VCID-pa7y-gpwp-6qgj
26
vulnerability VCID-phkp-9abp-f3dq
27
vulnerability VCID-qgp1-4efd-6yg6
28
vulnerability VCID-qy1a-x3ff-4bc8
29
vulnerability VCID-rqqc-ta7c-ykgx
30
vulnerability VCID-s1rj-1xbw-fbg5
31
vulnerability VCID-shch-yusm-1uck
32
vulnerability VCID-shjc-2j68-2yfy
33
vulnerability VCID-tktt-vg92-6kae
34
vulnerability VCID-tuqc-c251-h7ds
35
vulnerability VCID-ud73-4t2c-n3at
36
vulnerability VCID-vgq9-s6th-yufg
37
vulnerability VCID-w777-44ns-cybg
38
vulnerability VCID-wa3g-27sx-mbcw
39
vulnerability VCID-whgc-pt2s-77ar
40
vulnerability VCID-xcmd-18ck-gqae
41
vulnerability VCID-ynt9-h6ww-h7e9
42
vulnerability VCID-yuda-1mur-8bbq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
aliases BIT-django-2023-36053, CVE-2023-36053, GHSA-jh3w-4vvf-mjgr, PYSEC-2023-100
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f4a7-tcz5-byfj
21
url VCID-fcg9-xypn-ykhf
vulnerability_id VCID-fcg9-xypn-ykhf
summary 
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27.
Algorithmic complexity in `django.core.serializers.xml_serializer.getInnerText()` allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML input processed by the XML `Deserializer`.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Seokchan Yoon for reporting this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64460.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64460.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-64460
reference_id
reference_type
scores
0
value 0.00067
scoring_system epss
scoring_elements 0.21005
published_at 2026-06-06T12:55:00Z
1
value 0.00067
scoring_system epss
scoring_elements 0.20898
published_at 2026-06-09T12:55:00Z
2
value 0.00067
scoring_system epss
scoring_elements 0.20895
published_at 2026-06-08T12:55:00Z
3
value 0.00067
scoring_system epss
scoring_elements 0.21018
published_at 2026-06-05T12:55:00Z
4
value 0.00067
scoring_system epss
scoring_elements 0.20959
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-64460
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
26
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:53:53Z/
url https://docs.djangoproject.com/en/dev/releases/security/
27
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
28
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
29
reference_url https://github.com/django/django/commit/0db9ea4669312f1f4973e09f4bca06ab9c1ec74b
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/0db9ea4669312f1f4973e09f4bca06ab9c1ec74b
30
reference_url https://github.com/django/django/commit/1dbd07a608e495a0c229edaaf84d58d8976313b5
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/1dbd07a608e495a0c229edaaf84d58d8976313b5
31
reference_url https://github.com/django/django/commit/4d2b8803bebcdefd2b76e9e8fc528d5fddea93f0
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/4d2b8803bebcdefd2b76e9e8fc528d5fddea93f0
32
reference_url https://github.com/django/django/commit/99e7d22f55497278d0bcb2e15e72ef532e62a31d
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/99e7d22f55497278d0bcb2e15e72ef532e62a31d
33
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-109.yaml
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-109.yaml
34
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:53:53Z/
url https://groups.google.com/g/django-announce
35
reference_url https://www.djangoproject.com/weblog/2025/dec/02/security-releases
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2025/dec/02/security-releases
36
reference_url https://www.djangoproject.com/weblog/2025/dec/02/security-releases/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:53:53Z/
url https://www.djangoproject.com/weblog/2025/dec/02/security-releases/
37
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121788
reference_id 1121788
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121788
38
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2418366
reference_id 2418366
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2418366
39
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-64460
reference_id CVE-2025-64460
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-64460
40
reference_url https://github.com/advisories/GHSA-vrcr-9hj9-jcg6
reference_id GHSA-vrcr-9hj9-jcg6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vrcr-9hj9-jcg6
41
reference_url https://access.redhat.com/errata/RHSA-2026:0414
reference_id RHSA-2026:0414
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0414
42
reference_url https://access.redhat.com/errata/RHSA-2026:1249
reference_id RHSA-2026:1249
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1249
43
reference_url https://access.redhat.com/errata/RHSA-2026:1497
reference_id RHSA-2026:1497
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1497
44
reference_url https://access.redhat.com/errata/RHSA-2026:1506
reference_id RHSA-2026:1506
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1506
45
reference_url https://access.redhat.com/errata/RHSA-2026:1599
reference_id RHSA-2026:1599
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1599
46
reference_url https://access.redhat.com/errata/RHSA-2026:1609
reference_id RHSA-2026:1609
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1609
47
reference_url https://usn.ubuntu.com/7903-1/
reference_id USN-7903-1
reference_type
scores
url https://usn.ubuntu.com/7903-1/
fixed_packages
0
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-55xg-pw9n-zkdy
3
vulnerability VCID-9gq3-whr8-s7b8
4
vulnerability VCID-abpe-htm1-9ubp
5
vulnerability VCID-eqsc-axng-ckca
6
vulnerability VCID-fsz5-dkw2-hyap
7
vulnerability VCID-fxuu-kk52-r7ch
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-kxdd-yzp3-r7cb
11
vulnerability VCID-m4am-h2ea-3ffr
12
vulnerability VCID-phkp-9abp-f3dq
13
vulnerability VCID-rqqc-ta7c-ykgx
14
vulnerability VCID-tktt-vg92-6kae
15
vulnerability VCID-tuqc-c251-h7ds
16
vulnerability VCID-w777-44ns-cybg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
aliases BIT-django-2025-64460, CVE-2025-64460, GHSA-vrcr-9hj9-jcg6, PYSEC-2025-109
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fcg9-xypn-ykhf
22
url VCID-fhp8-tck4-mye4
vulnerability_id VCID-fhp8-tck4-mye4
summary In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28658.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28658.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-28658
reference_id
reference_type
scores
0
value 0.01505
scoring_system epss
scoring_elements 0.81522
published_at 2026-06-07T12:55:00Z
1
value 0.01505
scoring_system epss
scoring_elements 0.81524
published_at 2026-06-06T12:55:00Z
2
value 0.01505
scoring_system epss
scoring_elements 0.81532
published_at 2026-06-09T12:55:00Z
3
value 0.01505
scoring_system epss
scoring_elements 0.81517
published_at 2026-06-08T12:55:00Z
4
value 0.01505
scoring_system epss
scoring_elements 0.81494
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-28658
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28658
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28658
3
reference_url https://docs.djangoproject.com/en/3.1/releases/security
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/3.1/releases/security
4
reference_url https://docs.djangoproject.com/en/3.1/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/3.1/releases/security/
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-xgxc-v2qg-chmh
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-xgxc-v2qg-chmh
7
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-6.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-6.yaml
9
reference_url https://groups.google.com/g/django-announce/c/ePr5j-ngdPU
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/django-announce/c/ePr5j-ngdPU
10
reference_url https://lists.debian.org/debian-lts-announce/2021/04/msg00008.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/04/msg00008.html
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/
13
reference_url https://pypi.org/project/Django
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pypi.org/project/Django
14
reference_url https://security.netapp.com/advisory/ntap-20210528-0001
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210528-0001
15
reference_url https://www.djangoproject.com/weblog/2021/apr/06/security-releases
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2021/apr/06/security-releases
16
reference_url https://www.djangoproject.com/weblog/2021/apr/06/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2021/apr/06/security-releases/
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986447
reference_id 986447
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986447
18
reference_url https://security.archlinux.org/AVG-1776
reference_id AVG-1776
reference_type
scores
0
value Low
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1776
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-28658
reference_id CVE-2021-28658
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-28658
20
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
21
reference_url https://access.redhat.com/errata/RHSA-2021:4702
reference_id RHSA-2021:4702
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4702
22
reference_url https://access.redhat.com/errata/RHSA-2021:5070
reference_id RHSA-2021:5070
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5070
23
reference_url https://usn.ubuntu.com/4902-1/
reference_id USN-4902-1
reference_type
scores
url https://usn.ubuntu.com/4902-1/
fixed_packages
0
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-4kcg-gx5y-cuaw
3
vulnerability VCID-4tyd-97z5-z3ar
4
vulnerability VCID-55xg-pw9n-zkdy
5
vulnerability VCID-5xtt-au84-zbb2
6
vulnerability VCID-9gq3-whr8-s7b8
7
vulnerability VCID-9kvc-1bdz-n3bd
8
vulnerability VCID-abpe-htm1-9ubp
9
vulnerability VCID-bb8b-hq41-s7a6
10
vulnerability VCID-e12b-tw2c-53c9
11
vulnerability VCID-e8j6-mybr-17fh
12
vulnerability VCID-eqsc-axng-ckca
13
vulnerability VCID-fcg9-xypn-ykhf
14
vulnerability VCID-fsaw-3ta1-x3dw
15
vulnerability VCID-fsz5-dkw2-hyap
16
vulnerability VCID-fxuu-kk52-r7ch
17
vulnerability VCID-ga7z-wj4j-63h1
18
vulnerability VCID-hsjn-xnpp-5yeh
19
vulnerability VCID-jgv9-vdbm-sycd
20
vulnerability VCID-jybd-p65h-xffy
21
vulnerability VCID-kxdd-yzp3-r7cb
22
vulnerability VCID-m33h-4p9q-63fb
23
vulnerability VCID-m4am-h2ea-3ffr
24
vulnerability VCID-n2v7-jqjy-37bc
25
vulnerability VCID-pa7y-gpwp-6qgj
26
vulnerability VCID-phkp-9abp-f3dq
27
vulnerability VCID-qgp1-4efd-6yg6
28
vulnerability VCID-qy1a-x3ff-4bc8
29
vulnerability VCID-rqqc-ta7c-ykgx
30
vulnerability VCID-s1rj-1xbw-fbg5
31
vulnerability VCID-shch-yusm-1uck
32
vulnerability VCID-shjc-2j68-2yfy
33
vulnerability VCID-tktt-vg92-6kae
34
vulnerability VCID-tuqc-c251-h7ds
35
vulnerability VCID-ud73-4t2c-n3at
36
vulnerability VCID-vgq9-s6th-yufg
37
vulnerability VCID-w777-44ns-cybg
38
vulnerability VCID-wa3g-27sx-mbcw
39
vulnerability VCID-whgc-pt2s-77ar
40
vulnerability VCID-xcmd-18ck-gqae
41
vulnerability VCID-ynt9-h6ww-h7e9
42
vulnerability VCID-yuda-1mur-8bbq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
aliases BIT-django-2021-28658, CVE-2021-28658, GHSA-xgxc-v2qg-chmh, PYSEC-2021-6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fhp8-tck4-mye4
23
url VCID-fksk-pr23-2yd8
vulnerability_id VCID-fksk-pr23-2yd8
summary An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45116.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45116.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-45116
reference_id
reference_type
scores
0
value 0.00363
scoring_system epss
scoring_elements 0.58706
published_at 2026-06-04T12:55:00Z
1
value 0.00363
scoring_system epss
scoring_elements 0.58749
published_at 2026-06-09T12:55:00Z
2
value 0.00363
scoring_system epss
scoring_elements 0.58757
published_at 2026-06-06T12:55:00Z
3
value 0.00363
scoring_system epss
scoring_elements 0.58752
published_at 2026-06-05T12:55:00Z
4
value 0.00363
scoring_system epss
scoring_elements 0.58735
published_at 2026-06-08T12:55:00Z
5
value 0.00363
scoring_system epss
scoring_elements 0.5875
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-45116
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45116
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45116
3
reference_url https://docs.djangoproject.com/en/4.0/releases/security
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/4.0/releases/security
4
reference_url https://docs.djangoproject.com/en/4.0/releases/security/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-22T15:36:53Z/
url https://docs.djangoproject.com/en/4.0/releases/security/
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-8c5j-9r9f-c6w8
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-8c5j-9r9f-c6w8
7
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
8
reference_url https://github.com/django/django/commit/2a8ec7f546d6d5806e221ec948c5146b55bd7489
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/2a8ec7f546d6d5806e221ec948c5146b55bd7489
9
reference_url https://github.com/django/django/commit/c7fe895bca06daf12cc1670b56eaf72a1ef27a16
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/c7fe895bca06daf12cc1670b56eaf72a1ef27a16
10
reference_url https://github.com/django/django/commit/c9f648ccfac5ab90fb2829a66da4f77e68c7f93a
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/c9f648ccfac5ab90fb2829a66da4f77e68c7f93a
11
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-2.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-2.yaml
12
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!forum/django-announce
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
14
reference_url https://security.netapp.com/advisory/ntap-20220121-0005
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220121-0005
15
reference_url https://www.djangoproject.com/weblog/2022/jan/04/security-releases
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2022/jan/04/security-releases
16
reference_url https://www.djangoproject.com/weblog/2022/jan/04/security-releases/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-22T15:36:53Z/
url https://www.djangoproject.com/weblog/2022/jan/04/security-releases/
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003113
reference_id 1003113
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003113
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2037025
reference_id 2037025
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2037025
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV/
reference_id B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-22T15:36:53Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV/
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-45116
reference_id CVE-2021-45116
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-45116
21
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
22
reference_url https://security.netapp.com/advisory/ntap-20220121-0005/
reference_id ntap-20220121-0005
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-22T15:36:53Z/
url https://security.netapp.com/advisory/ntap-20220121-0005/
23
reference_url https://access.redhat.com/errata/RHSA-2022:5498
reference_id RHSA-2022:5498
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5498
24
reference_url https://usn.ubuntu.com/5204-1/
reference_id USN-5204-1
reference_type
scores
url https://usn.ubuntu.com/5204-1/
fixed_packages
0
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-4kcg-gx5y-cuaw
3
vulnerability VCID-4tyd-97z5-z3ar
4
vulnerability VCID-55xg-pw9n-zkdy
5
vulnerability VCID-5xtt-au84-zbb2
6
vulnerability VCID-9gq3-whr8-s7b8
7
vulnerability VCID-9kvc-1bdz-n3bd
8
vulnerability VCID-abpe-htm1-9ubp
9
vulnerability VCID-bb8b-hq41-s7a6
10
vulnerability VCID-e12b-tw2c-53c9
11
vulnerability VCID-e8j6-mybr-17fh
12
vulnerability VCID-eqsc-axng-ckca
13
vulnerability VCID-fcg9-xypn-ykhf
14
vulnerability VCID-fsaw-3ta1-x3dw
15
vulnerability VCID-fsz5-dkw2-hyap
16
vulnerability VCID-fxuu-kk52-r7ch
17
vulnerability VCID-ga7z-wj4j-63h1
18
vulnerability VCID-hsjn-xnpp-5yeh
19
vulnerability VCID-jgv9-vdbm-sycd
20
vulnerability VCID-jybd-p65h-xffy
21
vulnerability VCID-kxdd-yzp3-r7cb
22
vulnerability VCID-m33h-4p9q-63fb
23
vulnerability VCID-m4am-h2ea-3ffr
24
vulnerability VCID-n2v7-jqjy-37bc
25
vulnerability VCID-pa7y-gpwp-6qgj
26
vulnerability VCID-phkp-9abp-f3dq
27
vulnerability VCID-qgp1-4efd-6yg6
28
vulnerability VCID-qy1a-x3ff-4bc8
29
vulnerability VCID-rqqc-ta7c-ykgx
30
vulnerability VCID-s1rj-1xbw-fbg5
31
vulnerability VCID-shch-yusm-1uck
32
vulnerability VCID-shjc-2j68-2yfy
33
vulnerability VCID-tktt-vg92-6kae
34
vulnerability VCID-tuqc-c251-h7ds
35
vulnerability VCID-ud73-4t2c-n3at
36
vulnerability VCID-vgq9-s6th-yufg
37
vulnerability VCID-w777-44ns-cybg
38
vulnerability VCID-wa3g-27sx-mbcw
39
vulnerability VCID-whgc-pt2s-77ar
40
vulnerability VCID-xcmd-18ck-gqae
41
vulnerability VCID-ynt9-h6ww-h7e9
42
vulnerability VCID-yuda-1mur-8bbq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
aliases BIT-django-2021-45116, CVE-2021-45116, GHSA-8c5j-9r9f-c6w8, PYSEC-2022-2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fksk-pr23-2yd8
24
url VCID-fsaw-3ta1-x3dw
vulnerability_id VCID-fsaw-3ta1-x3dw
summary In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27351.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27351.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-27351
reference_id
reference_type
scores
0
value 0.02611
scoring_system epss
scoring_elements 0.85948
published_at 2026-06-09T12:55:00Z
1
value 0.02611
scoring_system epss
scoring_elements 0.85934
published_at 2026-06-08T12:55:00Z
2
value 0.02611
scoring_system epss
scoring_elements 0.85946
published_at 2026-06-07T12:55:00Z
3
value 0.02611
scoring_system epss
scoring_elements 0.85949
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-27351
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/5.0/releases/security
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/5.0/releases/security
26
reference_url https://docs.djangoproject.com/en/5.0/releases/security/
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T19:41:21Z/
url https://docs.djangoproject.com/en/5.0/releases/security/
27
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
28
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
29
reference_url https://github.com/django/django/commit/072963e4c4d0b3a7a8c5412bc0c7d27d1a9c3521
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/072963e4c4d0b3a7a8c5412bc0c7d27d1a9c3521
30
reference_url https://github.com/django/django/commit/3394fc6132436eca89e997083bae9985fb7e761e
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/3394fc6132436eca89e997083bae9985fb7e761e
31
reference_url https://github.com/django/django/commit/3c9a2771cc80821e041b16eb36c1c37af5349d4a
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/3c9a2771cc80821e041b16eb36c1c37af5349d4a
32
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-47.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-47.yaml
33
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T19:41:21Z/
url https://groups.google.com/forum/#%21forum/django-announce
34
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
35
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
36
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
37
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
38
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
39
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
40
reference_url https://www.djangoproject.com/weblog/2024/mar/04/security-releases
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2024/mar/04/security-releases
41
reference_url https://www.djangoproject.com/weblog/2024/mar/04/security-releases/
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T19:41:21Z/
url https://www.djangoproject.com/weblog/2024/mar/04/security-releases/
42
reference_url http://www.openwall.com/lists/oss-security/2024/03/04/1
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T19:41:21Z/
url http://www.openwall.com/lists/oss-security/2024/03/04/1
43
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2266045
reference_id 2266045
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2266045
44
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-27351
reference_id CVE-2024-27351
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-27351
45
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX/
reference_id D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T19:41:21Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX/
46
reference_url https://github.com/advisories/GHSA-vm8q-m57g-pff3
reference_id GHSA-vm8q-m57g-pff3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vm8q-m57g-pff3
47
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
48
reference_url https://access.redhat.com/errata/RHSA-2024:1878
reference_id RHSA-2024:1878
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1878
49
reference_url https://access.redhat.com/errata/RHSA-2024:3781
reference_id RHSA-2024:3781
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3781
50
reference_url https://access.redhat.com/errata/RHSA-2024:5662
reference_id RHSA-2024:5662
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5662
51
reference_url https://access.redhat.com/errata/RHSA-2025:4187
reference_id RHSA-2025:4187
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4187
52
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6/
reference_id SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T19:41:21Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6/
53
reference_url https://usn.ubuntu.com/6674-1/
reference_id USN-6674-1
reference_type
scores
url https://usn.ubuntu.com/6674-1/
54
reference_url https://usn.ubuntu.com/6674-2/
reference_id USN-6674-2
reference_type
scores
url https://usn.ubuntu.com/6674-2/
55
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/
reference_id ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T19:41:21Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/
fixed_packages
0
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-55xg-pw9n-zkdy
3
vulnerability VCID-9gq3-whr8-s7b8
4
vulnerability VCID-abpe-htm1-9ubp
5
vulnerability VCID-eqsc-axng-ckca
6
vulnerability VCID-fsz5-dkw2-hyap
7
vulnerability VCID-fxuu-kk52-r7ch
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-kxdd-yzp3-r7cb
11
vulnerability VCID-m4am-h2ea-3ffr
12
vulnerability VCID-phkp-9abp-f3dq
13
vulnerability VCID-rqqc-ta7c-ykgx
14
vulnerability VCID-tktt-vg92-6kae
15
vulnerability VCID-tuqc-c251-h7ds
16
vulnerability VCID-w777-44ns-cybg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
aliases BIT-django-2024-27351, CVE-2024-27351, GHSA-vm8q-m57g-pff3, PYSEC-2024-47
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fsaw-3ta1-x3dw
25
url VCID-g44a-m54u-97cr
vulnerability_id VCID-g44a-m54u-97cr
summary An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14235.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14235.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14235
reference_id
reference_type
scores
0
value 0.06773
scoring_system epss
scoring_elements 0.9149
published_at 2026-06-09T12:55:00Z
1
value 0.06773
scoring_system epss
scoring_elements 0.91475
published_at 2026-06-08T12:55:00Z
2
value 0.06773
scoring_system epss
scoring_elements 0.91481
published_at 2026-06-06T12:55:00Z
3
value 0.06773
scoring_system epss
scoring_elements 0.91479
published_at 2026-06-07T12:55:00Z
4
value 0.06773
scoring_system epss
scoring_elements 0.91465
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14235
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14233
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14233
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14234
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14234
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14235
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14235
8
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
9
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
10
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
11
reference_url https://github.com/advisories/GHSA-v9qg-3j8p-r63v
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-v9qg-3j8p-r63v
12
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
13
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-14.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-14.yaml
14
reference_url https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
17
reference_url https://seclists.org/bugtraq/2019/Aug/15
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Aug/15
18
reference_url https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202004-17
19
reference_url https://security.netapp.com/advisory/ntap-20190828-0002
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190828-0002
20
reference_url https://security.netapp.com/advisory/ntap-20190828-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190828-0002/
21
reference_url https://www.debian.org/security/2019/dsa-4498
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4498
22
reference_url https://www.djangoproject.com/weblog/2019/aug/01/security-releases
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2019/aug/01/security-releases
23
reference_url https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
24
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1734422
reference_id 1734422
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1734422
25
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934026
reference_id 934026
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934026
26
reference_url https://security.archlinux.org/ASA-201908-2
reference_id ASA-201908-2
reference_type
scores
url https://security.archlinux.org/ASA-201908-2
27
reference_url https://security.archlinux.org/AVG-1015
reference_id AVG-1015
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1015
28
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14235
reference_id CVE-2019-14235
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-14235
29
reference_url https://access.redhat.com/errata/RHSA-2020:1324
reference_id RHSA-2020:1324
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1324
30
reference_url https://access.redhat.com/errata/RHSA-2020:4390
reference_id RHSA-2020:4390
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4390
31
reference_url https://usn.ubuntu.com/4084-1/
reference_id USN-4084-1
reference_type
scores
url https://usn.ubuntu.com/4084-1/
fixed_packages
0
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-4kcg-gx5y-cuaw
3
vulnerability VCID-4tyd-97z5-z3ar
4
vulnerability VCID-55xg-pw9n-zkdy
5
vulnerability VCID-5xtt-au84-zbb2
6
vulnerability VCID-9gq3-whr8-s7b8
7
vulnerability VCID-9kvc-1bdz-n3bd
8
vulnerability VCID-abpe-htm1-9ubp
9
vulnerability VCID-bb8b-hq41-s7a6
10
vulnerability VCID-e12b-tw2c-53c9
11
vulnerability VCID-e8j6-mybr-17fh
12
vulnerability VCID-eqsc-axng-ckca
13
vulnerability VCID-fcg9-xypn-ykhf
14
vulnerability VCID-fsaw-3ta1-x3dw
15
vulnerability VCID-fsz5-dkw2-hyap
16
vulnerability VCID-fxuu-kk52-r7ch
17
vulnerability VCID-ga7z-wj4j-63h1
18
vulnerability VCID-hsjn-xnpp-5yeh
19
vulnerability VCID-jgv9-vdbm-sycd
20
vulnerability VCID-jybd-p65h-xffy
21
vulnerability VCID-kxdd-yzp3-r7cb
22
vulnerability VCID-m33h-4p9q-63fb
23
vulnerability VCID-m4am-h2ea-3ffr
24
vulnerability VCID-n2v7-jqjy-37bc
25
vulnerability VCID-pa7y-gpwp-6qgj
26
vulnerability VCID-phkp-9abp-f3dq
27
vulnerability VCID-qgp1-4efd-6yg6
28
vulnerability VCID-qy1a-x3ff-4bc8
29
vulnerability VCID-rqqc-ta7c-ykgx
30
vulnerability VCID-s1rj-1xbw-fbg5
31
vulnerability VCID-shch-yusm-1uck
32
vulnerability VCID-shjc-2j68-2yfy
33
vulnerability VCID-tktt-vg92-6kae
34
vulnerability VCID-tuqc-c251-h7ds
35
vulnerability VCID-ud73-4t2c-n3at
36
vulnerability VCID-vgq9-s6th-yufg
37
vulnerability VCID-w777-44ns-cybg
38
vulnerability VCID-wa3g-27sx-mbcw
39
vulnerability VCID-whgc-pt2s-77ar
40
vulnerability VCID-xcmd-18ck-gqae
41
vulnerability VCID-ynt9-h6ww-h7e9
42
vulnerability VCID-yuda-1mur-8bbq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
aliases CVE-2019-14235, GHSA-v9qg-3j8p-r63v, PYSEC-2019-14
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g44a-m54u-97cr
26
url VCID-gfar-wbzc-3ubr
vulnerability_id VCID-gfar-wbzc-3ubr
summary An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.strip_tags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14233.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14233.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14233
reference_id
reference_type
scores
0
value 0.06773
scoring_system epss
scoring_elements 0.9149
published_at 2026-06-09T12:55:00Z
1
value 0.06773
scoring_system epss
scoring_elements 0.91475
published_at 2026-06-08T12:55:00Z
2
value 0.06773
scoring_system epss
scoring_elements 0.91481
published_at 2026-06-06T12:55:00Z
3
value 0.06773
scoring_system epss
scoring_elements 0.91479
published_at 2026-06-07T12:55:00Z
4
value 0.06773
scoring_system epss
scoring_elements 0.91465
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14233
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14233
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14233
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14234
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14234
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14235
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14235
8
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
9
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
10
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
11
reference_url https://github.com/advisories/GHSA-h5jv-4p7w-64jg
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-h5jv-4p7w-64jg
12
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
13
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-12.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-12.yaml
14
reference_url https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
17
reference_url https://seclists.org/bugtraq/2019/Aug/15
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Aug/15
18
reference_url https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202004-17
19
reference_url https://security.netapp.com/advisory/ntap-20190828-0002
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190828-0002
20
reference_url https://security.netapp.com/advisory/ntap-20190828-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190828-0002/
21
reference_url https://www.debian.org/security/2019/dsa-4498
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4498
22
reference_url https://www.djangoproject.com/weblog/2019/aug/01/security-releases
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2019/aug/01/security-releases
23
reference_url https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
24
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1734410
reference_id 1734410
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1734410
25
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934026
reference_id 934026
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934026
26
reference_url https://security.archlinux.org/ASA-201908-2
reference_id ASA-201908-2
reference_type
scores
url https://security.archlinux.org/ASA-201908-2
27
reference_url https://security.archlinux.org/AVG-1015
reference_id AVG-1015
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1015
28
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14233
reference_id CVE-2019-14233
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-14233
29
reference_url https://access.redhat.com/errata/RHSA-2020:1324
reference_id RHSA-2020:1324
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1324
30
reference_url https://access.redhat.com/errata/RHSA-2020:4390
reference_id RHSA-2020:4390
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4390
31
reference_url https://usn.ubuntu.com/4084-1/
reference_id USN-4084-1
reference_type
scores
url https://usn.ubuntu.com/4084-1/
fixed_packages
0
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-4kcg-gx5y-cuaw
3
vulnerability VCID-4tyd-97z5-z3ar
4
vulnerability VCID-55xg-pw9n-zkdy
5
vulnerability VCID-5xtt-au84-zbb2
6
vulnerability VCID-9gq3-whr8-s7b8
7
vulnerability VCID-9kvc-1bdz-n3bd
8
vulnerability VCID-abpe-htm1-9ubp
9
vulnerability VCID-bb8b-hq41-s7a6
10
vulnerability VCID-e12b-tw2c-53c9
11
vulnerability VCID-e8j6-mybr-17fh
12
vulnerability VCID-eqsc-axng-ckca
13
vulnerability VCID-fcg9-xypn-ykhf
14
vulnerability VCID-fsaw-3ta1-x3dw
15
vulnerability VCID-fsz5-dkw2-hyap
16
vulnerability VCID-fxuu-kk52-r7ch
17
vulnerability VCID-ga7z-wj4j-63h1
18
vulnerability VCID-hsjn-xnpp-5yeh
19
vulnerability VCID-jgv9-vdbm-sycd
20
vulnerability VCID-jybd-p65h-xffy
21
vulnerability VCID-kxdd-yzp3-r7cb
22
vulnerability VCID-m33h-4p9q-63fb
23
vulnerability VCID-m4am-h2ea-3ffr
24
vulnerability VCID-n2v7-jqjy-37bc
25
vulnerability VCID-pa7y-gpwp-6qgj
26
vulnerability VCID-phkp-9abp-f3dq
27
vulnerability VCID-qgp1-4efd-6yg6
28
vulnerability VCID-qy1a-x3ff-4bc8
29
vulnerability VCID-rqqc-ta7c-ykgx
30
vulnerability VCID-s1rj-1xbw-fbg5
31
vulnerability VCID-shch-yusm-1uck
32
vulnerability VCID-shjc-2j68-2yfy
33
vulnerability VCID-tktt-vg92-6kae
34
vulnerability VCID-tuqc-c251-h7ds
35
vulnerability VCID-ud73-4t2c-n3at
36
vulnerability VCID-vgq9-s6th-yufg
37
vulnerability VCID-w777-44ns-cybg
38
vulnerability VCID-wa3g-27sx-mbcw
39
vulnerability VCID-whgc-pt2s-77ar
40
vulnerability VCID-xcmd-18ck-gqae
41
vulnerability VCID-ynt9-h6ww-h7e9
42
vulnerability VCID-yuda-1mur-8bbq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
aliases CVE-2019-14233, GHSA-h5jv-4p7w-64jg, PYSEC-2019-12
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gfar-wbzc-3ubr
27
url VCID-hh9b-52xn-z7a9
vulnerability_id VCID-hh9b-52xn-z7a9
summary An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24584.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24584.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-24584
reference_id
reference_type
scores
0
value 0.02755
scoring_system epss
scoring_elements 0.86305
published_at 2026-06-06T12:55:00Z
1
value 0.02755
scoring_system epss
scoring_elements 0.86289
published_at 2026-06-08T12:55:00Z
2
value 0.02755
scoring_system epss
scoring_elements 0.86301
published_at 2026-06-07T12:55:00Z
3
value 0.02755
scoring_system epss
scoring_elements 0.86303
published_at 2026-06-09T12:55:00Z
4
value 0.02755
scoring_system epss
scoring_elements 0.86282
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-24584
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24584
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24584
3
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
4
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-fr28-569j-53c4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-fr28-569j-53c4
7
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
8
reference_url https://github.com/django/django/commit/1853724acaf17ed7414d54c7d2b5563a25025a71
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/1853724acaf17ed7414d54c7d2b5563a25025a71
9
reference_url https://github.com/django/django/commit/2b099caa5923afa8cfb5f1e8c0d56b6e0e81915b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/2b099caa5923afa8cfb5f1e8c0d56b6e0e81915b
10
reference_url https://github.com/django/django/commit/a3aebfdc8153dc230686b6d2454ccd32ed4c9e6f
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/a3aebfdc8153dc230686b6d2454ccd32ed4c9e6f
11
reference_url https://github.com/django/django/commit/cdb367c92a0ba72ddc0cbd13ff42b0e6df709554
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/cdb367c92a0ba72ddc0cbd13ff42b0e6df709554
12
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-34.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-34.yaml
13
reference_url https://groups.google.com/forum/#!topic/django-announce/Gdqn58RqIDM
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/django-announce/Gdqn58RqIDM
14
reference_url https://groups.google.com/forum/#!topic/django-announce/zFCMdgUnutU
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/django-announce/zFCMdgUnutU
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2ZHO3GZCJMP3DDTXCNVFV6ED3W64NAU
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2ZHO3GZCJMP3DDTXCNVFV6ED3W64NAU
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2ZHO3GZCJMP3DDTXCNVFV6ED3W64NAU/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2ZHO3GZCJMP3DDTXCNVFV6ED3W64NAU/
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLGFFLMF3X6USMJD7V5F5P4K2WVUTO3T
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLGFFLMF3X6USMJD7V5F5P4K2WVUTO3T
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLGFFLMF3X6USMJD7V5F5P4K2WVUTO3T/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLGFFLMF3X6USMJD7V5F5P4K2WVUTO3T/
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCRPQCBTV3RZHKVZ6K6QOAANPRZQD3GI
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCRPQCBTV3RZHKVZ6K6QOAANPRZQD3GI
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCRPQCBTV3RZHKVZ6K6QOAANPRZQD3GI/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCRPQCBTV3RZHKVZ6K6QOAANPRZQD3GI/
21
reference_url https://security.netapp.com/advisory/ntap-20200918-0004
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200918-0004
22
reference_url https://security.netapp.com/advisory/ntap-20200918-0004/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20200918-0004/
23
reference_url https://usn.ubuntu.com/4479-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4479-1
24
reference_url https://usn.ubuntu.com/4479-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4479-1/
25
reference_url https://www.djangoproject.com/weblog/2020/sep/01/security-releases
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2020/sep/01/security-releases
26
reference_url https://www.djangoproject.com/weblog/2020/sep/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2020/sep/01/security-releases/
27
reference_url https://www.openwall.com/lists/oss-security/2020/09/01/2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2020/09/01/2
28
reference_url https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2021.html
29
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1874492
reference_id 1874492
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1874492
30
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969367
reference_id 969367
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969367
31
reference_url https://security.archlinux.org/ASA-202009-4
reference_id ASA-202009-4
reference_type
scores
url https://security.archlinux.org/ASA-202009-4
32
reference_url https://security.archlinux.org/AVG-1217
reference_id AVG-1217
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1217
33
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-24584
reference_id CVE-2020-24584
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-24584
fixed_packages
0
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-4kcg-gx5y-cuaw
3
vulnerability VCID-4tyd-97z5-z3ar
4
vulnerability VCID-55xg-pw9n-zkdy
5
vulnerability VCID-5xtt-au84-zbb2
6
vulnerability VCID-9gq3-whr8-s7b8
7
vulnerability VCID-9kvc-1bdz-n3bd
8
vulnerability VCID-abpe-htm1-9ubp
9
vulnerability VCID-bb8b-hq41-s7a6
10
vulnerability VCID-e12b-tw2c-53c9
11
vulnerability VCID-e8j6-mybr-17fh
12
vulnerability VCID-eqsc-axng-ckca
13
vulnerability VCID-fcg9-xypn-ykhf
14
vulnerability VCID-fsaw-3ta1-x3dw
15
vulnerability VCID-fsz5-dkw2-hyap
16
vulnerability VCID-fxuu-kk52-r7ch
17
vulnerability VCID-ga7z-wj4j-63h1
18
vulnerability VCID-hsjn-xnpp-5yeh
19
vulnerability VCID-jgv9-vdbm-sycd
20
vulnerability VCID-jybd-p65h-xffy
21
vulnerability VCID-kxdd-yzp3-r7cb
22
vulnerability VCID-m33h-4p9q-63fb
23
vulnerability VCID-m4am-h2ea-3ffr
24
vulnerability VCID-n2v7-jqjy-37bc
25
vulnerability VCID-pa7y-gpwp-6qgj
26
vulnerability VCID-phkp-9abp-f3dq
27
vulnerability VCID-qgp1-4efd-6yg6
28
vulnerability VCID-qy1a-x3ff-4bc8
29
vulnerability VCID-rqqc-ta7c-ykgx
30
vulnerability VCID-s1rj-1xbw-fbg5
31
vulnerability VCID-shch-yusm-1uck
32
vulnerability VCID-shjc-2j68-2yfy
33
vulnerability VCID-tktt-vg92-6kae
34
vulnerability VCID-tuqc-c251-h7ds
35
vulnerability VCID-ud73-4t2c-n3at
36
vulnerability VCID-vgq9-s6th-yufg
37
vulnerability VCID-w777-44ns-cybg
38
vulnerability VCID-wa3g-27sx-mbcw
39
vulnerability VCID-whgc-pt2s-77ar
40
vulnerability VCID-xcmd-18ck-gqae
41
vulnerability VCID-ynt9-h6ww-h7e9
42
vulnerability VCID-yuda-1mur-8bbq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
aliases BIT-django-2020-24584, CVE-2020-24584, GHSA-fr28-569j-53c4, PYSEC-2020-34
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hh9b-52xn-z7a9
28
url VCID-j81e-su1y-tqa6
vulnerability_id VCID-j81e-su1y-tqa6
summary In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31542.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31542.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-31542
reference_id
reference_type
scores
0
value 0.04357
scoring_system epss
scoring_elements 0.89146
published_at 2026-06-07T12:55:00Z
1
value 0.04357
scoring_system epss
scoring_elements 0.89163
published_at 2026-06-09T12:55:00Z
2
value 0.04357
scoring_system epss
scoring_elements 0.89129
published_at 2026-06-04T12:55:00Z
3
value 0.04357
scoring_system epss
scoring_elements 0.89147
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-31542
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31542
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31542
3
reference_url https://docs.djangoproject.com/en/3.2/releases/security
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/3.2/releases/security
4
reference_url https://docs.djangoproject.com/en/3.2/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/3.2/releases/security/
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-rxjp-mfm9-w4wr
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-rxjp-mfm9-w4wr
7
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
8
reference_url https://github.com/django/django/commit/04ac1624bdc2fa737188401757cf95ced122d26d
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/04ac1624bdc2fa737188401757cf95ced122d26d
9
reference_url https://github.com/django/django/commit/25d84d64122c15050a0ee739e859f22ddab5ac48
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/25d84d64122c15050a0ee739e859f22ddab5ac48
10
reference_url https://github.com/django/django/commit/c98f446c188596d4ba6de71d1b77b4a6c5c2a007
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/c98f446c188596d4ba6de71d1b77b4a6c5c2a007
11
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-7.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-7.yaml
12
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#%21forum/django-announce
13
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!forum/django-announce
14
reference_url https://lists.debian.org/debian-lts-announce/2021/05/msg00005.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/05/msg00005.html
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/
20
reference_url https://security.netapp.com/advisory/ntap-20210618-0001
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210618-0001
21
reference_url https://www.djangoproject.com/weblog/2021/may/04/security-releases
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2021/may/04/security-releases
22
reference_url https://www.djangoproject.com/weblog/2021/may/04/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2021/may/04/security-releases/
23
reference_url http://www.openwall.com/lists/oss-security/2021/05/04/3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2021/05/04/3
24
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1954294
reference_id 1954294
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1954294
25
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988053
reference_id 988053
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988053
26
reference_url https://security.archlinux.org/AVG-1910
reference_id AVG-1910
reference_type
scores
0
value Low
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1910
27
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-31542
reference_id CVE-2021-31542
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-31542
28
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
29
reference_url https://access.redhat.com/errata/RHSA-2021:4702
reference_id RHSA-2021:4702
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4702
30
reference_url https://access.redhat.com/errata/RHSA-2021:5070
reference_id RHSA-2021:5070
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5070
31
reference_url https://usn.ubuntu.com/4932-1/
reference_id USN-4932-1
reference_type
scores
url https://usn.ubuntu.com/4932-1/
32
reference_url https://usn.ubuntu.com/4932-2/
reference_id USN-4932-2
reference_type
scores
url https://usn.ubuntu.com/4932-2/
fixed_packages
0
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-4kcg-gx5y-cuaw
3
vulnerability VCID-4tyd-97z5-z3ar
4
vulnerability VCID-55xg-pw9n-zkdy
5
vulnerability VCID-5xtt-au84-zbb2
6
vulnerability VCID-9gq3-whr8-s7b8
7
vulnerability VCID-9kvc-1bdz-n3bd
8
vulnerability VCID-abpe-htm1-9ubp
9
vulnerability VCID-bb8b-hq41-s7a6
10
vulnerability VCID-e12b-tw2c-53c9
11
vulnerability VCID-e8j6-mybr-17fh
12
vulnerability VCID-eqsc-axng-ckca
13
vulnerability VCID-fcg9-xypn-ykhf
14
vulnerability VCID-fsaw-3ta1-x3dw
15
vulnerability VCID-fsz5-dkw2-hyap
16
vulnerability VCID-fxuu-kk52-r7ch
17
vulnerability VCID-ga7z-wj4j-63h1
18
vulnerability VCID-hsjn-xnpp-5yeh
19
vulnerability VCID-jgv9-vdbm-sycd
20
vulnerability VCID-jybd-p65h-xffy
21
vulnerability VCID-kxdd-yzp3-r7cb
22
vulnerability VCID-m33h-4p9q-63fb
23
vulnerability VCID-m4am-h2ea-3ffr
24
vulnerability VCID-n2v7-jqjy-37bc
25
vulnerability VCID-pa7y-gpwp-6qgj
26
vulnerability VCID-phkp-9abp-f3dq
27
vulnerability VCID-qgp1-4efd-6yg6
28
vulnerability VCID-qy1a-x3ff-4bc8
29
vulnerability VCID-rqqc-ta7c-ykgx
30
vulnerability VCID-s1rj-1xbw-fbg5
31
vulnerability VCID-shch-yusm-1uck
32
vulnerability VCID-shjc-2j68-2yfy
33
vulnerability VCID-tktt-vg92-6kae
34
vulnerability VCID-tuqc-c251-h7ds
35
vulnerability VCID-ud73-4t2c-n3at
36
vulnerability VCID-vgq9-s6th-yufg
37
vulnerability VCID-w777-44ns-cybg
38
vulnerability VCID-wa3g-27sx-mbcw
39
vulnerability VCID-whgc-pt2s-77ar
40
vulnerability VCID-xcmd-18ck-gqae
41
vulnerability VCID-ynt9-h6ww-h7e9
42
vulnerability VCID-yuda-1mur-8bbq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
aliases BIT-django-2021-31542, CVE-2021-31542, GHSA-rxjp-mfm9-w4wr, PYSEC-2021-7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j81e-su1y-tqa6
29
url VCID-jgv9-vdbm-sycd
vulnerability_id VCID-jgv9-vdbm-sycd
summary An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41989.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41989.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-41989
reference_id
reference_type
scores
0
value 0.01386
scoring_system epss
scoring_elements 0.8069
published_at 2026-06-05T12:55:00Z
1
value 0.01386
scoring_system epss
scoring_elements 0.80705
published_at 2026-06-09T12:55:00Z
2
value 0.01386
scoring_system epss
scoring_elements 0.80693
published_at 2026-06-06T12:55:00Z
3
value 0.01386
scoring_system epss
scoring_elements 0.80685
published_at 2026-06-08T12:55:00Z
4
value 0.01386
scoring_system epss
scoring_elements 0.80689
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-41989
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
26
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T19:34:43Z/
url https://docs.djangoproject.com/en/dev/releases/security/
27
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
28
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
29
reference_url https://github.com/django/django/commit/27900fe56f3d3cabb4aeb6ccb82f92bab29073a8
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/27900fe56f3d3cabb4aeb6ccb82f92bab29073a8
30
reference_url https://github.com/django/django/commit/fc76660f589ac07e45e9cd34ccb8087aeb11904b
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/fc76660f589ac07e45e9cd34ccb8087aeb11904b
31
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-67.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-67.yaml
32
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T19:34:43Z/
url https://groups.google.com/forum/#%21forum/django-announce
33
reference_url https://security.netapp.com/advisory/ntap-20240905-0007
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240905-0007
34
reference_url https://www.djangoproject.com/weblog/2024/aug/06/security-releases
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2024/aug/06/security-releases
35
reference_url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T19:34:43Z/
url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
36
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074
reference_id 1078074
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074
37
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2302433
reference_id 2302433
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2302433
38
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-41989
reference_id CVE-2024-41989
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-41989
39
reference_url https://github.com/advisories/GHSA-jh75-99hh-qvx9
reference_id GHSA-jh75-99hh-qvx9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jh75-99hh-qvx9
40
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
41
reference_url https://access.redhat.com/errata/RHSA-2024:6428
reference_id RHSA-2024:6428
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6428
42
reference_url https://access.redhat.com/errata/RHSA-2024:8534
reference_id RHSA-2024:8534
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8534
43
reference_url https://access.redhat.com/errata/RHSA-2025:1335
reference_id RHSA-2025:1335
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1335
44
reference_url https://usn.ubuntu.com/6946-1/
reference_id USN-6946-1
reference_type
scores
url https://usn.ubuntu.com/6946-1/
fixed_packages
0
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-55xg-pw9n-zkdy
3
vulnerability VCID-9gq3-whr8-s7b8
4
vulnerability VCID-abpe-htm1-9ubp
5
vulnerability VCID-eqsc-axng-ckca
6
vulnerability VCID-fsz5-dkw2-hyap
7
vulnerability VCID-fxuu-kk52-r7ch
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-kxdd-yzp3-r7cb
11
vulnerability VCID-m4am-h2ea-3ffr
12
vulnerability VCID-phkp-9abp-f3dq
13
vulnerability VCID-rqqc-ta7c-ykgx
14
vulnerability VCID-tktt-vg92-6kae
15
vulnerability VCID-tuqc-c251-h7ds
16
vulnerability VCID-w777-44ns-cybg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
aliases BIT-django-2024-41989, CVE-2024-41989, GHSA-jh75-99hh-qvx9, PYSEC-2024-67
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jgv9-vdbm-sycd
30
url VCID-jybd-p65h-xffy
vulnerability_id VCID-jybd-p65h-xffy
summary 
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.
The `django.contrib.auth.handlers.modwsgi.check_password()` function for authentication via `mod_wsgi` allows remote attackers to enumerate users via a timing attack.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Stackered for reporting this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13473.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13473.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-13473
reference_id
reference_type
scores
0
value 0.00038
scoring_system epss
scoring_elements 0.11543
published_at 2026-06-08T12:55:00Z
1
value 0.00038
scoring_system epss
scoring_elements 0.11659
published_at 2026-06-06T12:55:00Z
2
value 0.00038
scoring_system epss
scoring_elements 0.11552
published_at 2026-06-09T12:55:00Z
3
value 0.00038
scoring_system epss
scoring_elements 0.11626
published_at 2026-06-07T12:55:00Z
4
value 0.00038
scoring_system epss
scoring_elements 0.11662
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-13473
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13473
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13473
3
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
4
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:19:11Z/
url https://docs.djangoproject.com/en/dev/releases/security/
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2026-42.yaml
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2026-42.yaml
8
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:19:11Z/
url https://groups.google.com/g/django-announce
9
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
10
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:19:11Z/
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914
reference_id 1126914
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2436343
reference_id 2436343
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2436343
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-13473
reference_id CVE-2025-13473
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-13473
14
reference_url https://github.com/advisories/GHSA-2mcm-79hx-8fxw
reference_id GHSA-2mcm-79hx-8fxw
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2mcm-79hx-8fxw
15
reference_url https://usn.ubuntu.com/8009-1/
reference_id USN-8009-1
reference_type
scores
url https://usn.ubuntu.com/8009-1/
fixed_packages
0
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-55xg-pw9n-zkdy
3
vulnerability VCID-9gq3-whr8-s7b8
4
vulnerability VCID-abpe-htm1-9ubp
5
vulnerability VCID-eqsc-axng-ckca
6
vulnerability VCID-fsz5-dkw2-hyap
7
vulnerability VCID-fxuu-kk52-r7ch
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-kxdd-yzp3-r7cb
11
vulnerability VCID-m4am-h2ea-3ffr
12
vulnerability VCID-phkp-9abp-f3dq
13
vulnerability VCID-rqqc-ta7c-ykgx
14
vulnerability VCID-tktt-vg92-6kae
15
vulnerability VCID-tuqc-c251-h7ds
16
vulnerability VCID-w777-44ns-cybg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
aliases BIT-django-2025-13473, CVE-2025-13473, GHSA-2mcm-79hx-8fxw, PYSEC-2026-42
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jybd-p65h-xffy
31
url VCID-m1dr-sjmw-jfd2
vulnerability_id VCID-m1dr-sjmw-jfd2
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41323.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41323.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-41323
reference_id
reference_type
scores
0
value 0.16325
scoring_system epss
scoring_elements 0.94991
published_at 2026-06-09T12:55:00Z
1
value 0.16325
scoring_system epss
scoring_elements 0.94974
published_at 2026-06-04T12:55:00Z
2
value 0.16325
scoring_system epss
scoring_elements 0.94982
published_at 2026-06-05T12:55:00Z
3
value 0.16325
scoring_system epss
scoring_elements 0.94984
published_at 2026-06-06T12:55:00Z
4
value 0.16325
scoring_system epss
scoring_elements 0.94986
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-41323
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22818
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22818
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23833
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28346
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28346
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28347
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28347
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34265
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34265
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36359
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36359
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41323
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41323
9
reference_url https://docs.djangoproject.com/en/4.0/releases/security
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/4.0/releases/security
10
reference_url https://docs.djangoproject.com/en/4.0/releases/security/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-14T14:39:15Z/
url https://docs.djangoproject.com/en/4.0/releases/security/
11
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
12
reference_url https://github.com/django/django/commit/23f0093125ac2e553da6c1b2f9988eb6a3dd2ea1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/23f0093125ac2e553da6c1b2f9988eb6a3dd2ea1
13
reference_url https://github.com/django/django/commit/5b6b257fa7ec37ff27965358800c67e2dd11c924
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-14T14:39:15Z/
url https://github.com/django/django/commit/5b6b257fa7ec37ff27965358800c67e2dd11c924
14
reference_url https://github.com/django/django/commit/9d656ea51d9ea7105c0c0785783ac29d426a7d25
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/9d656ea51d9ea7105c0c0785783ac29d426a7d25
15
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-304.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-304.yaml
16
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!forum/django-announce
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-41323
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-41323
23
reference_url https://security.netapp.com/advisory/ntap-20221124-0001
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20221124-0001
24
reference_url https://www.djangoproject.com/weblog/2022/oct/04/security-releases
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2022/oct/04/security-releases
25
reference_url https://www.djangoproject.com/weblog/2022/oct/04/security-releases/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-14T14:39:15Z/
url https://www.djangoproject.com/weblog/2022/oct/04/security-releases/
26
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2136130
reference_id 2136130
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2136130
27
reference_url https://security.archlinux.org/AVG-2809
reference_id AVG-2809
reference_type
scores
0
value Unknown
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2809
28
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B/
reference_id FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-14T14:39:15Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B/
29
reference_url https://github.com/advisories/GHSA-qrw5-5h28-6cmg
reference_id GHSA-qrw5-5h28-6cmg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qrw5-5h28-6cmg
30
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
31
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/
reference_id HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-14T14:39:15Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/
32
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/
reference_id LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-14T14:39:15Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/
33
reference_url https://security.netapp.com/advisory/ntap-20221124-0001/
reference_id ntap-20221124-0001
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-14T14:39:15Z/
url https://security.netapp.com/advisory/ntap-20221124-0001/
34
reference_url https://access.redhat.com/errata/RHSA-2023:0742
reference_id RHSA-2023:0742
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0742
35
reference_url https://access.redhat.com/errata/RHSA-2023:2097
reference_id RHSA-2023:2097
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2097
36
reference_url https://usn.ubuntu.com/5653-1/
reference_id USN-5653-1
reference_type
scores
url https://usn.ubuntu.com/5653-1/
37
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77/
reference_id VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-14T14:39:15Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77/
38
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP/
reference_id YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-14T14:39:15Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP/
fixed_packages
0
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-4kcg-gx5y-cuaw
3
vulnerability VCID-4tyd-97z5-z3ar
4
vulnerability VCID-55xg-pw9n-zkdy
5
vulnerability VCID-5xtt-au84-zbb2
6
vulnerability VCID-9gq3-whr8-s7b8
7
vulnerability VCID-9kvc-1bdz-n3bd
8
vulnerability VCID-abpe-htm1-9ubp
9
vulnerability VCID-bb8b-hq41-s7a6
10
vulnerability VCID-e12b-tw2c-53c9
11
vulnerability VCID-e8j6-mybr-17fh
12
vulnerability VCID-eqsc-axng-ckca
13
vulnerability VCID-fcg9-xypn-ykhf
14
vulnerability VCID-fsaw-3ta1-x3dw
15
vulnerability VCID-fsz5-dkw2-hyap
16
vulnerability VCID-fxuu-kk52-r7ch
17
vulnerability VCID-ga7z-wj4j-63h1
18
vulnerability VCID-hsjn-xnpp-5yeh
19
vulnerability VCID-jgv9-vdbm-sycd
20
vulnerability VCID-jybd-p65h-xffy
21
vulnerability VCID-kxdd-yzp3-r7cb
22
vulnerability VCID-m33h-4p9q-63fb
23
vulnerability VCID-m4am-h2ea-3ffr
24
vulnerability VCID-n2v7-jqjy-37bc
25
vulnerability VCID-pa7y-gpwp-6qgj
26
vulnerability VCID-phkp-9abp-f3dq
27
vulnerability VCID-qgp1-4efd-6yg6
28
vulnerability VCID-qy1a-x3ff-4bc8
29
vulnerability VCID-rqqc-ta7c-ykgx
30
vulnerability VCID-s1rj-1xbw-fbg5
31
vulnerability VCID-shch-yusm-1uck
32
vulnerability VCID-shjc-2j68-2yfy
33
vulnerability VCID-tktt-vg92-6kae
34
vulnerability VCID-tuqc-c251-h7ds
35
vulnerability VCID-ud73-4t2c-n3at
36
vulnerability VCID-vgq9-s6th-yufg
37
vulnerability VCID-w777-44ns-cybg
38
vulnerability VCID-wa3g-27sx-mbcw
39
vulnerability VCID-whgc-pt2s-77ar
40
vulnerability VCID-xcmd-18ck-gqae
41
vulnerability VCID-ynt9-h6ww-h7e9
42
vulnerability VCID-yuda-1mur-8bbq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
aliases BIT-django-2022-41323, CVE-2022-41323, GHSA-qrw5-5h28-6cmg, PYSEC-2022-304
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m1dr-sjmw-jfd2
32
url VCID-m33h-4p9q-63fb
vulnerability_id VCID-m33h-4p9q-63fb
summary In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43665.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43665.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-43665
reference_id
reference_type
scores
0
value 0.0279
scoring_system epss
scoring_elements 0.86379
published_at 2026-06-09T12:55:00Z
1
value 0.0279
scoring_system epss
scoring_elements 0.86366
published_at 2026-06-08T12:55:00Z
2
value 0.0279
scoring_system epss
scoring_elements 0.86378
published_at 2026-06-07T12:55:00Z
3
value 0.0279
scoring_system epss
scoring_elements 0.86382
published_at 2026-06-06T12:55:00Z
4
value 0.0279
scoring_system epss
scoring_elements 0.86381
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-43665
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/4.2/releases/security
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/4.2/releases/security
26
reference_url https://docs.djangoproject.com/en/4.2/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.2/releases/security/
27
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
28
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
29
reference_url https://github.com/django/django/commit/be9c27c4d18c2e6a5be8af4e53c0797440794473
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/be9c27c4d18c2e6a5be8af4e53c0797440794473
30
reference_url https://github.com/django/django/commit/c7b7024742250414e426ad49fb80db943e7ba4e8
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/c7b7024742250414e426ad49fb80db943e7ba4e8
31
reference_url https://github.com/django/django/commit/ccdade1a0262537868d7ca64374de3d957ca50c5
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/ccdade1a0262537868d7ca64374de3d957ca50c5
32
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-226.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-226.yaml
33
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#%21forum/django-announce
34
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!forum/django-announce
35
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
36
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
37
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
38
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
39
reference_url https://security.netapp.com/advisory/ntap-20231221-0001
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20231221-0001
40
reference_url https://www.djangoproject.com/weblog/2023/oct/04/security-releases
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2023/oct/04/security-releases
41
reference_url https://www.djangoproject.com/weblog/2023/oct/04/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/oct/04/security-releases/
42
reference_url http://www.openwall.com/lists/oss-security/2024/03/04/1
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2024/03/04/1
43
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053475
reference_id 1053475
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053475
44
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2241046
reference_id 2241046
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2241046
45
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-43665
reference_id CVE-2023-43665
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-43665
46
reference_url https://github.com/advisories/GHSA-h8gc-pgj2-vjm3
reference_id GHSA-h8gc-pgj2-vjm3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h8gc-pgj2-vjm3
47
reference_url https://access.redhat.com/errata/RHSA-2023:6158
reference_id RHSA-2023:6158
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6158
48
reference_url https://access.redhat.com/errata/RHSA-2024:1878
reference_id RHSA-2024:1878
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1878
49
reference_url https://usn.ubuntu.com/6414-1/
reference_id USN-6414-1
reference_type
scores
url https://usn.ubuntu.com/6414-1/
50
reference_url https://usn.ubuntu.com/6414-2/
reference_id USN-6414-2
reference_type
scores
url https://usn.ubuntu.com/6414-2/
fixed_packages
0
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-55xg-pw9n-zkdy
3
vulnerability VCID-9gq3-whr8-s7b8
4
vulnerability VCID-abpe-htm1-9ubp
5
vulnerability VCID-eqsc-axng-ckca
6
vulnerability VCID-fsz5-dkw2-hyap
7
vulnerability VCID-fxuu-kk52-r7ch
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-kxdd-yzp3-r7cb
11
vulnerability VCID-m4am-h2ea-3ffr
12
vulnerability VCID-phkp-9abp-f3dq
13
vulnerability VCID-rqqc-ta7c-ykgx
14
vulnerability VCID-tktt-vg92-6kae
15
vulnerability VCID-tuqc-c251-h7ds
16
vulnerability VCID-w777-44ns-cybg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
aliases BIT-django-2023-43665, CVE-2023-43665, GHSA-h8gc-pgj2-vjm3, PYSEC-2023-226
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m33h-4p9q-63fb
33
url VCID-m4wa-xv9b-q7ce
vulnerability_id VCID-m4wa-xv9b-q7ce
summary Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was possible to break escaping and inject malicious SQL.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9402.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9402.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-9402
reference_id
reference_type
scores
0
value 0.84997
scoring_system epss
scoring_elements 0.99367
published_at 2026-06-09T12:55:00Z
1
value 0.84997
scoring_system epss
scoring_elements 0.99366
published_at 2026-06-08T12:55:00Z
2
value 0.84997
scoring_system epss
scoring_elements 0.99365
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-9402
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9402
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9402
3
reference_url https://docs.djangoproject.com/en/3.0/releases/security
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/3.0/releases/security
4
reference_url https://docs.djangoproject.com/en/3.0/releases/security/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://docs.djangoproject.com/en/3.0/releases/security/
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-3gh2-xw74-jmcw
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-3gh2-xw74-jmcw
7
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
8
reference_url https://github.com/django/django/commit/6695d29b1c1ce979725816295a26ecc64ae0e927
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/6695d29b1c1ce979725816295a26ecc64ae0e927
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-345.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-345.yaml
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-36.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-36.yaml
11
reference_url https://groups.google.com/forum/#%21topic/django-announce/fLUh_pOaKrY
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#%21topic/django-announce/fLUh_pOaKrY
12
reference_url https://groups.google.com/forum/#!topic/django-announce/fLUh_pOaKrY
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/django-announce/fLUh_pOaKrY
13
reference_url https://lists.debian.org/debian-lts-announce/2022/05/msg00035.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/05/msg00035.html
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZMN2NKAGTFE3YKMNM2JVJG7R2W7LLHY
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZMN2NKAGTFE3YKMNM2JVJG7R2W7LLHY
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZMN2NKAGTFE3YKMNM2JVJG7R2W7LLHY/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZMN2NKAGTFE3YKMNM2JVJG7R2W7LLHY/
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZMN2NKAGTFE3YKMNM2JVJG7R2W7LLHY
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZMN2NKAGTFE3YKMNM2JVJG7R2W7LLHY
21
reference_url https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202004-17
22
reference_url https://security.netapp.com/advisory/ntap-20200327-0004
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200327-0004
23
reference_url https://security.netapp.com/advisory/ntap-20200327-0004/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://security.netapp.com/advisory/ntap-20200327-0004/
24
reference_url https://usn.ubuntu.com/4296-1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4296-1
25
reference_url https://usn.ubuntu.com/4296-1/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://usn.ubuntu.com/4296-1/
26
reference_url https://www.debian.org/security/2020/dsa-4705
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2020/dsa-4705
27
reference_url https://www.djangoproject.com/weblog/2020/mar/04/security-releases
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2020/mar/04/security-releases
28
reference_url https://www.djangoproject.com/weblog/2020/mar/04/security-releases/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://www.djangoproject.com/weblog/2020/mar/04/security-releases/
29
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1810088
reference_id 1810088
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1810088
30
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953102
reference_id 953102
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953102
31
reference_url https://security.archlinux.org/ASA-202003-5
reference_id ASA-202003-5
reference_type
scores
url https://security.archlinux.org/ASA-202003-5
32
reference_url https://security.archlinux.org/AVG-1111
reference_id AVG-1111
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1111
33
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-9402
reference_id CVE-2020-9402
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-9402
34
reference_url https://access.redhat.com/errata/RHSA-2021:1313
reference_id RHSA-2021:1313
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1313
fixed_packages
0
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-4kcg-gx5y-cuaw
3
vulnerability VCID-4tyd-97z5-z3ar
4
vulnerability VCID-55xg-pw9n-zkdy
5
vulnerability VCID-5xtt-au84-zbb2
6
vulnerability VCID-9gq3-whr8-s7b8
7
vulnerability VCID-9kvc-1bdz-n3bd
8
vulnerability VCID-abpe-htm1-9ubp
9
vulnerability VCID-bb8b-hq41-s7a6
10
vulnerability VCID-e12b-tw2c-53c9
11
vulnerability VCID-e8j6-mybr-17fh
12
vulnerability VCID-eqsc-axng-ckca
13
vulnerability VCID-fcg9-xypn-ykhf
14
vulnerability VCID-fsaw-3ta1-x3dw
15
vulnerability VCID-fsz5-dkw2-hyap
16
vulnerability VCID-fxuu-kk52-r7ch
17
vulnerability VCID-ga7z-wj4j-63h1
18
vulnerability VCID-hsjn-xnpp-5yeh
19
vulnerability VCID-jgv9-vdbm-sycd
20
vulnerability VCID-jybd-p65h-xffy
21
vulnerability VCID-kxdd-yzp3-r7cb
22
vulnerability VCID-m33h-4p9q-63fb
23
vulnerability VCID-m4am-h2ea-3ffr
24
vulnerability VCID-n2v7-jqjy-37bc
25
vulnerability VCID-pa7y-gpwp-6qgj
26
vulnerability VCID-phkp-9abp-f3dq
27
vulnerability VCID-qgp1-4efd-6yg6
28
vulnerability VCID-qy1a-x3ff-4bc8
29
vulnerability VCID-rqqc-ta7c-ykgx
30
vulnerability VCID-s1rj-1xbw-fbg5
31
vulnerability VCID-shch-yusm-1uck
32
vulnerability VCID-shjc-2j68-2yfy
33
vulnerability VCID-tktt-vg92-6kae
34
vulnerability VCID-tuqc-c251-h7ds
35
vulnerability VCID-ud73-4t2c-n3at
36
vulnerability VCID-vgq9-s6th-yufg
37
vulnerability VCID-w777-44ns-cybg
38
vulnerability VCID-wa3g-27sx-mbcw
39
vulnerability VCID-whgc-pt2s-77ar
40
vulnerability VCID-xcmd-18ck-gqae
41
vulnerability VCID-ynt9-h6ww-h7e9
42
vulnerability VCID-yuda-1mur-8bbq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
aliases BIT-django-2020-9402, CVE-2020-9402, GHSA-3gh2-xw74-jmcw, PYSEC-2020-345, PYSEC-2020-36
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m4wa-xv9b-q7ce
34
url VCID-n2v7-jqjy-37bc
vulnerability_id VCID-n2v7-jqjy-37bc
summary 
Django vulnerable to partial directory traversal via archives
An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. The django.utils.archive.extract() function, used by the "startapp --template" and "startproject --template" commands, allows partial directory traversal via an archive with file paths sharing a common prefix with the target directory.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59682.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59682.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-59682
reference_id
reference_type
scores
0
value 0.00018
scoring_system epss
scoring_elements 0.04748
published_at 2026-06-05T12:55:00Z
1
value 0.00019
scoring_system epss
scoring_elements 0.05415
published_at 2026-06-09T12:55:00Z
2
value 0.00019
scoring_system epss
scoring_elements 0.05411
published_at 2026-06-07T12:55:00Z
3
value 0.00019
scoring_system epss
scoring_elements 0.05371
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-59682
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
26
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
27
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
28
reference_url https://github.com/django/django/commit/43d84aef04a9e71164c21a74885996981857e66e
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/43d84aef04a9e71164c21a74885996981857e66e
29
reference_url https://github.com/django/django/commit/924a0c092e65fa2d0953fd1855d2dc8786d94de2
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/924a0c092e65fa2d0953fd1855d2dc8786d94de2
30
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T19:10:29Z/
url https://groups.google.com/g/django-announce
31
reference_url https://www.djangoproject.com/weblog/2025/oct/01/security-releases
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2025/oct/01/security-releases
32
reference_url http://www.openwall.com/lists/oss-security/2025/10/01/3
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/10/01/3
33
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116979
reference_id 1116979
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116979
34
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2400450
reference_id 2400450
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2400450
35
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-59682
reference_id CVE-2025-59682
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-59682
36
reference_url https://github.com/advisories/GHSA-q95w-c7qg-hrff
reference_id GHSA-q95w-c7qg-hrff
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q95w-c7qg-hrff
37
reference_url https://access.redhat.com/errata/RHSA-2025:18979
reference_id RHSA-2025:18979
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:18979
38
reference_url https://access.redhat.com/errata/RHSA-2025:18984
reference_id RHSA-2025:18984
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:18984
39
reference_url https://access.redhat.com/errata/RHSA-2025:19201
reference_id RHSA-2025:19201
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19201
40
reference_url https://access.redhat.com/errata/RHSA-2025:19221
reference_id RHSA-2025:19221
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19221
41
reference_url https://access.redhat.com/errata/RHSA-2025:23196
reference_id RHSA-2025:23196
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23196
42
reference_url https://access.redhat.com/errata/RHSA-2026:0414
reference_id RHSA-2026:0414
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0414
43
reference_url https://usn.ubuntu.com/7794-1/
reference_id USN-7794-1
reference_type
scores
url https://usn.ubuntu.com/7794-1/
fixed_packages
0
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-55xg-pw9n-zkdy
3
vulnerability VCID-9gq3-whr8-s7b8
4
vulnerability VCID-abpe-htm1-9ubp
5
vulnerability VCID-eqsc-axng-ckca
6
vulnerability VCID-fsz5-dkw2-hyap
7
vulnerability VCID-fxuu-kk52-r7ch
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-kxdd-yzp3-r7cb
11
vulnerability VCID-m4am-h2ea-3ffr
12
vulnerability VCID-phkp-9abp-f3dq
13
vulnerability VCID-rqqc-ta7c-ykgx
14
vulnerability VCID-tktt-vg92-6kae
15
vulnerability VCID-tuqc-c251-h7ds
16
vulnerability VCID-w777-44ns-cybg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
aliases CVE-2025-59682, GHSA-q95w-c7qg-hrff
risk_score 4.0
exploitability 0.5
weighted_severity 7.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n2v7-jqjy-37bc
35
url VCID-n9vn-4uxr-hkau
vulnerability_id VCID-n9vn-4uxr-hkau
summary In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44420.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44420.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-44420
reference_id
reference_type
scores
0
value 0.0012
scoring_system epss
scoring_elements 0.3051
published_at 2026-06-06T12:55:00Z
1
value 0.0012
scoring_system epss
scoring_elements 0.30544
published_at 2026-06-05T12:55:00Z
2
value 0.0012
scoring_system epss
scoring_elements 0.30471
published_at 2026-06-04T12:55:00Z
3
value 0.00131
scoring_system epss
scoring_elements 0.32159
published_at 2026-06-08T12:55:00Z
4
value 0.00131
scoring_system epss
scoring_elements 0.32182
published_at 2026-06-09T12:55:00Z
5
value 0.00131
scoring_system epss
scoring_elements 0.32189
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-44420
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44420
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44420
3
reference_url https://docs.djangoproject.com/en/3.2/releases/security
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/3.2/releases/security
4
reference_url https://docs.djangoproject.com/en/3.2/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/3.2/releases/security/
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-v6rh-hp5x-86rv
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-v6rh-hp5x-86rv
7
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
8
reference_url https://github.com/django/django/commit/d4dcd5b9dd9e462fec8220e33e3e6c822b7e88a6
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/d4dcd5b9dd9e462fec8220e33e3e6c822b7e88a6
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-439.yaml
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-439.yaml
10
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!forum/django-announce
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
12
reference_url https://security.netapp.com/advisory/ntap-20211229-0006
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20211229-0006
13
reference_url https://www.djangoproject.com/weblog/2021/dec/07/security-releases
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2021/dec/07/security-releases
14
reference_url https://www.djangoproject.com/weblog/2021/dec/07/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2021/dec/07/security-releases/
15
reference_url https://www.openwall.com/lists/oss-security/2021/12/07/1
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2021/12/07/1
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2028178
reference_id 2028178
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2028178
17
reference_url https://security.archlinux.org/AVG-2605
reference_id AVG-2605
reference_type
scores
0
value Low
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2605
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-44420
reference_id CVE-2021-44420
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-44420
19
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
20
reference_url https://access.redhat.com/errata/RHSA-2022:5498
reference_id RHSA-2022:5498
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5498
21
reference_url https://access.redhat.com/errata/RHSA-2023:0742
reference_id RHSA-2023:0742
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0742
22
reference_url https://usn.ubuntu.com/5178-1/
reference_id USN-5178-1
reference_type
scores
url https://usn.ubuntu.com/5178-1/
fixed_packages
0
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-4kcg-gx5y-cuaw
3
vulnerability VCID-4tyd-97z5-z3ar
4
vulnerability VCID-55xg-pw9n-zkdy
5
vulnerability VCID-5xtt-au84-zbb2
6
vulnerability VCID-9gq3-whr8-s7b8
7
vulnerability VCID-9kvc-1bdz-n3bd
8
vulnerability VCID-abpe-htm1-9ubp
9
vulnerability VCID-bb8b-hq41-s7a6
10
vulnerability VCID-e12b-tw2c-53c9
11
vulnerability VCID-e8j6-mybr-17fh
12
vulnerability VCID-eqsc-axng-ckca
13
vulnerability VCID-fcg9-xypn-ykhf
14
vulnerability VCID-fsaw-3ta1-x3dw
15
vulnerability VCID-fsz5-dkw2-hyap
16
vulnerability VCID-fxuu-kk52-r7ch
17
vulnerability VCID-ga7z-wj4j-63h1
18
vulnerability VCID-hsjn-xnpp-5yeh
19
vulnerability VCID-jgv9-vdbm-sycd
20
vulnerability VCID-jybd-p65h-xffy
21
vulnerability VCID-kxdd-yzp3-r7cb
22
vulnerability VCID-m33h-4p9q-63fb
23
vulnerability VCID-m4am-h2ea-3ffr
24
vulnerability VCID-n2v7-jqjy-37bc
25
vulnerability VCID-pa7y-gpwp-6qgj
26
vulnerability VCID-phkp-9abp-f3dq
27
vulnerability VCID-qgp1-4efd-6yg6
28
vulnerability VCID-qy1a-x3ff-4bc8
29
vulnerability VCID-rqqc-ta7c-ykgx
30
vulnerability VCID-s1rj-1xbw-fbg5
31
vulnerability VCID-shch-yusm-1uck
32
vulnerability VCID-shjc-2j68-2yfy
33
vulnerability VCID-tktt-vg92-6kae
34
vulnerability VCID-tuqc-c251-h7ds
35
vulnerability VCID-ud73-4t2c-n3at
36
vulnerability VCID-vgq9-s6th-yufg
37
vulnerability VCID-w777-44ns-cybg
38
vulnerability VCID-wa3g-27sx-mbcw
39
vulnerability VCID-whgc-pt2s-77ar
40
vulnerability VCID-xcmd-18ck-gqae
41
vulnerability VCID-ynt9-h6ww-h7e9
42
vulnerability VCID-yuda-1mur-8bbq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
aliases BIT-django-2021-44420, CVE-2021-44420, GHSA-v6rh-hp5x-86rv, PYSEC-2021-439
risk_score 3.3
exploitability 0.5
weighted_severity 6.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n9vn-4uxr-hkau
36
url VCID-na9w-xkvx-cbhd
vulnerability_id VCID-na9w-xkvx-cbhd
summary An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13254.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13254.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13254
reference_id
reference_type
scores
0
value 0.04713
scoring_system epss
scoring_elements 0.89562
published_at 2026-06-04T12:55:00Z
1
value 0.04713
scoring_system epss
scoring_elements 0.89595
published_at 2026-06-09T12:55:00Z
2
value 0.04713
scoring_system epss
scoring_elements 0.89576
published_at 2026-06-07T12:55:00Z
3
value 0.04713
scoring_system epss
scoring_elements 0.89578
published_at 2026-06-08T12:55:00Z
4
value 0.04713
scoring_system epss
scoring_elements 0.89579
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13254
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13254
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13254
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13596
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13596
4
reference_url https://docs.djangoproject.com/en/3.0/releases/security
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/3.0/releases/security
5
reference_url https://docs.djangoproject.com/en/3.0/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/3.0/releases/security/
6
reference_url https://github.com/advisories/GHSA-wpjr-j57x-wxfw
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-wpjr-j57x-wxfw
7
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
8
reference_url https://github.com/django/django/commit/07e59caa02831c4569bbebb9eb773bdd9cb4b206
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/07e59caa02831c4569bbebb9eb773bdd9cb4b206
9
reference_url https://github.com/django/django/commit/84b2da5552e100ae3294f564f6c862fef8d0e693
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/84b2da5552e100ae3294f564f6c862fef8d0e693
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-31.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-31.yaml
11
reference_url https://groups.google.com/d/msg/django-announce/pPEmb2ot4Fo/X-SMalYSBAAJ
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/d/msg/django-announce/pPEmb2ot4Fo/X-SMalYSBAAJ
12
reference_url https://lists.debian.org/debian-lts-announce/2020/06/msg00016.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/06/msg00016.html
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/
15
reference_url https://security.netapp.com/advisory/ntap-20200611-0002
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200611-0002
16
reference_url https://security.netapp.com/advisory/ntap-20200611-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20200611-0002/
17
reference_url https://usn.ubuntu.com/4381-1
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4381-1
18
reference_url https://usn.ubuntu.com/4381-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4381-1/
19
reference_url https://usn.ubuntu.com/4381-2
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4381-2
20
reference_url https://usn.ubuntu.com/4381-2/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4381-2/
21
reference_url https://www.debian.org/security/2020/dsa-4705
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2020/dsa-4705
22
reference_url https://www.djangoproject.com/weblog/2020/jun/03/security-releases
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2020/jun/03/security-releases
23
reference_url https://www.djangoproject.com/weblog/2020/jun/03/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2020/jun/03/security-releases/
24
reference_url https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2021.html
25
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1843614
reference_id 1843614
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1843614
26
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962323
reference_id 962323
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962323
27
reference_url https://security.archlinux.org/ASA-202006-8
reference_id ASA-202006-8
reference_type
scores
url https://security.archlinux.org/ASA-202006-8
28
reference_url https://security.archlinux.org/AVG-1176
reference_id AVG-1176
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1176
29
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13254
reference_id CVE-2020-13254
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13254
30
reference_url https://access.redhat.com/errata/RHSA-2021:0915
reference_id RHSA-2021:0915
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0915
31
reference_url https://access.redhat.com/errata/RHSA-2021:0933
reference_id RHSA-2021:0933
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0933
fixed_packages
0
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-4kcg-gx5y-cuaw
3
vulnerability VCID-4tyd-97z5-z3ar
4
vulnerability VCID-55xg-pw9n-zkdy
5
vulnerability VCID-5xtt-au84-zbb2
6
vulnerability VCID-9gq3-whr8-s7b8
7
vulnerability VCID-9kvc-1bdz-n3bd
8
vulnerability VCID-abpe-htm1-9ubp
9
vulnerability VCID-bb8b-hq41-s7a6
10
vulnerability VCID-e12b-tw2c-53c9
11
vulnerability VCID-e8j6-mybr-17fh
12
vulnerability VCID-eqsc-axng-ckca
13
vulnerability VCID-fcg9-xypn-ykhf
14
vulnerability VCID-fsaw-3ta1-x3dw
15
vulnerability VCID-fsz5-dkw2-hyap
16
vulnerability VCID-fxuu-kk52-r7ch
17
vulnerability VCID-ga7z-wj4j-63h1
18
vulnerability VCID-hsjn-xnpp-5yeh
19
vulnerability VCID-jgv9-vdbm-sycd
20
vulnerability VCID-jybd-p65h-xffy
21
vulnerability VCID-kxdd-yzp3-r7cb
22
vulnerability VCID-m33h-4p9q-63fb
23
vulnerability VCID-m4am-h2ea-3ffr
24
vulnerability VCID-n2v7-jqjy-37bc
25
vulnerability VCID-pa7y-gpwp-6qgj
26
vulnerability VCID-phkp-9abp-f3dq
27
vulnerability VCID-qgp1-4efd-6yg6
28
vulnerability VCID-qy1a-x3ff-4bc8
29
vulnerability VCID-rqqc-ta7c-ykgx
30
vulnerability VCID-s1rj-1xbw-fbg5
31
vulnerability VCID-shch-yusm-1uck
32
vulnerability VCID-shjc-2j68-2yfy
33
vulnerability VCID-tktt-vg92-6kae
34
vulnerability VCID-tuqc-c251-h7ds
35
vulnerability VCID-ud73-4t2c-n3at
36
vulnerability VCID-vgq9-s6th-yufg
37
vulnerability VCID-w777-44ns-cybg
38
vulnerability VCID-wa3g-27sx-mbcw
39
vulnerability VCID-whgc-pt2s-77ar
40
vulnerability VCID-xcmd-18ck-gqae
41
vulnerability VCID-ynt9-h6ww-h7e9
42
vulnerability VCID-yuda-1mur-8bbq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
aliases BIT-django-2020-13254, CVE-2020-13254, GHSA-wpjr-j57x-wxfw, PYSEC-2020-31
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-na9w-xkvx-cbhd
37
url VCID-nss9-1yrb-x7f2
vulnerability_id VCID-nss9-1yrb-x7f2
summary sql injection
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28346.json
reference_id
reference_type
scores
0
value 9.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28346.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-28346
reference_id
reference_type
scores
0
value 0.01971
scoring_system epss
scoring_elements 0.83862
published_at 2026-06-04T12:55:00Z
1
value 0.01971
scoring_system epss
scoring_elements 0.83888
published_at 2026-06-09T12:55:00Z
2
value 0.01971
scoring_system epss
scoring_elements 0.83885
published_at 2026-06-05T12:55:00Z
3
value 0.01971
scoring_system epss
scoring_elements 0.83874
published_at 2026-06-08T12:55:00Z
4
value 0.01971
scoring_system epss
scoring_elements 0.83883
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-28346
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22818
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22818
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23833
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28346
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28346
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28347
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28347
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34265
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34265
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36359
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36359
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41323
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41323
9
reference_url https://docs.djangoproject.com/en/4.0/releases/security
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/4.0/releases/security
10
reference_url https://docs.djangoproject.com/en/4.0/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.0/releases/security/
11
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
12
reference_url https://github.com/advisories/GHSA-2gwj-7jmv-h26r
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-2gwj-7jmv-h26r
13
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
14
reference_url https://github.com/django/django/commit/2044dac5c6968441be6f534c4139bcf48c5c7e48
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/2044dac5c6968441be6f534c4139bcf48c5c7e48
15
reference_url https://github.com/django/django/commit/2c09e68ec911919360d5f8502cefc312f9e03c5d
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/2c09e68ec911919360d5f8502cefc312f9e03c5d
16
reference_url https://github.com/django/django/commit/800828887a0509ad1162d6d407e94d8de7eafc60
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/800828887a0509ad1162d6d407e94d8de7eafc60
17
reference_url https://github.com/django/django/commit/93cae5cb2f9a4ef1514cf1a41f714fef08005200
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/93cae5cb2f9a4ef1514cf1a41f714fef08005200
18
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-190.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-190.yaml
19
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!forum/django-announce
20
reference_url https://lists.debian.org/debian-lts-announce/2022/04/msg00013.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/04/msg00013.html
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK
22
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI
23
reference_url https://security.netapp.com/advisory/ntap-20220609-0002
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220609-0002
24
reference_url https://www.debian.org/security/2022/dsa-5254
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2022/dsa-5254
25
reference_url https://www.djangoproject.com/weblog/2022/apr/11/security-releases
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2022/apr/11/security-releases
26
reference_url https://www.djangoproject.com/weblog/2022/apr/11/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2022/apr/11/security-releases/
27
reference_url http://www.openwall.com/lists/oss-security/2022/04/11/1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/04/11/1
28
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009677
reference_id 1009677
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009677
29
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2072447
reference_id 2072447
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2072447
30
reference_url https://security.archlinux.org/ASA-202204-9
reference_id ASA-202204-9
reference_type
scores
url https://security.archlinux.org/ASA-202204-9
31
reference_url https://security.archlinux.org/AVG-2667
reference_id AVG-2667
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2667
32
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-28346
reference_id CVE-2022-28346
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-28346
33
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
34
reference_url https://access.redhat.com/errata/RHSA-2022:5115
reference_id RHSA-2022:5115
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5115
35
reference_url https://access.redhat.com/errata/RHSA-2022:5498
reference_id RHSA-2022:5498
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5498
36
reference_url https://access.redhat.com/errata/RHSA-2022:5602
reference_id RHSA-2022:5602
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5602
37
reference_url https://access.redhat.com/errata/RHSA-2022:5702
reference_id RHSA-2022:5702
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5702
38
reference_url https://access.redhat.com/errata/RHSA-2022:5703
reference_id RHSA-2022:5703
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5703
39
reference_url https://access.redhat.com/errata/RHSA-2022:8872
reference_id RHSA-2022:8872
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8872
40
reference_url https://usn.ubuntu.com/5373-1/
reference_id USN-5373-1
reference_type
scores
url https://usn.ubuntu.com/5373-1/
41
reference_url https://usn.ubuntu.com/5373-2/
reference_id USN-5373-2
reference_type
scores
url https://usn.ubuntu.com/5373-2/
fixed_packages
0
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-4kcg-gx5y-cuaw
3
vulnerability VCID-4tyd-97z5-z3ar
4
vulnerability VCID-55xg-pw9n-zkdy
5
vulnerability VCID-5xtt-au84-zbb2
6
vulnerability VCID-9gq3-whr8-s7b8
7
vulnerability VCID-9kvc-1bdz-n3bd
8
vulnerability VCID-abpe-htm1-9ubp
9
vulnerability VCID-bb8b-hq41-s7a6
10
vulnerability VCID-e12b-tw2c-53c9
11
vulnerability VCID-e8j6-mybr-17fh
12
vulnerability VCID-eqsc-axng-ckca
13
vulnerability VCID-fcg9-xypn-ykhf
14
vulnerability VCID-fsaw-3ta1-x3dw
15
vulnerability VCID-fsz5-dkw2-hyap
16
vulnerability VCID-fxuu-kk52-r7ch
17
vulnerability VCID-ga7z-wj4j-63h1
18
vulnerability VCID-hsjn-xnpp-5yeh
19
vulnerability VCID-jgv9-vdbm-sycd
20
vulnerability VCID-jybd-p65h-xffy
21
vulnerability VCID-kxdd-yzp3-r7cb
22
vulnerability VCID-m33h-4p9q-63fb
23
vulnerability VCID-m4am-h2ea-3ffr
24
vulnerability VCID-n2v7-jqjy-37bc
25
vulnerability VCID-pa7y-gpwp-6qgj
26
vulnerability VCID-phkp-9abp-f3dq
27
vulnerability VCID-qgp1-4efd-6yg6
28
vulnerability VCID-qy1a-x3ff-4bc8
29
vulnerability VCID-rqqc-ta7c-ykgx
30
vulnerability VCID-s1rj-1xbw-fbg5
31
vulnerability VCID-shch-yusm-1uck
32
vulnerability VCID-shjc-2j68-2yfy
33
vulnerability VCID-tktt-vg92-6kae
34
vulnerability VCID-tuqc-c251-h7ds
35
vulnerability VCID-ud73-4t2c-n3at
36
vulnerability VCID-vgq9-s6th-yufg
37
vulnerability VCID-w777-44ns-cybg
38
vulnerability VCID-wa3g-27sx-mbcw
39
vulnerability VCID-whgc-pt2s-77ar
40
vulnerability VCID-xcmd-18ck-gqae
41
vulnerability VCID-ynt9-h6ww-h7e9
42
vulnerability VCID-yuda-1mur-8bbq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
aliases BIT-django-2022-28346, CVE-2022-28346, GHSA-2gwj-7jmv-h26r, PYSEC-2022-190
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nss9-1yrb-x7f2
38
url VCID-pa7y-gpwp-6qgj
vulnerability_id VCID-pa7y-gpwp-6qgj
summary An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (The django.db.models.GenericIPAddressField model field is not affected.)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56374.json
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56374.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-56374
reference_id
reference_type
scores
0
value 0.00084
scoring_system epss
scoring_elements 0.24549
published_at 2026-06-09T12:55:00Z
1
value 0.00084
scoring_system epss
scoring_elements 0.24539
published_at 2026-06-08T12:55:00Z
2
value 0.00084
scoring_system epss
scoring_elements 0.24664
published_at 2026-06-05T12:55:00Z
3
value 0.00084
scoring_system epss
scoring_elements 0.24598
published_at 2026-06-07T12:55:00Z
4
value 0.00084
scoring_system epss
scoring_elements 0.24654
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-56374
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
26
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T19:40:35Z/
url https://docs.djangoproject.com/en/dev/releases/security/
27
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
28
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
29
reference_url https://github.com/django/django/commit/4806731e58f3e8700a3c802e77899d54ac6021fe
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/4806731e58f3e8700a3c802e77899d54ac6021fe
30
reference_url https://github.com/django/django/commit/ad866a1ca3e7d60da888d25d27e46a8adb2ed36e
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/ad866a1ca3e7d60da888d25d27e46a8adb2ed36e
31
reference_url https://github.com/django/django/commit/ca2be7724e1244a4cb723de40a070f873c6e94bf
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/ca2be7724e1244a4cb723de40a070f873c6e94bf
32
reference_url https://github.com/django/django/commit/e8d4a2005955dcf962193600b53bf461b190b455
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/e8d4a2005955dcf962193600b53bf461b190b455
33
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-1.yaml
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-1.yaml
34
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T19:40:35Z/
url https://groups.google.com/g/django-announce
35
reference_url https://lists.debian.org/debian-lts-announce/2025/01/msg00024.html
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/01/msg00024.html
36
reference_url https://www.djangoproject.com/weblog/2025/jan/14/security-releases
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2025/jan/14/security-releases
37
reference_url https://www.djangoproject.com/weblog/2025/jan/14/security-releases/
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T19:40:35Z/
url https://www.djangoproject.com/weblog/2025/jan/14/security-releases/
38
reference_url http://www.openwall.com/lists/oss-security/2025/01/14/2
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/01/14/2
39
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093049
reference_id 1093049
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093049
40
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2337996
reference_id 2337996
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2337996
41
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-56374
reference_id CVE-2024-56374
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-56374
42
reference_url https://github.com/advisories/GHSA-qcgg-j2x8-h9g8
reference_id GHSA-qcgg-j2x8-h9g8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qcgg-j2x8-h9g8
43
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
44
reference_url https://access.redhat.com/errata/RHSA-2025:0722
reference_id RHSA-2025:0722
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0722
45
reference_url https://access.redhat.com/errata/RHSA-2025:0777
reference_id RHSA-2025:0777
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0777
46
reference_url https://access.redhat.com/errata/RHSA-2025:0782
reference_id RHSA-2025:0782
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0782
47
reference_url https://access.redhat.com/errata/RHSA-2025:2399
reference_id RHSA-2025:2399
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2399
48
reference_url https://access.redhat.com/errata/RHSA-2025:4576
reference_id RHSA-2025:4576
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4576
49
reference_url https://usn.ubuntu.com/7205-1/
reference_id USN-7205-1
reference_type
scores
url https://usn.ubuntu.com/7205-1/
50
reference_url https://usn.ubuntu.com/7205-2/
reference_id USN-7205-2
reference_type
scores
url https://usn.ubuntu.com/7205-2/
fixed_packages
0
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-55xg-pw9n-zkdy
3
vulnerability VCID-9gq3-whr8-s7b8
4
vulnerability VCID-abpe-htm1-9ubp
5
vulnerability VCID-eqsc-axng-ckca
6
vulnerability VCID-fsz5-dkw2-hyap
7
vulnerability VCID-fxuu-kk52-r7ch
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-kxdd-yzp3-r7cb
11
vulnerability VCID-m4am-h2ea-3ffr
12
vulnerability VCID-phkp-9abp-f3dq
13
vulnerability VCID-rqqc-ta7c-ykgx
14
vulnerability VCID-tktt-vg92-6kae
15
vulnerability VCID-tuqc-c251-h7ds
16
vulnerability VCID-w777-44ns-cybg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
aliases BIT-django-2024-56374, CVE-2024-56374, GHSA-qcgg-j2x8-h9g8, PYSEC-2025-1
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pa7y-gpwp-6qgj
39
url VCID-pgtx-cdua-kfb4
vulnerability_id VCID-pgtx-cdua-kfb4
summary Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests, for updating the inline model. Directly editing the view-only parent model was not possible, but the parent model's save() method was called, triggering potential side effects, and causing pre and post-save signal handlers to be invoked. (To resolve this, the Django admin is adjusted to require edit permissions on the parent model in order for inline models to be editable.)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19118.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19118.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-19118
reference_id
reference_type
scores
0
value 0.00354
scoring_system epss
scoring_elements 0.57984
published_at 2026-06-04T12:55:00Z
1
value 0.00354
scoring_system epss
scoring_elements 0.58036
published_at 2026-06-09T12:55:00Z
2
value 0.00354
scoring_system epss
scoring_elements 0.58035
published_at 2026-06-05T12:55:00Z
3
value 0.00354
scoring_system epss
scoring_elements 0.58019
published_at 2026-06-08T12:55:00Z
4
value 0.00354
scoring_system epss
scoring_elements 0.58033
published_at 2026-06-07T12:55:00Z
5
value 0.00354
scoring_system epss
scoring_elements 0.58044
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-19118
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19118
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19118
3
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
4
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
5
reference_url https://github.com/advisories/GHSA-hvmf-r92r-27hr
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-hvmf-r92r-27hr
6
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
7
reference_url https://github.com/django/django/commit/103ebe2b5ff1b2614b85a52c239f471904d26244
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/103ebe2b5ff1b2614b85a52c239f471904d26244
8
reference_url https://github.com/django/django/commit/36f580a17f0b3cb087deadf3b65eea024f479c21
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/36f580a17f0b3cb087deadf3b65eea024f479c21
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-15.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-15.yaml
10
reference_url https://groups.google.com/forum/#!topic/django-announce/GjGqDvtNmWQ
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/django-announce/GjGqDvtNmWQ
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6R4HD22PVEVQ45H2JA2NXH443AYJOPL5
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6R4HD22PVEVQ45H2JA2NXH443AYJOPL5
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6R4HD22PVEVQ45H2JA2NXH443AYJOPL5/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6R4HD22PVEVQ45H2JA2NXH443AYJOPL5/
13
reference_url https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202004-17
14
reference_url https://security.netapp.com/advisory/ntap-20191217-0003
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20191217-0003
15
reference_url https://security.netapp.com/advisory/ntap-20191217-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20191217-0003/
16
reference_url https://www.djangoproject.com/weblog/2019/dec/02/security-releases
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2019/dec/02/security-releases
17
reference_url https://www.djangoproject.com/weblog/2019/dec/02/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/dec/02/security-releases/
18
reference_url http://www.openwall.com/lists/oss-security/2019/12/02/1
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2019/12/02/1
19
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1781269
reference_id 1781269
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1781269
20
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946011
reference_id 946011
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946011
21
reference_url https://security.archlinux.org/AVG-1070
reference_id AVG-1070
reference_type
scores
0
value Low
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1070
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-19118
reference_id CVE-2019-19118
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-19118
fixed_packages
0
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-4kcg-gx5y-cuaw
3
vulnerability VCID-4tyd-97z5-z3ar
4
vulnerability VCID-55xg-pw9n-zkdy
5
vulnerability VCID-5xtt-au84-zbb2
6
vulnerability VCID-9gq3-whr8-s7b8
7
vulnerability VCID-9kvc-1bdz-n3bd
8
vulnerability VCID-abpe-htm1-9ubp
9
vulnerability VCID-bb8b-hq41-s7a6
10
vulnerability VCID-e12b-tw2c-53c9
11
vulnerability VCID-e8j6-mybr-17fh
12
vulnerability VCID-eqsc-axng-ckca
13
vulnerability VCID-fcg9-xypn-ykhf
14
vulnerability VCID-fsaw-3ta1-x3dw
15
vulnerability VCID-fsz5-dkw2-hyap
16
vulnerability VCID-fxuu-kk52-r7ch
17
vulnerability VCID-ga7z-wj4j-63h1
18
vulnerability VCID-hsjn-xnpp-5yeh
19
vulnerability VCID-jgv9-vdbm-sycd
20
vulnerability VCID-jybd-p65h-xffy
21
vulnerability VCID-kxdd-yzp3-r7cb
22
vulnerability VCID-m33h-4p9q-63fb
23
vulnerability VCID-m4am-h2ea-3ffr
24
vulnerability VCID-n2v7-jqjy-37bc
25
vulnerability VCID-pa7y-gpwp-6qgj
26
vulnerability VCID-phkp-9abp-f3dq
27
vulnerability VCID-qgp1-4efd-6yg6
28
vulnerability VCID-qy1a-x3ff-4bc8
29
vulnerability VCID-rqqc-ta7c-ykgx
30
vulnerability VCID-s1rj-1xbw-fbg5
31
vulnerability VCID-shch-yusm-1uck
32
vulnerability VCID-shjc-2j68-2yfy
33
vulnerability VCID-tktt-vg92-6kae
34
vulnerability VCID-tuqc-c251-h7ds
35
vulnerability VCID-ud73-4t2c-n3at
36
vulnerability VCID-vgq9-s6th-yufg
37
vulnerability VCID-w777-44ns-cybg
38
vulnerability VCID-wa3g-27sx-mbcw
39
vulnerability VCID-whgc-pt2s-77ar
40
vulnerability VCID-xcmd-18ck-gqae
41
vulnerability VCID-ynt9-h6ww-h7e9
42
vulnerability VCID-yuda-1mur-8bbq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
aliases CVE-2019-19118, GHSA-hvmf-r92r-27hr, PYSEC-2019-15
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pgtx-cdua-kfb4
40
url VCID-q8r2-m9s6-rbek
vulnerability_id VCID-q8r2-m9s6-rbek
summary In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by "startapp --template" and "startproject --template") allows directory traversal via an archive with absolute paths or relative paths with dot segments.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3281.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3281.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3281
reference_id
reference_type
scores
0
value 0.41482
scoring_system epss
scoring_elements 0.9749
published_at 2026-06-08T12:55:00Z
1
value 0.41482
scoring_system epss
scoring_elements 0.97491
published_at 2026-06-09T12:55:00Z
2
value 0.41482
scoring_system epss
scoring_elements 0.97488
published_at 2026-06-07T12:55:00Z
3
value 0.41482
scoring_system epss
scoring_elements 0.97482
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3281
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3281
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3281
3
reference_url https://docs.djangoproject.com/en/3.1/releases/3.0.12
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/3.1/releases/3.0.12
4
reference_url https://docs.djangoproject.com/en/3.1/releases/security
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/3.1/releases/security
5
reference_url https://docs.djangoproject.com/en/3.1/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/3.1/releases/security/
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/advisories/GHSA-fvgf-6h6h-3322
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-fvgf-6h6h-3322
8
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
9
reference_url https://github.com/django/django/commit/02e6592835b4559909aa3aaaf67988fef435f624
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/02e6592835b4559909aa3aaaf67988fef435f624
10
reference_url https://github.com/django/django/commit/05413afa8c18cdb978fcdf470e09f7a12b234a23
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/05413afa8c18cdb978fcdf470e09f7a12b234a23
11
reference_url https://github.com/django/django/commit/21e7622dec1f8612c85c2fc37fe8efbfd3311e37
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/21e7622dec1f8612c85c2fc37fe8efbfd3311e37
12
reference_url https://github.com/django/django/commit/52e409ed17287e9aabda847b6afe58be2fa9f86a
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/52e409ed17287e9aabda847b6afe58be2fa9f86a
13
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-9.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-9.yaml
14
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!forum/django-announce
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YF52FKEH5S2P5CM4X7IXSYG67YY2CDOO
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YF52FKEH5S2P5CM4X7IXSYG67YY2CDOO
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YF52FKEH5S2P5CM4X7IXSYG67YY2CDOO/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YF52FKEH5S2P5CM4X7IXSYG67YY2CDOO/
17
reference_url https://security.netapp.com/advisory/ntap-20210226-0004
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210226-0004
18
reference_url https://security.netapp.com/advisory/ntap-20210226-0004/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210226-0004/
19
reference_url https://www.djangoproject.com/weblog/2021/feb/01/security-releases
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2021/feb/01/security-releases
20
reference_url https://www.djangoproject.com/weblog/2021/feb/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2021/feb/01/security-releases/
21
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1919969
reference_id 1919969
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1919969
22
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981562
reference_id 981562
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981562
23
reference_url https://security.archlinux.org/ASA-202102-18
reference_id ASA-202102-18
reference_type
scores
url https://security.archlinux.org/ASA-202102-18
24
reference_url https://security.archlinux.org/AVG-1518
reference_id AVG-1518
reference_type
scores
0
value Low
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1518
25
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3281
reference_id CVE-2021-3281
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3281
26
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
27
reference_url https://access.redhat.com/errata/RHSA-2021:0780
reference_id RHSA-2021:0780
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0780
28
reference_url https://access.redhat.com/errata/RHSA-2021:0781
reference_id RHSA-2021:0781
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0781
29
reference_url https://access.redhat.com/errata/RHSA-2021:3490
reference_id RHSA-2021:3490
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3490
30
reference_url https://access.redhat.com/errata/RHSA-2021:5070
reference_id RHSA-2021:5070
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5070
31
reference_url https://usn.ubuntu.com/4715-1/
reference_id USN-4715-1
reference_type
scores
url https://usn.ubuntu.com/4715-1/
32
reference_url https://usn.ubuntu.com/4715-2/
reference_id USN-4715-2
reference_type
scores
url https://usn.ubuntu.com/4715-2/
fixed_packages
0
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-4kcg-gx5y-cuaw
3
vulnerability VCID-4tyd-97z5-z3ar
4
vulnerability VCID-55xg-pw9n-zkdy
5
vulnerability VCID-5xtt-au84-zbb2
6
vulnerability VCID-9gq3-whr8-s7b8
7
vulnerability VCID-9kvc-1bdz-n3bd
8
vulnerability VCID-abpe-htm1-9ubp
9
vulnerability VCID-bb8b-hq41-s7a6
10
vulnerability VCID-e12b-tw2c-53c9
11
vulnerability VCID-e8j6-mybr-17fh
12
vulnerability VCID-eqsc-axng-ckca
13
vulnerability VCID-fcg9-xypn-ykhf
14
vulnerability VCID-fsaw-3ta1-x3dw
15
vulnerability VCID-fsz5-dkw2-hyap
16
vulnerability VCID-fxuu-kk52-r7ch
17
vulnerability VCID-ga7z-wj4j-63h1
18
vulnerability VCID-hsjn-xnpp-5yeh
19
vulnerability VCID-jgv9-vdbm-sycd
20
vulnerability VCID-jybd-p65h-xffy
21
vulnerability VCID-kxdd-yzp3-r7cb
22
vulnerability VCID-m33h-4p9q-63fb
23
vulnerability VCID-m4am-h2ea-3ffr
24
vulnerability VCID-n2v7-jqjy-37bc
25
vulnerability VCID-pa7y-gpwp-6qgj
26
vulnerability VCID-phkp-9abp-f3dq
27
vulnerability VCID-qgp1-4efd-6yg6
28
vulnerability VCID-qy1a-x3ff-4bc8
29
vulnerability VCID-rqqc-ta7c-ykgx
30
vulnerability VCID-s1rj-1xbw-fbg5
31
vulnerability VCID-shch-yusm-1uck
32
vulnerability VCID-shjc-2j68-2yfy
33
vulnerability VCID-tktt-vg92-6kae
34
vulnerability VCID-tuqc-c251-h7ds
35
vulnerability VCID-ud73-4t2c-n3at
36
vulnerability VCID-vgq9-s6th-yufg
37
vulnerability VCID-w777-44ns-cybg
38
vulnerability VCID-wa3g-27sx-mbcw
39
vulnerability VCID-whgc-pt2s-77ar
40
vulnerability VCID-xcmd-18ck-gqae
41
vulnerability VCID-ynt9-h6ww-h7e9
42
vulnerability VCID-yuda-1mur-8bbq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
aliases BIT-django-2021-3281, CVE-2021-3281, GHSA-fvgf-6h6h-3322, PYSEC-2021-9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q8r2-m9s6-rbek
41
url VCID-qgp1-4efd-6yg6
vulnerability_id VCID-qgp1-4efd-6yg6
summary In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41164.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41164.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-41164
reference_id
reference_type
scores
0
value 0.00406
scoring_system epss
scoring_elements 0.61451
published_at 2026-06-06T12:55:00Z
1
value 0.00406
scoring_system epss
scoring_elements 0.6144
published_at 2026-06-09T12:55:00Z
2
value 0.00406
scoring_system epss
scoring_elements 0.61444
published_at 2026-06-05T12:55:00Z
3
value 0.00406
scoring_system epss
scoring_elements 0.6142
published_at 2026-06-08T12:55:00Z
4
value 0.00406
scoring_system epss
scoring_elements 0.61437
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-41164
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/4.2/releases/security
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/4.2/releases/security
26
reference_url https://docs.djangoproject.com/en/4.2/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.2/releases/security/
27
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
28
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
29
reference_url https://github.com/django/django/commit/6f030b1149bd8fa4ba90452e77cb3edc095ce54e
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/6f030b1149bd8fa4ba90452e77cb3edc095ce54e
30
reference_url https://github.com/django/django/commit/9c51b4dcfa0cefcb48231f4d71cafa80821f87b9
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/9c51b4dcfa0cefcb48231f4d71cafa80821f87b9
31
reference_url https://github.com/django/django/commit/ba00bc5ec6a7eff5e08be438f7b5b0e9574e8ff0
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/ba00bc5ec6a7eff5e08be438f7b5b0e9574e8ff0
32
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-225.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-225.yaml
33
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#%21forum/django-announce
34
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!forum/django-announce
35
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
36
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
37
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
38
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
39
reference_url https://security.netapp.com/advisory/ntap-20231214-0002
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20231214-0002
40
reference_url https://www.djangoproject.com/weblog/2023/sep/04/security-releases
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2023/sep/04/security-releases
41
reference_url https://www.djangoproject.com/weblog/2023/sep/04/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/sep/04/security-releases/
42
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051226
reference_id 1051226
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051226
43
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2237258
reference_id 2237258
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2237258
44
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-41164
reference_id CVE-2023-41164
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-41164
45
reference_url https://github.com/advisories/GHSA-7h4p-27mh-hmrw
reference_id GHSA-7h4p-27mh-hmrw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7h4p-27mh-hmrw
46
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
47
reference_url https://access.redhat.com/errata/RHSA-2023:5208
reference_id RHSA-2023:5208
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5208
48
reference_url https://access.redhat.com/errata/RHSA-2024:1878
reference_id RHSA-2024:1878
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1878
49
reference_url https://usn.ubuntu.com/6378-1/
reference_id USN-6378-1
reference_type
scores
url https://usn.ubuntu.com/6378-1/
50
reference_url https://usn.ubuntu.com/6414-2/
reference_id USN-6414-2
reference_type
scores
url https://usn.ubuntu.com/6414-2/
fixed_packages
0
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-55xg-pw9n-zkdy
3
vulnerability VCID-9gq3-whr8-s7b8
4
vulnerability VCID-abpe-htm1-9ubp
5
vulnerability VCID-eqsc-axng-ckca
6
vulnerability VCID-fsz5-dkw2-hyap
7
vulnerability VCID-fxuu-kk52-r7ch
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-kxdd-yzp3-r7cb
11
vulnerability VCID-m4am-h2ea-3ffr
12
vulnerability VCID-phkp-9abp-f3dq
13
vulnerability VCID-rqqc-ta7c-ykgx
14
vulnerability VCID-tktt-vg92-6kae
15
vulnerability VCID-tuqc-c251-h7ds
16
vulnerability VCID-w777-44ns-cybg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
aliases BIT-django-2023-41164, CVE-2023-41164, GHSA-7h4p-27mh-hmrw, PYSEC-2023-225
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qgp1-4efd-6yg6
42
url VCID-qvfs-2v1h-p3h4
vulnerability_id VCID-qvfs-2v1h-p3h4
summary An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24583.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24583.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-24583
reference_id
reference_type
scores
0
value 0.02869
scoring_system epss
scoring_elements 0.86557
published_at 2026-06-09T12:55:00Z
1
value 0.02869
scoring_system epss
scoring_elements 0.86559
published_at 2026-06-05T12:55:00Z
2
value 0.02869
scoring_system epss
scoring_elements 0.8656
published_at 2026-06-06T12:55:00Z
3
value 0.02869
scoring_system epss
scoring_elements 0.86537
published_at 2026-06-04T12:55:00Z
4
value 0.02869
scoring_system epss
scoring_elements 0.86544
published_at 2026-06-08T12:55:00Z
5
value 0.02869
scoring_system epss
scoring_elements 0.86555
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-24583
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24583
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24583
3
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
4
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-m6gj-h9gm-gw44
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-m6gj-h9gm-gw44
7
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
8
reference_url https://github.com/django/django/commit/8d7271578d7b153435b40fe40236ebec43cbf1b9
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/8d7271578d7b153435b40fe40236ebec43cbf1b9
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-33.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-33.yaml
10
reference_url https://groups.google.com/forum/#!topic/django-announce/Gdqn58RqIDM
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/django-announce/Gdqn58RqIDM
11
reference_url https://groups.google.com/forum/#!topic/django-announce/zFCMdgUnutU
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/django-announce/zFCMdgUnutU
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2ZHO3GZCJMP3DDTXCNVFV6ED3W64NAU
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2ZHO3GZCJMP3DDTXCNVFV6ED3W64NAU
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2ZHO3GZCJMP3DDTXCNVFV6ED3W64NAU/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2ZHO3GZCJMP3DDTXCNVFV6ED3W64NAU/
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLGFFLMF3X6USMJD7V5F5P4K2WVUTO3T
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLGFFLMF3X6USMJD7V5F5P4K2WVUTO3T
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLGFFLMF3X6USMJD7V5F5P4K2WVUTO3T/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLGFFLMF3X6USMJD7V5F5P4K2WVUTO3T/
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCRPQCBTV3RZHKVZ6K6QOAANPRZQD3GI
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCRPQCBTV3RZHKVZ6K6QOAANPRZQD3GI
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCRPQCBTV3RZHKVZ6K6QOAANPRZQD3GI/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCRPQCBTV3RZHKVZ6K6QOAANPRZQD3GI/
18
reference_url https://security.netapp.com/advisory/ntap-20200918-0004
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200918-0004
19
reference_url https://security.netapp.com/advisory/ntap-20200918-0004/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20200918-0004/
20
reference_url https://usn.ubuntu.com/4479-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4479-1
21
reference_url https://usn.ubuntu.com/4479-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4479-1/
22
reference_url https://www.djangoproject.com/weblog/2020/sep/01/security-releases
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2020/sep/01/security-releases
23
reference_url https://www.djangoproject.com/weblog/2020/sep/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2020/sep/01/security-releases/
24
reference_url https://www.openwall.com/lists/oss-security/2020/09/01/2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2020/09/01/2
25
reference_url https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2021.html
26
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1874485
reference_id 1874485
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1874485
27
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969367
reference_id 969367
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969367
28
reference_url https://security.archlinux.org/ASA-202009-4
reference_id ASA-202009-4
reference_type
scores
url https://security.archlinux.org/ASA-202009-4
29
reference_url https://security.archlinux.org/AVG-1217
reference_id AVG-1217
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1217
30
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-24583
reference_id CVE-2020-24583
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-24583
fixed_packages
0
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-4kcg-gx5y-cuaw
3
vulnerability VCID-4tyd-97z5-z3ar
4
vulnerability VCID-55xg-pw9n-zkdy
5
vulnerability VCID-5xtt-au84-zbb2
6
vulnerability VCID-9gq3-whr8-s7b8
7
vulnerability VCID-9kvc-1bdz-n3bd
8
vulnerability VCID-abpe-htm1-9ubp
9
vulnerability VCID-bb8b-hq41-s7a6
10
vulnerability VCID-e12b-tw2c-53c9
11
vulnerability VCID-e8j6-mybr-17fh
12
vulnerability VCID-eqsc-axng-ckca
13
vulnerability VCID-fcg9-xypn-ykhf
14
vulnerability VCID-fsaw-3ta1-x3dw
15
vulnerability VCID-fsz5-dkw2-hyap
16
vulnerability VCID-fxuu-kk52-r7ch
17
vulnerability VCID-ga7z-wj4j-63h1
18
vulnerability VCID-hsjn-xnpp-5yeh
19
vulnerability VCID-jgv9-vdbm-sycd
20
vulnerability VCID-jybd-p65h-xffy
21
vulnerability VCID-kxdd-yzp3-r7cb
22
vulnerability VCID-m33h-4p9q-63fb
23
vulnerability VCID-m4am-h2ea-3ffr
24
vulnerability VCID-n2v7-jqjy-37bc
25
vulnerability VCID-pa7y-gpwp-6qgj
26
vulnerability VCID-phkp-9abp-f3dq
27
vulnerability VCID-qgp1-4efd-6yg6
28
vulnerability VCID-qy1a-x3ff-4bc8
29
vulnerability VCID-rqqc-ta7c-ykgx
30
vulnerability VCID-s1rj-1xbw-fbg5
31
vulnerability VCID-shch-yusm-1uck
32
vulnerability VCID-shjc-2j68-2yfy
33
vulnerability VCID-tktt-vg92-6kae
34
vulnerability VCID-tuqc-c251-h7ds
35
vulnerability VCID-ud73-4t2c-n3at
36
vulnerability VCID-vgq9-s6th-yufg
37
vulnerability VCID-w777-44ns-cybg
38
vulnerability VCID-wa3g-27sx-mbcw
39
vulnerability VCID-whgc-pt2s-77ar
40
vulnerability VCID-xcmd-18ck-gqae
41
vulnerability VCID-ynt9-h6ww-h7e9
42
vulnerability VCID-yuda-1mur-8bbq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
aliases BIT-django-2020-24583, CVE-2020-24583, GHSA-m6gj-h9gm-gw44, PYSEC-2020-33
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qvfs-2v1h-p3h4
43
url VCID-qy1a-x3ff-4bc8
vulnerability_id VCID-qy1a-x3ff-4bc8
summary An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap() method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26699.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26699.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-26699
reference_id
reference_type
scores
0
value 0.00287
scoring_system epss
scoring_elements 0.52425
published_at 2026-06-09T12:55:00Z
1
value 0.00287
scoring_system epss
scoring_elements 0.52403
published_at 2026-06-08T12:55:00Z
2
value 0.00287
scoring_system epss
scoring_elements 0.52443
published_at 2026-06-05T12:55:00Z
3
value 0.00287
scoring_system epss
scoring_elements 0.52431
published_at 2026-06-07T12:55:00Z
4
value 0.00287
scoring_system epss
scoring_elements 0.52451
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-26699
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
26
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T20:30:28Z/
url https://docs.djangoproject.com/en/dev/releases/security/
27
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
28
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
29
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-13.yaml
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-13.yaml
30
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T20:30:28Z/
url https://groups.google.com/g/django-announce
31
reference_url https://lists.debian.org/debian-lts-announce/2025/03/msg00012.html
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/03/msg00012.html
32
reference_url https://www.djangoproject.com/weblog/2025/mar/06/security-releases
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2025/mar/06/security-releases
33
reference_url https://www.djangoproject.com/weblog/2025/mar/06/security-releases/
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T20:30:28Z/
url https://www.djangoproject.com/weblog/2025/mar/06/security-releases/
34
reference_url http://www.openwall.com/lists/oss-security/2025/03/06/12
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/03/06/12
35
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099682
reference_id 1099682
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099682
36
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2348993
reference_id 2348993
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2348993
37
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-26699
reference_id CVE-2025-26699
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-26699
38
reference_url https://github.com/advisories/GHSA-p3fp-8748-vqfq
reference_id GHSA-p3fp-8748-vqfq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p3fp-8748-vqfq
39
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
40
reference_url https://access.redhat.com/errata/RHSA-2025:3160
reference_id RHSA-2025:3160
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3160
41
reference_url https://access.redhat.com/errata/RHSA-2025:3162
reference_id RHSA-2025:3162
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3162
42
reference_url https://access.redhat.com/errata/RHSA-2025:3709
reference_id RHSA-2025:3709
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3709
43
reference_url https://access.redhat.com/errata/RHSA-2025:4553
reference_id RHSA-2025:4553
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4553
44
reference_url https://access.redhat.com/errata/RHSA-2025:8609
reference_id RHSA-2025:8609
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8609
45
reference_url https://usn.ubuntu.com/7335-1/
reference_id USN-7335-1
reference_type
scores
url https://usn.ubuntu.com/7335-1/
fixed_packages
0
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-55xg-pw9n-zkdy
3
vulnerability VCID-9gq3-whr8-s7b8
4
vulnerability VCID-abpe-htm1-9ubp
5
vulnerability VCID-eqsc-axng-ckca
6
vulnerability VCID-fsz5-dkw2-hyap
7
vulnerability VCID-fxuu-kk52-r7ch
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-kxdd-yzp3-r7cb
11
vulnerability VCID-m4am-h2ea-3ffr
12
vulnerability VCID-phkp-9abp-f3dq
13
vulnerability VCID-rqqc-ta7c-ykgx
14
vulnerability VCID-tktt-vg92-6kae
15
vulnerability VCID-tuqc-c251-h7ds
16
vulnerability VCID-w777-44ns-cybg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
aliases BIT-django-2025-26699, CVE-2025-26699, GHSA-p3fp-8748-vqfq, PYSEC-2025-13
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qy1a-x3ff-4bc8
44
url VCID-s1rj-1xbw-fbg5
vulnerability_id VCID-s1rj-1xbw-fbg5
summary An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39614.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39614.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-39614
reference_id
reference_type
scores
0
value 0.06838
scoring_system epss
scoring_elements 0.9153
published_at 2026-06-09T12:55:00Z
1
value 0.06838
scoring_system epss
scoring_elements 0.91515
published_at 2026-06-08T12:55:00Z
2
value 0.06838
scoring_system epss
scoring_elements 0.91518
published_at 2026-06-07T12:55:00Z
3
value 0.06838
scoring_system epss
scoring_elements 0.91521
published_at 2026-06-06T12:55:00Z
4
value 0.06838
scoring_system epss
scoring_elements 0.91519
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-39614
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
26
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-10T13:29:40Z/
url https://docs.djangoproject.com/en/dev/releases/security/
27
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
28
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
29
reference_url https://github.com/django/django/commit/17358fb35fb7217423d4c4877ccb6d1a3a40b1c3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/17358fb35fb7217423d4c4877ccb6d1a3a40b1c3
30
reference_url https://github.com/django/django/commit/8e7a44e4bec0f11474699c3111a5e0a45afe7f49
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/8e7a44e4bec0f11474699c3111a5e0a45afe7f49
31
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-59.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-59.yaml
32
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-10T13:29:40Z/
url https://groups.google.com/forum/#%21forum/django-announce
33
reference_url https://security.netapp.com/advisory/ntap-20240808-0005
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240808-0005
34
reference_url https://www.djangoproject.com/weblog/2024/jul/09/security-releases
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2024/jul/09/security-releases
35
reference_url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-10T13:29:40Z/
url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
36
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076069
reference_id 1076069
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076069
37
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2295938
reference_id 2295938
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2295938
38
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-39614
reference_id CVE-2024-39614
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-39614
39
reference_url https://github.com/advisories/GHSA-f6f8-9mx6-9mx2
reference_id GHSA-f6f8-9mx6-9mx2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f6f8-9mx6-9mx2
40
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
41
reference_url https://access.redhat.com/errata/RHSA-2024:6428
reference_id RHSA-2024:6428
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6428
42
reference_url https://access.redhat.com/errata/RHSA-2024:8906
reference_id RHSA-2024:8906
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8906
43
reference_url https://access.redhat.com/errata/RHSA-2024:9481
reference_id RHSA-2024:9481
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9481
44
reference_url https://access.redhat.com/errata/RHSA-2025:1335
reference_id RHSA-2025:1335
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1335
45
reference_url https://usn.ubuntu.com/6888-1/
reference_id USN-6888-1
reference_type
scores
url https://usn.ubuntu.com/6888-1/
46
reference_url https://usn.ubuntu.com/6888-2/
reference_id USN-6888-2
reference_type
scores
url https://usn.ubuntu.com/6888-2/
fixed_packages
0
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-55xg-pw9n-zkdy
3
vulnerability VCID-9gq3-whr8-s7b8
4
vulnerability VCID-abpe-htm1-9ubp
5
vulnerability VCID-eqsc-axng-ckca
6
vulnerability VCID-fsz5-dkw2-hyap
7
vulnerability VCID-fxuu-kk52-r7ch
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-kxdd-yzp3-r7cb
11
vulnerability VCID-m4am-h2ea-3ffr
12
vulnerability VCID-phkp-9abp-f3dq
13
vulnerability VCID-rqqc-ta7c-ykgx
14
vulnerability VCID-tktt-vg92-6kae
15
vulnerability VCID-tuqc-c251-h7ds
16
vulnerability VCID-w777-44ns-cybg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
aliases BIT-django-2024-39614, CVE-2024-39614, GHSA-f6f8-9mx6-9mx2, PYSEC-2024-59
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s1rj-1xbw-fbg5
45
url VCID-shch-yusm-1uck
vulnerability_id VCID-shch-yusm-1uck
summary 
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.
`django.utils.text.Truncator.chars()` and `Truncator.words()` methods (with `html=True`) and the `truncatechars_html` and `truncatewords_html` template filters allow a remote attacker to cause a potential denial-of-service via crafted inputs containing a large number of unmatched HTML end tags.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Seokchan Yoon for reporting this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1285.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1285.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-1285
reference_id
reference_type
scores
0
value 0.00079
scoring_system epss
scoring_elements 0.2349
published_at 2026-06-06T12:55:00Z
1
value 0.00079
scoring_system epss
scoring_elements 0.23394
published_at 2026-06-09T12:55:00Z
2
value 0.00079
scoring_system epss
scoring_elements 0.23389
published_at 2026-06-08T12:55:00Z
3
value 0.00079
scoring_system epss
scoring_elements 0.23503
published_at 2026-06-05T12:55:00Z
4
value 0.00079
scoring_system epss
scoring_elements 0.23443
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-1285
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1285
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1285
3
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
4
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:22:30Z/
url https://docs.djangoproject.com/en/dev/releases/security/
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
7
reference_url https://github.com/django/django/commit/a33540b3e20b5d759aa8b2e4b9ca0e8edd285344
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/a33540b3e20b5d759aa8b2e4b9ca0e8edd285344
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2026-45.yaml
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2026-45.yaml
9
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:22:30Z/
url https://groups.google.com/g/django-announce
10
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
11
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:22:30Z/
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914
reference_id 1126914
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2436340
reference_id 2436340
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2436340
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1285
reference_id CVE-2026-1285
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-1285
15
reference_url https://github.com/advisories/GHSA-4rrr-2h4v-f3j9
reference_id GHSA-4rrr-2h4v-f3j9
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4rrr-2h4v-f3j9
16
reference_url https://access.redhat.com/errata/RHSA-2026:14835
reference_id RHSA-2026:14835
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:14835
17
reference_url https://access.redhat.com/errata/RHSA-2026:2694
reference_id RHSA-2026:2694
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2694
18
reference_url https://access.redhat.com/errata/RHSA-2026:3958
reference_id RHSA-2026:3958
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3958
19
reference_url https://access.redhat.com/errata/RHSA-2026:3959
reference_id RHSA-2026:3959
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3959
20
reference_url https://access.redhat.com/errata/RHSA-2026:6291
reference_id RHSA-2026:6291
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6291
21
reference_url https://usn.ubuntu.com/8009-1/
reference_id USN-8009-1
reference_type
scores
url https://usn.ubuntu.com/8009-1/
fixed_packages
0
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-55xg-pw9n-zkdy
3
vulnerability VCID-9gq3-whr8-s7b8
4
vulnerability VCID-abpe-htm1-9ubp
5
vulnerability VCID-eqsc-axng-ckca
6
vulnerability VCID-fsz5-dkw2-hyap
7
vulnerability VCID-fxuu-kk52-r7ch
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-kxdd-yzp3-r7cb
11
vulnerability VCID-m4am-h2ea-3ffr
12
vulnerability VCID-phkp-9abp-f3dq
13
vulnerability VCID-rqqc-ta7c-ykgx
14
vulnerability VCID-tktt-vg92-6kae
15
vulnerability VCID-tuqc-c251-h7ds
16
vulnerability VCID-w777-44ns-cybg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
aliases BIT-django-2026-1285, CVE-2026-1285, GHSA-4rrr-2h4v-f3j9, PYSEC-2026-45
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-shch-yusm-1uck
46
url VCID-shjc-2j68-2yfy
vulnerability_id VCID-shjc-2j68-2yfy
summary 
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.
`.QuerySet.order_by()` is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in `FilteredRelation`.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Solomon Kebede for reporting this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1312.json
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1312.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-1312
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.0203
published_at 2026-06-07T12:55:00Z
1
value 0.00013
scoring_system epss
scoring_elements 0.02033
published_at 2026-06-05T12:55:00Z
2
value 0.00013
scoring_system epss
scoring_elements 0.0201
published_at 2026-06-09T12:55:00Z
3
value 0.00013
scoring_system epss
scoring_elements 0.02041
published_at 2026-06-06T12:55:00Z
4
value 0.00013
scoring_system epss
scoring_elements 0.02016
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-1312
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1312
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1312
3
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
4
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:56:09Z/
url https://docs.djangoproject.com/en/dev/releases/security/
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
7
reference_url https://github.com/django/django/commit/005d60d97c4dfb117503bdb6f2facfcaf9315d84
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/005d60d97c4dfb117503bdb6f2facfcaf9315d84
8
reference_url https://github.com/django/django/commit/69065ca869b0970dff8fdd8fafb390bf8b3bf222
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/69065ca869b0970dff8fdd8fafb390bf8b3bf222
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2026-47.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2026-47.yaml
10
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:56:09Z/
url https://groups.google.com/g/django-announce
11
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
12
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:56:09Z/
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914
reference_id 1126914
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2436342
reference_id 2436342
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2436342
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1312
reference_id CVE-2026-1312
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-1312
16
reference_url https://github.com/advisories/GHSA-6426-9fv3-65x8
reference_id GHSA-6426-9fv3-65x8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6426-9fv3-65x8
17
reference_url https://access.redhat.com/errata/RHSA-2026:14835
reference_id RHSA-2026:14835
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:14835
18
reference_url https://access.redhat.com/errata/RHSA-2026:2694
reference_id RHSA-2026:2694
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2694
19
reference_url https://access.redhat.com/errata/RHSA-2026:3958
reference_id RHSA-2026:3958
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3958
20
reference_url https://access.redhat.com/errata/RHSA-2026:3959
reference_id RHSA-2026:3959
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3959
21
reference_url https://access.redhat.com/errata/RHSA-2026:3960
reference_id RHSA-2026:3960
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3960
22
reference_url https://access.redhat.com/errata/RHSA-2026:3962
reference_id RHSA-2026:3962
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3962
23
reference_url https://access.redhat.com/errata/RHSA-2026:6291
reference_id RHSA-2026:6291
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6291
24
reference_url https://usn.ubuntu.com/8009-1/
reference_id USN-8009-1
reference_type
scores
url https://usn.ubuntu.com/8009-1/
fixed_packages
0
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-55xg-pw9n-zkdy
3
vulnerability VCID-9gq3-whr8-s7b8
4
vulnerability VCID-abpe-htm1-9ubp
5
vulnerability VCID-eqsc-axng-ckca
6
vulnerability VCID-fsz5-dkw2-hyap
7
vulnerability VCID-fxuu-kk52-r7ch
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-kxdd-yzp3-r7cb
11
vulnerability VCID-m4am-h2ea-3ffr
12
vulnerability VCID-phkp-9abp-f3dq
13
vulnerability VCID-rqqc-ta7c-ykgx
14
vulnerability VCID-tktt-vg92-6kae
15
vulnerability VCID-tuqc-c251-h7ds
16
vulnerability VCID-w777-44ns-cybg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
aliases BIT-django-2026-1312, CVE-2026-1312, GHSA-6426-9fv3-65x8, PYSEC-2026-47
risk_score 3.9
exploitability 0.5
weighted_severity 7.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-shjc-2j68-2yfy
47
url VCID-u9q1-63gf-7feh
vulnerability_id VCID-u9q1-63gf-7feh
summary In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffected because HttpResponse prohibits newlines in HTTP headers.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-32052.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-32052.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-32052
reference_id
reference_type
scores
0
value 0.01859
scoring_system epss
scoring_elements 0.8343
published_at 2026-06-09T12:55:00Z
1
value 0.01859
scoring_system epss
scoring_elements 0.83402
published_at 2026-06-04T12:55:00Z
2
value 0.01859
scoring_system epss
scoring_elements 0.83426
published_at 2026-06-05T12:55:00Z
3
value 0.01859
scoring_system epss
scoring_elements 0.83416
published_at 2026-06-08T12:55:00Z
4
value 0.01859
scoring_system epss
scoring_elements 0.83424
published_at 2026-06-07T12:55:00Z
5
value 0.01859
scoring_system epss
scoring_elements 0.83427
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-32052
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1944801
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1944801
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32052
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32052
4
reference_url https://docs.djangoproject.com/en/3.2/releases/security
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/3.2/releases/security
5
reference_url https://docs.djangoproject.com/en/3.2/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/3.2/releases/security/
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/advisories/GHSA-qm57-vhq3-3fwf
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-qm57-vhq3-3fwf
8
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
9
reference_url https://github.com/django/django/commit/e1e81aa1c4427411e3c68facdd761229ffea6f6f
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/e1e81aa1c4427411e3c68facdd761229ffea6f6f
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-8.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-8.yaml
11
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!forum/django-announce
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/
14
reference_url https://security.netapp.com/advisory/ntap-20210611-0002
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210611-0002
15
reference_url https://www.djangoproject.com/weblog/2021/may/06/security-releases
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2021/may/06/security-releases
16
reference_url https://www.djangoproject.com/weblog/2021/may/06/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2021/may/06/security-releases/
17
reference_url http://www.openwall.com/lists/oss-security/2021/05/06/1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2021/05/06/1
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1957455
reference_id 1957455
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1957455
19
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988136
reference_id 988136
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988136
20
reference_url https://security.archlinux.org/AVG-1924
reference_id AVG-1924
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1924
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-32052
reference_id CVE-2021-32052
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-32052
22
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
23
reference_url https://usn.ubuntu.com/4975-1/
reference_id USN-4975-1
reference_type
scores
url https://usn.ubuntu.com/4975-1/
24
reference_url https://usn.ubuntu.com/5373-1/
reference_id USN-5373-1
reference_type
scores
url https://usn.ubuntu.com/5373-1/
25
reference_url https://usn.ubuntu.com/5373-2/
reference_id USN-5373-2
reference_type
scores
url https://usn.ubuntu.com/5373-2/
fixed_packages
0
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-4kcg-gx5y-cuaw
3
vulnerability VCID-4tyd-97z5-z3ar
4
vulnerability VCID-55xg-pw9n-zkdy
5
vulnerability VCID-5xtt-au84-zbb2
6
vulnerability VCID-9gq3-whr8-s7b8
7
vulnerability VCID-9kvc-1bdz-n3bd
8
vulnerability VCID-abpe-htm1-9ubp
9
vulnerability VCID-bb8b-hq41-s7a6
10
vulnerability VCID-e12b-tw2c-53c9
11
vulnerability VCID-e8j6-mybr-17fh
12
vulnerability VCID-eqsc-axng-ckca
13
vulnerability VCID-fcg9-xypn-ykhf
14
vulnerability VCID-fsaw-3ta1-x3dw
15
vulnerability VCID-fsz5-dkw2-hyap
16
vulnerability VCID-fxuu-kk52-r7ch
17
vulnerability VCID-ga7z-wj4j-63h1
18
vulnerability VCID-hsjn-xnpp-5yeh
19
vulnerability VCID-jgv9-vdbm-sycd
20
vulnerability VCID-jybd-p65h-xffy
21
vulnerability VCID-kxdd-yzp3-r7cb
22
vulnerability VCID-m33h-4p9q-63fb
23
vulnerability VCID-m4am-h2ea-3ffr
24
vulnerability VCID-n2v7-jqjy-37bc
25
vulnerability VCID-pa7y-gpwp-6qgj
26
vulnerability VCID-phkp-9abp-f3dq
27
vulnerability VCID-qgp1-4efd-6yg6
28
vulnerability VCID-qy1a-x3ff-4bc8
29
vulnerability VCID-rqqc-ta7c-ykgx
30
vulnerability VCID-s1rj-1xbw-fbg5
31
vulnerability VCID-shch-yusm-1uck
32
vulnerability VCID-shjc-2j68-2yfy
33
vulnerability VCID-tktt-vg92-6kae
34
vulnerability VCID-tuqc-c251-h7ds
35
vulnerability VCID-ud73-4t2c-n3at
36
vulnerability VCID-vgq9-s6th-yufg
37
vulnerability VCID-w777-44ns-cybg
38
vulnerability VCID-wa3g-27sx-mbcw
39
vulnerability VCID-whgc-pt2s-77ar
40
vulnerability VCID-xcmd-18ck-gqae
41
vulnerability VCID-ynt9-h6ww-h7e9
42
vulnerability VCID-yuda-1mur-8bbq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
aliases BIT-django-2021-32052, CVE-2021-32052, GHSA-qm57-vhq3-3fwf, PYSEC-2021-8
risk_score 3.4
exploitability 0.5
weighted_severity 6.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u9q1-63gf-7feh
48
url VCID-ud73-4t2c-n3at
vulnerability_id VCID-ud73-4t2c-n3at
summary An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53907.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53907.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-53907
reference_id
reference_type
scores
0
value 0.01038
scoring_system epss
scoring_elements 0.77788
published_at 2026-06-09T12:55:00Z
1
value 0.01038
scoring_system epss
scoring_elements 0.77769
published_at 2026-06-08T12:55:00Z
2
value 0.01038
scoring_system epss
scoring_elements 0.77779
published_at 2026-06-07T12:55:00Z
3
value 0.01038
scoring_system epss
scoring_elements 0.77789
published_at 2026-06-06T12:55:00Z
4
value 0.01038
scoring_system epss
scoring_elements 0.77782
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-53907
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
26
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T16:22:53Z/
url https://docs.djangoproject.com/en/dev/releases/security/
27
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
28
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
29
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-156.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-156.yaml
30
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T16:22:53Z/
url https://groups.google.com/g/django-announce
31
reference_url https://lists.debian.org/debian-lts-announce/2024/12/msg00028.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/12/msg00028.html
32
reference_url https://www.djangoproject.com/weblog/2024/dec/04/security-releases
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2024/dec/04/security-releases
33
reference_url https://www.openwall.com/lists/oss-security/2024/12/04/3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T16:22:53Z/
url https://www.openwall.com/lists/oss-security/2024/12/04/3
34
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2329288
reference_id 2329288
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2329288
35
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-53907
reference_id CVE-2024-53907
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-53907
36
reference_url https://github.com/advisories/GHSA-8498-2h75-472j
reference_id GHSA-8498-2h75-472j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8498-2h75-472j
37
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
38
reference_url https://access.redhat.com/errata/RHSA-2024:11144
reference_id RHSA-2024:11144
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:11144
39
reference_url https://access.redhat.com/errata/RHSA-2024:11146
reference_id RHSA-2024:11146
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:11146
40
reference_url https://access.redhat.com/errata/RHSA-2025:0340
reference_id RHSA-2025:0340
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0340
41
reference_url https://access.redhat.com/errata/RHSA-2025:0777
reference_id RHSA-2025:0777
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0777
42
reference_url https://usn.ubuntu.com/7136-1/
reference_id USN-7136-1
reference_type
scores
url https://usn.ubuntu.com/7136-1/
43
reference_url https://usn.ubuntu.com/7136-2/
reference_id USN-7136-2
reference_type
scores
url https://usn.ubuntu.com/7136-2/
fixed_packages
0
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-55xg-pw9n-zkdy
3
vulnerability VCID-9gq3-whr8-s7b8
4
vulnerability VCID-abpe-htm1-9ubp
5
vulnerability VCID-eqsc-axng-ckca
6
vulnerability VCID-fsz5-dkw2-hyap
7
vulnerability VCID-fxuu-kk52-r7ch
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-kxdd-yzp3-r7cb
11
vulnerability VCID-m4am-h2ea-3ffr
12
vulnerability VCID-phkp-9abp-f3dq
13
vulnerability VCID-rqqc-ta7c-ykgx
14
vulnerability VCID-tktt-vg92-6kae
15
vulnerability VCID-tuqc-c251-h7ds
16
vulnerability VCID-w777-44ns-cybg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
aliases BIT-django-2024-53907, CVE-2024-53907, GHSA-8498-2h75-472j, PYSEC-2024-156
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ud73-4t2c-n3at
49
url VCID-vdpf-jddk-syda
vulnerability_id VCID-vdpf-jddk-syda
summary insufficient validation
references
0
reference_url http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19844.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19844.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-19844
reference_id
reference_type
scores
0
value 0.15418
scoring_system epss
scoring_elements 0.94781
published_at 2026-06-08T12:55:00Z
1
value 0.15418
scoring_system epss
scoring_elements 0.94787
published_at 2026-06-09T12:55:00Z
2
value 0.15418
scoring_system epss
scoring_elements 0.94782
published_at 2026-06-07T12:55:00Z
3
value 0.15418
scoring_system epss
scoring_elements 0.94771
published_at 2026-06-04T12:55:00Z
4
value 0.15418
scoring_system epss
scoring_elements 0.94779
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-19844
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19844
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19844
4
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
5
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/advisories/GHSA-vfq6-hq5r-27r6
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-vfq6-hq5r-27r6
8
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
9
reference_url https://github.com/django/django/commit/302a4ff1e8b1c798aab97673909c7a3dfda42c26
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/302a4ff1e8b1c798aab97673909c7a3dfda42c26
10
reference_url https://github.com/django/django/commit/4d334bea06cac63dc1272abcec545b85136cca0e
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/4d334bea06cac63dc1272abcec545b85136cca0e
11
reference_url https://github.com/django/django/commit/5b1fbcef7a8bec991ebe7b2a18b5d5a95d72cb70
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/5b1fbcef7a8bec991ebe7b2a18b5d5a95d72cb70
12
reference_url https://github.com/django/django/commit/f4cff43bf921fcea6a29b726eb66767f67753fa2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/f4cff43bf921fcea6a29b726eb66767f67753fa2
13
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-16.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-16.yaml
14
reference_url https://groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/
17
reference_url https://seclists.org/bugtraq/2020/Jan/9
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2020/Jan/9
18
reference_url https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202004-17
19
reference_url https://security.netapp.com/advisory/ntap-20200110-0003
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200110-0003
20
reference_url https://security.netapp.com/advisory/ntap-20200110-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20200110-0003/
21
reference_url https://usn.ubuntu.com/4224-1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4224-1
22
reference_url https://usn.ubuntu.com/4224-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4224-1/
23
reference_url https://www.debian.org/security/2020/dsa-4598
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2020/dsa-4598
24
reference_url https://www.djangoproject.com/weblog/2019/dec/18/security-releases
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2019/dec/18/security-releases
25
reference_url https://www.djangoproject.com/weblog/2019/dec/18/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/dec/18/security-releases/
26
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1788425
reference_id 1788425
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1788425
27
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946937
reference_id 946937
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946937
28
reference_url https://security.archlinux.org/AVG-1080
reference_id AVG-1080
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1080
29
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/webapps/47879.md
reference_id CVE-2019-19844
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/webapps/47879.md
30
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-19844
reference_id CVE-2019-19844
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-19844
31
reference_url https://ryu22e.org/en/posts/2019/12/25/django-cve-2019-19844/
reference_id CVE-2019-19844
reference_type exploit
scores
url https://ryu22e.org/en/posts/2019/12/25/django-cve-2019-19844/
32
reference_url https://usn.ubuntu.com/6722-1/
reference_id USN-6722-1
reference_type
scores
url https://usn.ubuntu.com/6722-1/
fixed_packages
0
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-4kcg-gx5y-cuaw
3
vulnerability VCID-4tyd-97z5-z3ar
4
vulnerability VCID-55xg-pw9n-zkdy
5
vulnerability VCID-5xtt-au84-zbb2
6
vulnerability VCID-9gq3-whr8-s7b8
7
vulnerability VCID-9kvc-1bdz-n3bd
8
vulnerability VCID-abpe-htm1-9ubp
9
vulnerability VCID-bb8b-hq41-s7a6
10
vulnerability VCID-e12b-tw2c-53c9
11
vulnerability VCID-e8j6-mybr-17fh
12
vulnerability VCID-eqsc-axng-ckca
13
vulnerability VCID-fcg9-xypn-ykhf
14
vulnerability VCID-fsaw-3ta1-x3dw
15
vulnerability VCID-fsz5-dkw2-hyap
16
vulnerability VCID-fxuu-kk52-r7ch
17
vulnerability VCID-ga7z-wj4j-63h1
18
vulnerability VCID-hsjn-xnpp-5yeh
19
vulnerability VCID-jgv9-vdbm-sycd
20
vulnerability VCID-jybd-p65h-xffy
21
vulnerability VCID-kxdd-yzp3-r7cb
22
vulnerability VCID-m33h-4p9q-63fb
23
vulnerability VCID-m4am-h2ea-3ffr
24
vulnerability VCID-n2v7-jqjy-37bc
25
vulnerability VCID-pa7y-gpwp-6qgj
26
vulnerability VCID-phkp-9abp-f3dq
27
vulnerability VCID-qgp1-4efd-6yg6
28
vulnerability VCID-qy1a-x3ff-4bc8
29
vulnerability VCID-rqqc-ta7c-ykgx
30
vulnerability VCID-s1rj-1xbw-fbg5
31
vulnerability VCID-shch-yusm-1uck
32
vulnerability VCID-shjc-2j68-2yfy
33
vulnerability VCID-tktt-vg92-6kae
34
vulnerability VCID-tuqc-c251-h7ds
35
vulnerability VCID-ud73-4t2c-n3at
36
vulnerability VCID-vgq9-s6th-yufg
37
vulnerability VCID-w777-44ns-cybg
38
vulnerability VCID-wa3g-27sx-mbcw
39
vulnerability VCID-whgc-pt2s-77ar
40
vulnerability VCID-xcmd-18ck-gqae
41
vulnerability VCID-ynt9-h6ww-h7e9
42
vulnerability VCID-yuda-1mur-8bbq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
aliases CVE-2019-19844, GHSA-vfq6-hq5r-27r6, PYSEC-2019-16
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vdpf-jddk-syda
50
url VCID-vgq9-s6th-yufg
vulnerability_id VCID-vgq9-s6th-yufg
summary An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate() method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39329.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39329.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-39329
reference_id
reference_type
scores
0
value 0.00165
scoring_system epss
scoring_elements 0.37358
published_at 2026-06-05T12:55:00Z
1
value 0.00165
scoring_system epss
scoring_elements 0.37308
published_at 2026-06-09T12:55:00Z
2
value 0.00165
scoring_system epss
scoring_elements 0.37293
published_at 2026-06-08T12:55:00Z
3
value 0.00165
scoring_system epss
scoring_elements 0.37331
published_at 2026-06-07T12:55:00Z
4
value 0.00165
scoring_system epss
scoring_elements 0.37363
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-39329
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
26
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-10T16:17:00Z/
url https://docs.djangoproject.com/en/dev/releases/security/
27
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
28
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
29
reference_url https://github.com/django/django/commit/07cefdee4a9d1fcd9a3a631cbd07c78defd1923b
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/07cefdee4a9d1fcd9a3a631cbd07c78defd1923b
30
reference_url https://github.com/django/django/commit/156d3186c96e3ec2ca73b8b25dc2ef366e38df14
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/156d3186c96e3ec2ca73b8b25dc2ef366e38df14
31
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-57.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-57.yaml
32
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-10T16:17:00Z/
url https://groups.google.com/forum/#%21forum/django-announce
33
reference_url https://security.netapp.com/advisory/ntap-20240808-0005
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240808-0005
34
reference_url https://www.djangoproject.com/weblog/2024/jul/09/security-releases
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2024/jul/09/security-releases
35
reference_url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-10T16:17:00Z/
url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
36
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076069
reference_id 1076069
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076069
37
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2295936
reference_id 2295936
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2295936
38
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-39329
reference_id CVE-2024-39329
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-39329
39
reference_url https://github.com/advisories/GHSA-x7q2-wr7g-xqmf
reference_id GHSA-x7q2-wr7g-xqmf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x7q2-wr7g-xqmf
40
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
41
reference_url https://access.redhat.com/errata/RHSA-2024:6428
reference_id RHSA-2024:6428
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6428
42
reference_url https://access.redhat.com/errata/RHSA-2024:8906
reference_id RHSA-2024:8906
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8906
43
reference_url https://access.redhat.com/errata/RHSA-2024:9481
reference_id RHSA-2024:9481
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9481
44
reference_url https://usn.ubuntu.com/6888-1/
reference_id USN-6888-1
reference_type
scores
url https://usn.ubuntu.com/6888-1/
45
reference_url https://usn.ubuntu.com/6888-2/
reference_id USN-6888-2
reference_type
scores
url https://usn.ubuntu.com/6888-2/
fixed_packages
0
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-55xg-pw9n-zkdy
3
vulnerability VCID-9gq3-whr8-s7b8
4
vulnerability VCID-abpe-htm1-9ubp
5
vulnerability VCID-eqsc-axng-ckca
6
vulnerability VCID-fsz5-dkw2-hyap
7
vulnerability VCID-fxuu-kk52-r7ch
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-kxdd-yzp3-r7cb
11
vulnerability VCID-m4am-h2ea-3ffr
12
vulnerability VCID-phkp-9abp-f3dq
13
vulnerability VCID-rqqc-ta7c-ykgx
14
vulnerability VCID-tktt-vg92-6kae
15
vulnerability VCID-tuqc-c251-h7ds
16
vulnerability VCID-w777-44ns-cybg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
aliases BIT-django-2024-39329, CVE-2024-39329, GHSA-x7q2-wr7g-xqmf, PYSEC-2024-57
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vgq9-s6th-yufg
51
url VCID-wa3g-27sx-mbcw
vulnerability_id VCID-wa3g-27sx-mbcw
summary 
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.
`FilteredRelation` is subject to SQL injection in column aliases via control characters, using a suitably crafted dictionary, with dictionary expansion, as the `**kwargs` passed to `QuerySet` methods `annotate()`, `aggregate()`, `extra()`, `values()`, `values_list()`, and `alias()`.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Solomon Kebede for reporting this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1287.json
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1287.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-1287
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.02016
published_at 2026-06-08T12:55:00Z
1
value 0.00013
scoring_system epss
scoring_elements 0.02041
published_at 2026-06-06T12:55:00Z
2
value 0.00013
scoring_system epss
scoring_elements 0.0201
published_at 2026-06-09T12:55:00Z
3
value 0.00013
scoring_system epss
scoring_elements 0.0203
published_at 2026-06-07T12:55:00Z
4
value 0.00013
scoring_system epss
scoring_elements 0.02033
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-1287
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1287
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1287
3
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
4
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:26:40Z/
url https://docs.djangoproject.com/en/dev/releases/security/
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
7
reference_url https://github.com/django/django/commit/e891a84c7ef9962bfcc3b4685690219542f86a22
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/e891a84c7ef9962bfcc3b4685690219542f86a22
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2026-46.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2026-46.yaml
9
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:26:40Z/
url https://groups.google.com/g/django-announce
10
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases
11
reference_url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:26:40Z/
url https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914
reference_id 1126914
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2436339
reference_id 2436339
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2436339
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1287
reference_id CVE-2026-1287
reference_type
scores
0
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-1287
15
reference_url https://github.com/advisories/GHSA-gvg8-93h5-g6qq
reference_id GHSA-gvg8-93h5-g6qq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gvg8-93h5-g6qq
16
reference_url https://access.redhat.com/errata/RHSA-2026:14835
reference_id RHSA-2026:14835
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:14835
17
reference_url https://access.redhat.com/errata/RHSA-2026:2694
reference_id RHSA-2026:2694
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2694
18
reference_url https://access.redhat.com/errata/RHSA-2026:3958
reference_id RHSA-2026:3958
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3958
19
reference_url https://access.redhat.com/errata/RHSA-2026:3959
reference_id RHSA-2026:3959
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3959
20
reference_url https://access.redhat.com/errata/RHSA-2026:3960
reference_id RHSA-2026:3960
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3960
21
reference_url https://access.redhat.com/errata/RHSA-2026:3962
reference_id RHSA-2026:3962
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3962
22
reference_url https://access.redhat.com/errata/RHSA-2026:6291
reference_id RHSA-2026:6291
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6291
23
reference_url https://usn.ubuntu.com/8009-1/
reference_id USN-8009-1
reference_type
scores
url https://usn.ubuntu.com/8009-1/
fixed_packages
0
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-55xg-pw9n-zkdy
3
vulnerability VCID-9gq3-whr8-s7b8
4
vulnerability VCID-abpe-htm1-9ubp
5
vulnerability VCID-eqsc-axng-ckca
6
vulnerability VCID-fsz5-dkw2-hyap
7
vulnerability VCID-fxuu-kk52-r7ch
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-kxdd-yzp3-r7cb
11
vulnerability VCID-m4am-h2ea-3ffr
12
vulnerability VCID-phkp-9abp-f3dq
13
vulnerability VCID-rqqc-ta7c-ykgx
14
vulnerability VCID-tktt-vg92-6kae
15
vulnerability VCID-tuqc-c251-h7ds
16
vulnerability VCID-w777-44ns-cybg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
aliases BIT-django-2026-1287, CVE-2026-1287, GHSA-gvg8-93h5-g6qq, PYSEC-2026-46
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wa3g-27sx-mbcw
52
url VCID-whgc-pt2s-77ar
vulnerability_id VCID-whgc-pt2s-77ar
summary 
An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.
The methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank cyberstan for reporting this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64459.json
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64459.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-64459
reference_id
reference_type
scores
0
value 0.00296
scoring_system epss
scoring_elements 0.53234
published_at 2026-06-09T12:55:00Z
1
value 0.00296
scoring_system epss
scoring_elements 0.5321
published_at 2026-06-08T12:55:00Z
2
value 0.00296
scoring_system epss
scoring_elements 0.53236
published_at 2026-06-07T12:55:00Z
3
value 0.00296
scoring_system epss
scoring_elements 0.53254
published_at 2026-06-06T12:55:00Z
4
value 0.00296
scoring_system epss
scoring_elements 0.53246
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-64459
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
26
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-11-06T04:55:36Z/
url https://docs.djangoproject.com/en/dev/releases/security/
27
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
28
reference_url https://github.com/django/django/commit/06dd38324ac3d60d83d9f3adabf0dcdf423d2a85
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/06dd38324ac3d60d83d9f3adabf0dcdf423d2a85
29
reference_url https://github.com/django/django/commit/59ae82e67053d281ff4562a24bbba21299f0a7d4
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/59ae82e67053d281ff4562a24bbba21299f0a7d4
30
reference_url https://github.com/django/django/commit/6703f364d767e949c5b0e4016433ef75063b4f9b
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/6703f364d767e949c5b0e4016433ef75063b4f9b
31
reference_url https://github.com/django/django/commit/72d2c87431f2ae0431d65d0ec792047f078c8241
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/72d2c87431f2ae0431d65d0ec792047f078c8241
32
reference_url https://github.com/omarkurt/django-connector-CVE-2025-64459-testbed
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/omarkurt/django-connector-CVE-2025-64459-testbed
33
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-108.yaml
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-108.yaml
34
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-11-06T04:55:36Z/
url https://groups.google.com/g/django-announce
35
reference_url https://shivasurya.me/security/django/2025/11/07/django-sql-injection-CVE-2025-64459.html
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://shivasurya.me/security/django/2025/11/07/django-sql-injection-CVE-2025-64459.html
36
reference_url https://www.djangoproject.com/weblog/2025/nov/05/security-releases
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2025/nov/05/security-releases
37
reference_url https://www.djangoproject.com/weblog/2025/nov/05/security-releases/
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-11-06T04:55:36Z/
url https://www.djangoproject.com/weblog/2025/nov/05/security-releases/
38
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120139
reference_id 1120139
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120139
39
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2412651
reference_id 2412651
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2412651
40
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52456.py
reference_id CVE-2025-64459
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52456.py
41
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-64459
reference_id CVE-2025-64459
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-64459
42
reference_url https://github.com/advisories/GHSA-frmv-pr5f-9mcr
reference_id GHSA-frmv-pr5f-9mcr
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-frmv-pr5f-9mcr
43
reference_url https://access.redhat.com/errata/RHSA-2025:23069
reference_id RHSA-2025:23069
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23069
44
reference_url https://access.redhat.com/errata/RHSA-2025:23070
reference_id RHSA-2025:23070
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23070
45
reference_url https://access.redhat.com/errata/RHSA-2025:23130
reference_id RHSA-2025:23130
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23130
46
reference_url https://access.redhat.com/errata/RHSA-2025:23131
reference_id RHSA-2025:23131
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23131
47
reference_url https://access.redhat.com/errata/RHSA-2025:23133
reference_id RHSA-2025:23133
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23133
48
reference_url https://access.redhat.com/errata/RHSA-2025:23196
reference_id RHSA-2025:23196
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23196
49
reference_url https://access.redhat.com/errata/RHSA-2026:1596
reference_id RHSA-2026:1596
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1596
50
reference_url https://usn.ubuntu.com/7859-1/
reference_id USN-7859-1
reference_type
scores
url https://usn.ubuntu.com/7859-1/
fixed_packages
0
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-55xg-pw9n-zkdy
3
vulnerability VCID-9gq3-whr8-s7b8
4
vulnerability VCID-abpe-htm1-9ubp
5
vulnerability VCID-eqsc-axng-ckca
6
vulnerability VCID-fsz5-dkw2-hyap
7
vulnerability VCID-fxuu-kk52-r7ch
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-kxdd-yzp3-r7cb
11
vulnerability VCID-m4am-h2ea-3ffr
12
vulnerability VCID-phkp-9abp-f3dq
13
vulnerability VCID-rqqc-ta7c-ykgx
14
vulnerability VCID-tktt-vg92-6kae
15
vulnerability VCID-tuqc-c251-h7ds
16
vulnerability VCID-w777-44ns-cybg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
aliases BIT-django-2025-64459, CVE-2025-64459, GHSA-frmv-pr5f-9mcr, PYSEC-2025-108
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-whgc-pt2s-77ar
53
url VCID-wnxx-rc7w-cke4
vulnerability_id VCID-wnxx-rc7w-cke4
summary 
Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)
When the attacker can separate query parameters using a semicolon (`;`), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23336.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23336.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-23336
reference_id
reference_type
scores
0
value 0.003
scoring_system epss
scoring_elements 0.53655
published_at 2026-06-08T12:55:00Z
1
value 0.003
scoring_system epss
scoring_elements 0.53678
published_at 2026-06-09T12:55:00Z
2
value 0.003
scoring_system epss
scoring_elements 0.53624
published_at 2026-06-04T12:55:00Z
3
value 0.003
scoring_system epss
scoring_elements 0.53691
published_at 2026-06-06T12:55:00Z
4
value 0.003
scoring_system epss
scoring_elements 0.53682
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-23336
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23336
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23336
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1928904
reference_id 1928904
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1928904
5
reference_url https://github.com/python/cpython/pull/24297
reference_id 24297
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/
url https://github.com/python/cpython/pull/24297
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3EPYWWFDV22CJ5AOH5VCE72DOASZZ255/
reference_id 3EPYWWFDV22CJ5AOH5VCE72DOASZZ255
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3EPYWWFDV22CJ5AOH5VCE72DOASZZ255/
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YKKDLXL3UEZ3J426C2XTBS63AHE46SM/
reference_id 3YKKDLXL3UEZ3J426C2XTBS63AHE46SM
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YKKDLXL3UEZ3J426C2XTBS63AHE46SM/
8
reference_url http://www.openwall.com/lists/oss-security/2021/02/19/4
reference_id 4
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/
url http://www.openwall.com/lists/oss-security/2021/02/19/4
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/46N6A52EGSXHJYCZWVMBJJIH4NWIV2B5/
reference_id 46N6A52EGSXHJYCZWVMBJJIH4NWIV2B5
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/46N6A52EGSXHJYCZWVMBJJIH4NWIV2B5/
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983090
reference_id 983090
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983090
11
reference_url https://security.archlinux.org/ASA-202102-28
reference_id ASA-202102-28
reference_type
scores
url https://security.archlinux.org/ASA-202102-28
12
reference_url https://security.archlinux.org/ASA-202102-37
reference_id ASA-202102-37
reference_type
scores
url https://security.archlinux.org/ASA-202102-37
13
reference_url https://security.archlinux.org/AVG-1465
reference_id AVG-1465
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1465
14
reference_url https://security.archlinux.org/AVG-1593
reference_id AVG-1593
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1593
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-23336
reference_id CVE-2021-23336
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-23336
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/
reference_id FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/
17
reference_url https://security.gentoo.org/glsa/202104-04
reference_id GLSA-202104-04
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/
url https://security.gentoo.org/glsa/202104-04
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HCQTCSP6SCVIYNIRUJC5X7YBVUHPLSC4/
reference_id HCQTCSP6SCVIYNIRUJC5X7YBVUHPLSC4
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HCQTCSP6SCVIYNIRUJC5X7YBVUHPLSC4/
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HZTM7KLHFCE3LWSEVO2NAFLUHMGYMCRY/
reference_id HZTM7KLHFCE3LWSEVO2NAFLUHMGYMCRY
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HZTM7KLHFCE3LWSEVO2NAFLUHMGYMCRY/
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IHQDU7NXA7EWAE4W7VO6MURVJIULEPPR/
reference_id IHQDU7NXA7EWAE4W7VO6MURVJIULEPPR
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IHQDU7NXA7EWAE4W7VO6MURVJIULEPPR/
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJXCMHLY7H3FIYLE4OKDYUILU2CCRUCZ/
reference_id KJXCMHLY7H3FIYLE4OKDYUILU2CCRUCZ
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJXCMHLY7H3FIYLE4OKDYUILU2CCRUCZ/
22
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LVNH6Z24IG3E67ZCQGGJ46FZB4XFLQNZ/
reference_id LVNH6Z24IG3E67ZCQGGJ46FZB4XFLQNZ
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LVNH6Z24IG3E67ZCQGGJ46FZB4XFLQNZ/
23
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MNUN5SOMFL2BBKP6ZAICIIUPQKZDMGYO/
reference_id MNUN5SOMFL2BBKP6ZAICIIUPQKZDMGYO
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MNUN5SOMFL2BBKP6ZAICIIUPQKZDMGYO/
24
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MP572OLHMS7MZO4KUPSCIMSZIA5IZZ62/
reference_id MP572OLHMS7MZO4KUPSCIMSZIA5IZZ62
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MP572OLHMS7MZO4KUPSCIMSZIA5IZZ62/
25
reference_url https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html
reference_id msg00005.html
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/
url https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html
26
reference_url https://lists.debian.org/debian-lts-announce/2021/04/msg00015.html
reference_id msg00015.html
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/
url https://lists.debian.org/debian-lts-announce/2021/04/msg00015.html
27
reference_url https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html
reference_id msg00022.html
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/
url https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html
28
reference_url https://lists.debian.org/debian-lts-announce/2021/02/msg00030.html
reference_id msg00030.html
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/
url https://lists.debian.org/debian-lts-announce/2021/02/msg00030.html
29
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/
reference_id N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/
30
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJSCSN722JO2E2AGPWD4NTGVELVRPB4R/
reference_id NJSCSN722JO2E2AGPWD4NTGVELVRPB4R
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJSCSN722JO2E2AGPWD4NTGVELVRPB4R/
31
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NODWHDIFBQE5RU5PUWUVE47JOT5VCMJ2/
reference_id NODWHDIFBQE5RU5PUWUVE47JOT5VCMJ2
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NODWHDIFBQE5RU5PUWUVE47JOT5VCMJ2/
32
reference_url https://security.netapp.com/advisory/ntap-20210326-0004/
reference_id ntap-20210326-0004
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/
url https://security.netapp.com/advisory/ntap-20210326-0004/
33
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OAGSWNGZJ6HQ5ISA67SNMK3CJRKICET7/
reference_id OAGSWNGZJ6HQ5ISA67SNMK3CJRKICET7
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OAGSWNGZJ6HQ5ISA67SNMK3CJRKICET7/
34
reference_url https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432%40%3Cannounce.apache.org%3E
reference_id rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432%40%3Cannounce.apache.org%3E
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/
url https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432%40%3Cannounce.apache.org%3E
35
reference_url https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
reference_id rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/
url https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
36
reference_url https://access.redhat.com/errata/RHSA-2021:1633
reference_id RHSA-2021:1633
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1633
37
reference_url https://access.redhat.com/errata/RHSA-2021:3252
reference_id RHSA-2021:3252
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3252
38
reference_url https://access.redhat.com/errata/RHSA-2021:4151
reference_id RHSA-2021:4151
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4151
39
reference_url https://access.redhat.com/errata/RHSA-2021:4162
reference_id RHSA-2021:4162
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4162
40
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RSLQD5CCM75IZGAMBDGUZEATYU5YSGJ7/
reference_id RSLQD5CCM75IZGAMBDGUZEATYU5YSGJ7
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RSLQD5CCM75IZGAMBDGUZEATYU5YSGJ7/
41
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGIY6I4YS3WOXAK4SXKIEOC2G4VZKIR7/
reference_id SGIY6I4YS3WOXAK4SXKIEOC2G4VZKIR7
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGIY6I4YS3WOXAK4SXKIEOC2G4VZKIR7/
42
reference_url https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933
reference_id SNYK-UPSTREAM-PYTHONCPYTHON-1074933
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/
url https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933
43
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFTELUMWZE3KV3JB2H5EE6VFRZFRD5MV/
reference_id TFTELUMWZE3KV3JB2H5EE6VFRZFRD5MV
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFTELUMWZE3KV3JB2H5EE6VFRZFRD5MV/
44
reference_url https://usn.ubuntu.com/4742-1/
reference_id USN-4742-1
reference_type
scores
url https://usn.ubuntu.com/4742-1/
45
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W2LSKBEFI5SYEY5FM6ICZVZM5WRQUCS4/
reference_id W2LSKBEFI5SYEY5FM6ICZVZM5WRQUCS4
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:16:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W2LSKBEFI5SYEY5FM6ICZVZM5WRQUCS4/
fixed_packages
0
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-4kcg-gx5y-cuaw
3
vulnerability VCID-4tyd-97z5-z3ar
4
vulnerability VCID-55xg-pw9n-zkdy
5
vulnerability VCID-5xtt-au84-zbb2
6
vulnerability VCID-9gq3-whr8-s7b8
7
vulnerability VCID-9kvc-1bdz-n3bd
8
vulnerability VCID-abpe-htm1-9ubp
9
vulnerability VCID-bb8b-hq41-s7a6
10
vulnerability VCID-e12b-tw2c-53c9
11
vulnerability VCID-e8j6-mybr-17fh
12
vulnerability VCID-eqsc-axng-ckca
13
vulnerability VCID-fcg9-xypn-ykhf
14
vulnerability VCID-fsaw-3ta1-x3dw
15
vulnerability VCID-fsz5-dkw2-hyap
16
vulnerability VCID-fxuu-kk52-r7ch
17
vulnerability VCID-ga7z-wj4j-63h1
18
vulnerability VCID-hsjn-xnpp-5yeh
19
vulnerability VCID-jgv9-vdbm-sycd
20
vulnerability VCID-jybd-p65h-xffy
21
vulnerability VCID-kxdd-yzp3-r7cb
22
vulnerability VCID-m33h-4p9q-63fb
23
vulnerability VCID-m4am-h2ea-3ffr
24
vulnerability VCID-n2v7-jqjy-37bc
25
vulnerability VCID-pa7y-gpwp-6qgj
26
vulnerability VCID-phkp-9abp-f3dq
27
vulnerability VCID-qgp1-4efd-6yg6
28
vulnerability VCID-qy1a-x3ff-4bc8
29
vulnerability VCID-rqqc-ta7c-ykgx
30
vulnerability VCID-s1rj-1xbw-fbg5
31
vulnerability VCID-shch-yusm-1uck
32
vulnerability VCID-shjc-2j68-2yfy
33
vulnerability VCID-tktt-vg92-6kae
34
vulnerability VCID-tuqc-c251-h7ds
35
vulnerability VCID-ud73-4t2c-n3at
36
vulnerability VCID-vgq9-s6th-yufg
37
vulnerability VCID-w777-44ns-cybg
38
vulnerability VCID-wa3g-27sx-mbcw
39
vulnerability VCID-whgc-pt2s-77ar
40
vulnerability VCID-xcmd-18ck-gqae
41
vulnerability VCID-ynt9-h6ww-h7e9
42
vulnerability VCID-yuda-1mur-8bbq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
aliases CVE-2021-23336
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wnxx-rc7w-cke4
54
url VCID-xcmd-18ck-gqae
vulnerability_id VCID-xcmd-18ck-gqae
summary An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42005.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42005.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-42005
reference_id
reference_type
scores
0
value 0.00328
scoring_system epss
scoring_elements 0.56128
published_at 2026-06-09T12:55:00Z
1
value 0.00328
scoring_system epss
scoring_elements 0.56109
published_at 2026-06-08T12:55:00Z
2
value 0.00328
scoring_system epss
scoring_elements 0.56126
published_at 2026-06-07T12:55:00Z
3
value 0.00328
scoring_system epss
scoring_elements 0.56132
published_at 2026-06-05T12:55:00Z
4
value 0.00328
scoring_system epss
scoring_elements 0.56138
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-42005
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
26
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-16T20:19:17Z/
url https://docs.djangoproject.com/en/dev/releases/security/
27
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
28
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
29
reference_url https://github.com/django/django/commit/32ebcbf2e1fe3e5ba79a6554a167efce81f7422d
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/32ebcbf2e1fe3e5ba79a6554a167efce81f7422d
30
reference_url https://github.com/django/django/commit/f4af67b9b41e0f4c117a8741da3abbd1c869ab28
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/f4af67b9b41e0f4c117a8741da3abbd1c869ab28
31
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-70.yaml
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-70.yaml
32
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-16T20:19:17Z/
url https://groups.google.com/forum/#%21forum/django-announce
33
reference_url https://security.netapp.com/advisory/ntap-20240905-0007
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240905-0007
34
reference_url https://www.djangoproject.com/weblog/2024/aug/06/security-releases
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2024/aug/06/security-releases
35
reference_url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-16T20:19:17Z/
url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
36
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074
reference_id 1078074
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074
37
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2302436
reference_id 2302436
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2302436
38
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-42005
reference_id CVE-2024-42005
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-42005
39
reference_url https://github.com/advisories/GHSA-pv4p-cwwg-4rph
reference_id GHSA-pv4p-cwwg-4rph
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pv4p-cwwg-4rph
40
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
41
reference_url https://access.redhat.com/errata/RHSA-2024:6428
reference_id RHSA-2024:6428
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6428
42
reference_url https://access.redhat.com/errata/RHSA-2024:8906
reference_id RHSA-2024:8906
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8906
43
reference_url https://access.redhat.com/errata/RHSA-2025:1335
reference_id RHSA-2025:1335
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1335
44
reference_url https://usn.ubuntu.com/6946-1/
reference_id USN-6946-1
reference_type
scores
url https://usn.ubuntu.com/6946-1/
fixed_packages
0
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-55xg-pw9n-zkdy
3
vulnerability VCID-9gq3-whr8-s7b8
4
vulnerability VCID-abpe-htm1-9ubp
5
vulnerability VCID-eqsc-axng-ckca
6
vulnerability VCID-fsz5-dkw2-hyap
7
vulnerability VCID-fxuu-kk52-r7ch
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-kxdd-yzp3-r7cb
11
vulnerability VCID-m4am-h2ea-3ffr
12
vulnerability VCID-phkp-9abp-f3dq
13
vulnerability VCID-rqqc-ta7c-ykgx
14
vulnerability VCID-tktt-vg92-6kae
15
vulnerability VCID-tuqc-c251-h7ds
16
vulnerability VCID-w777-44ns-cybg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
aliases BIT-django-2024-42005, CVE-2024-42005, GHSA-pv4p-cwwg-4rph, PYSEC-2024-70
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xcmd-18ck-gqae
55
url VCID-ynt9-h6ww-h7e9
vulnerability_id VCID-ynt9-h6ww-h7e9
summary An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed QuerySet.annotate() or QuerySet.alias().
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-57833.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-57833.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-57833
reference_id
reference_type
scores
0
value 0.00074
scoring_system epss
scoring_elements 0.22415
published_at 2026-06-09T12:55:00Z
1
value 0.00074
scoring_system epss
scoring_elements 0.2251
published_at 2026-06-06T12:55:00Z
2
value 0.00074
scoring_system epss
scoring_elements 0.22411
published_at 2026-06-08T12:55:00Z
3
value 0.00074
scoring_system epss
scoring_elements 0.22461
published_at 2026-06-07T12:55:00Z
4
value 0.00074
scoring_system epss
scoring_elements 0.22523
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-57833
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
26
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-08T17:33:03Z/
url https://docs.djangoproject.com/en/dev/releases/security/
27
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
28
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
29
reference_url https://github.com/django/django/commit/102965ea93072fe3c39a30be437c683ec1106ef5
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/102965ea93072fe3c39a30be437c683ec1106ef5
30
reference_url https://github.com/django/django/commit/31334e6965ad136a5e369993b01721499c5d1a92
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/31334e6965ad136a5e369993b01721499c5d1a92
31
reference_url https://github.com/django/django/commit/4c044fcc866ec226f612c475950b690b0139d243
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/4c044fcc866ec226f612c475950b690b0139d243
32
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-105.yaml
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-105.yaml
33
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-08T17:33:03Z/
url https://groups.google.com/g/django-announce
34
reference_url https://lists.debian.org/debian-lts-announce/2025/09/msg00017.html
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/09/msg00017.html
35
reference_url https://medium.com/@EyalSec/django-unauthenticated-0-click-rce-and-sql-injection-using-default-configuration-059964f3f898
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-08T17:33:03Z/
url https://medium.com/@EyalSec/django-unauthenticated-0-click-rce-and-sql-injection-using-default-configuration-059964f3f898
36
reference_url https://www.djangoproject.com/weblog/2025/sep/03/security-releases
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2025/sep/03/security-releases
37
reference_url https://www.djangoproject.com/weblog/2025/sep/03/security-releases/
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-08T17:33:03Z/
url https://www.djangoproject.com/weblog/2025/sep/03/security-releases/
38
reference_url http://www.openwall.com/lists/oss-security/2025/09/03/3
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/09/03/3
39
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1113865
reference_id 1113865
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1113865
40
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2392990
reference_id 2392990
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2392990
41
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-57833
reference_id CVE-2025-57833
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-57833
42
reference_url https://github.com/advisories/GHSA-6w2r-r2m5-xq5w
reference_id GHSA-6w2r-r2m5-xq5w
reference_type
scores
url https://github.com/advisories/GHSA-6w2r-r2m5-xq5w
43
reference_url https://access.redhat.com/errata/RHSA-2025:16403
reference_id RHSA-2025:16403
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:16403
44
reference_url https://access.redhat.com/errata/RHSA-2025:16404
reference_id RHSA-2025:16404
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:16404
45
reference_url https://access.redhat.com/errata/RHSA-2025:16487
reference_id RHSA-2025:16487
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:16487
46
reference_url https://access.redhat.com/errata/RHSA-2025:16514
reference_id RHSA-2025:16514
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:16514
47
reference_url https://access.redhat.com/errata/RHSA-2025:17498
reference_id RHSA-2025:17498
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:17498
48
reference_url https://access.redhat.com/errata/RHSA-2025:17499
reference_id RHSA-2025:17499
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:17499
49
reference_url https://access.redhat.com/errata/RHSA-2025:17500
reference_id RHSA-2025:17500
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:17500
50
reference_url https://access.redhat.com/errata/RHSA-2025:17606
reference_id RHSA-2025:17606
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:17606
51
reference_url https://access.redhat.com/errata/RHSA-2025:17613
reference_id RHSA-2025:17613
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:17613
52
reference_url https://access.redhat.com/errata/RHSA-2025:17614
reference_id RHSA-2025:17614
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:17614
53
reference_url https://usn.ubuntu.com/7736-1/
reference_id USN-7736-1
reference_type
scores
url https://usn.ubuntu.com/7736-1/
fixed_packages
0
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-55xg-pw9n-zkdy
3
vulnerability VCID-9gq3-whr8-s7b8
4
vulnerability VCID-abpe-htm1-9ubp
5
vulnerability VCID-eqsc-axng-ckca
6
vulnerability VCID-fsz5-dkw2-hyap
7
vulnerability VCID-fxuu-kk52-r7ch
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-kxdd-yzp3-r7cb
11
vulnerability VCID-m4am-h2ea-3ffr
12
vulnerability VCID-phkp-9abp-f3dq
13
vulnerability VCID-rqqc-ta7c-ykgx
14
vulnerability VCID-tktt-vg92-6kae
15
vulnerability VCID-tuqc-c251-h7ds
16
vulnerability VCID-w777-44ns-cybg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
aliases BIT-django-2025-57833, CVE-2025-57833, GHSA-6w2r-r2m5-xq5w, PYSEC-2025-105
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ynt9-h6ww-h7e9
56
url VCID-yreb-z7nz-jkbs
vulnerability_id VCID-yreb-z7nz-jkbs
summary An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of "OR 1=1" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14234.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14234.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14234
reference_id
reference_type
scores
0
value 0.29723
scoring_system epss
scoring_elements 0.96729
published_at 2026-06-08T12:55:00Z
1
value 0.29723
scoring_system epss
scoring_elements 0.9673
published_at 2026-06-07T12:55:00Z
2
value 0.29723
scoring_system epss
scoring_elements 0.96725
published_at 2026-06-05T12:55:00Z
3
value 0.29723
scoring_system epss
scoring_elements 0.96721
published_at 2026-06-04T12:55:00Z
4
value 0.29723
scoring_system epss
scoring_elements 0.96734
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14234
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14233
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14233
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14234
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14234
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14235
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14235
7
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
8
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
9
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
10
reference_url https://github.com/advisories/GHSA-6r97-cj55-9hrq
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-6r97-cj55-9hrq
11
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
12
reference_url https://github.com/django/django/commit/4f5b58f5cd3c57fee9972ab074f8dc6895d8f387
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/4f5b58f5cd3c57fee9972ab074f8dc6895d8f387
13
reference_url https://github.com/django/django/commit/ed682a24fca774818542757651bfba576c3fc3ef
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/ed682a24fca774818542757651bfba576c3fc3ef
14
reference_url https://github.com/django/django/commit/f74b3ae3628c26e1b4f8db3d13a91d52a833a975
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/f74b3ae3628c26e1b4f8db3d13a91d52a833a975
15
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-13.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-13.yaml
16
reference_url https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
19
reference_url https://seclists.org/bugtraq/2019/Aug/15
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Aug/15
20
reference_url https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202004-17
21
reference_url https://security.netapp.com/advisory/ntap-20190828-0002
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190828-0002
22
reference_url https://security.netapp.com/advisory/ntap-20190828-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190828-0002/
23
reference_url https://www.debian.org/security/2019/dsa-4498
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4498
24
reference_url https://www.djangoproject.com/weblog/2019/aug/01/security-releases
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2019/aug/01/security-releases
25
reference_url https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
26
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1734417
reference_id 1734417
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1734417
27
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934026
reference_id 934026
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934026
28
reference_url https://security.archlinux.org/ASA-201908-2
reference_id ASA-201908-2
reference_type
scores
url https://security.archlinux.org/ASA-201908-2
29
reference_url https://security.archlinux.org/AVG-1015
reference_id AVG-1015
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1015
30
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14234
reference_id CVE-2019-14234
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-14234
31
reference_url https://access.redhat.com/errata/RHSA-2020:1324
reference_id RHSA-2020:1324
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1324
32
reference_url https://access.redhat.com/errata/RHSA-2020:4390
reference_id RHSA-2020:4390
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4390
33
reference_url https://usn.ubuntu.com/4084-1/
reference_id USN-4084-1
reference_type
scores
url https://usn.ubuntu.com/4084-1/
fixed_packages
0
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-4kcg-gx5y-cuaw
3
vulnerability VCID-4tyd-97z5-z3ar
4
vulnerability VCID-55xg-pw9n-zkdy
5
vulnerability VCID-5xtt-au84-zbb2
6
vulnerability VCID-9gq3-whr8-s7b8
7
vulnerability VCID-9kvc-1bdz-n3bd
8
vulnerability VCID-abpe-htm1-9ubp
9
vulnerability VCID-bb8b-hq41-s7a6
10
vulnerability VCID-e12b-tw2c-53c9
11
vulnerability VCID-e8j6-mybr-17fh
12
vulnerability VCID-eqsc-axng-ckca
13
vulnerability VCID-fcg9-xypn-ykhf
14
vulnerability VCID-fsaw-3ta1-x3dw
15
vulnerability VCID-fsz5-dkw2-hyap
16
vulnerability VCID-fxuu-kk52-r7ch
17
vulnerability VCID-ga7z-wj4j-63h1
18
vulnerability VCID-hsjn-xnpp-5yeh
19
vulnerability VCID-jgv9-vdbm-sycd
20
vulnerability VCID-jybd-p65h-xffy
21
vulnerability VCID-kxdd-yzp3-r7cb
22
vulnerability VCID-m33h-4p9q-63fb
23
vulnerability VCID-m4am-h2ea-3ffr
24
vulnerability VCID-n2v7-jqjy-37bc
25
vulnerability VCID-pa7y-gpwp-6qgj
26
vulnerability VCID-phkp-9abp-f3dq
27
vulnerability VCID-qgp1-4efd-6yg6
28
vulnerability VCID-qy1a-x3ff-4bc8
29
vulnerability VCID-rqqc-ta7c-ykgx
30
vulnerability VCID-s1rj-1xbw-fbg5
31
vulnerability VCID-shch-yusm-1uck
32
vulnerability VCID-shjc-2j68-2yfy
33
vulnerability VCID-tktt-vg92-6kae
34
vulnerability VCID-tuqc-c251-h7ds
35
vulnerability VCID-ud73-4t2c-n3at
36
vulnerability VCID-vgq9-s6th-yufg
37
vulnerability VCID-w777-44ns-cybg
38
vulnerability VCID-wa3g-27sx-mbcw
39
vulnerability VCID-whgc-pt2s-77ar
40
vulnerability VCID-xcmd-18ck-gqae
41
vulnerability VCID-ynt9-h6ww-h7e9
42
vulnerability VCID-yuda-1mur-8bbq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
aliases CVE-2019-14234, GHSA-6r97-cj55-9hrq, PYSEC-2019-13
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yreb-z7nz-jkbs
57
url VCID-yuda-1mur-8bbq
vulnerability_id VCID-yuda-1mur-8bbq
summary An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24680.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24680.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-24680
reference_id
reference_type
scores
0
value 0.01394
scoring_system epss
scoring_elements 0.8076
published_at 2026-06-09T12:55:00Z
1
value 0.01394
scoring_system epss
scoring_elements 0.80741
published_at 2026-06-08T12:55:00Z
2
value 0.01394
scoring_system epss
scoring_elements 0.80744
published_at 2026-06-07T12:55:00Z
3
value 0.01394
scoring_system epss
scoring_elements 0.80748
published_at 2026-06-06T12:55:00Z
4
value 0.01394
scoring_system epss
scoring_elements 0.80746
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-24680
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/5.0/releases/security
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/5.0/releases/security
26
reference_url https://docs.djangoproject.com/en/5.0/releases/security/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:36Z/
url https://docs.djangoproject.com/en/5.0/releases/security/
27
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
28
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
29
reference_url https://github.com/django/django/commit/16a8fe18a3b81250f4fa57e3f93f0599dc4895bc
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/16a8fe18a3b81250f4fa57e3f93f0599dc4895bc
30
reference_url https://github.com/django/django/commit/55519d6cf8998fe4c8f5c8abffc2b10a7c3d14e9
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/55519d6cf8998fe4c8f5c8abffc2b10a7c3d14e9
31
reference_url https://github.com/django/django/commit/572ea07e84b38ea8de0551f4b4eda685d91d09d2
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/572ea07e84b38ea8de0551f4b4eda685d91d09d2
32
reference_url https://github.com/django/django/commit/c1171ffbd570db90ca206c30f8e2b9f691243820
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/c1171ffbd570db90ca206c30f8e2b9f691243820
33
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-28.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-28.yaml
34
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:36Z/
url https://groups.google.com/forum/#%21forum/django-announce
35
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
36
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
37
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
38
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
39
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
40
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
41
reference_url https://www.djangoproject.com/weblog/2024/feb/06/security-releases
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2024/feb/06/security-releases
42
reference_url https://www.djangoproject.com/weblog/2024/feb/06/security-releases/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:36Z/
url https://www.djangoproject.com/weblog/2024/feb/06/security-releases/
43
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2261856
reference_id 2261856
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2261856
44
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-24680
reference_id CVE-2024-24680
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-24680
45
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX/
reference_id D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:36Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX/
46
reference_url https://github.com/advisories/GHSA-xxj9-f6rv-m3x4
reference_id GHSA-xxj9-f6rv-m3x4
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xxj9-f6rv-m3x4
47
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
48
reference_url https://access.redhat.com/errata/RHSA-2024:1057
reference_id RHSA-2024:1057
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1057
49
reference_url https://access.redhat.com/errata/RHSA-2024:1878
reference_id RHSA-2024:1878
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1878
50
reference_url https://access.redhat.com/errata/RHSA-2024:2731
reference_id RHSA-2024:2731
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2731
51
reference_url https://access.redhat.com/errata/RHSA-2024:5662
reference_id RHSA-2024:5662
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5662
52
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6/
reference_id SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:36Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6/
53
reference_url https://usn.ubuntu.com/6623-1/
reference_id USN-6623-1
reference_type
scores
url https://usn.ubuntu.com/6623-1/
54
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/
reference_id ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:36Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/
fixed_packages
0
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-55xg-pw9n-zkdy
3
vulnerability VCID-9gq3-whr8-s7b8
4
vulnerability VCID-abpe-htm1-9ubp
5
vulnerability VCID-eqsc-axng-ckca
6
vulnerability VCID-fsz5-dkw2-hyap
7
vulnerability VCID-fxuu-kk52-r7ch
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-kxdd-yzp3-r7cb
11
vulnerability VCID-m4am-h2ea-3ffr
12
vulnerability VCID-phkp-9abp-f3dq
13
vulnerability VCID-rqqc-ta7c-ykgx
14
vulnerability VCID-tktt-vg92-6kae
15
vulnerability VCID-tuqc-c251-h7ds
16
vulnerability VCID-w777-44ns-cybg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
aliases BIT-django-2024-24680, CVE-2024-24680, GHSA-xxj9-f6rv-m3x4, PYSEC-2024-28
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yuda-1mur-8bbq
58
url VCID-z4x1-e7tp-rqhz
vulnerability_id VCID-z4x1-e7tp-rqhz
summary multiple issues
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33571.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33571.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-33571
reference_id
reference_type
scores
0
value 0.00015
scoring_system epss
scoring_elements 0.03132
published_at 2026-06-04T12:55:00Z
1
value 0.00015
scoring_system epss
scoring_elements 0.03144
published_at 2026-06-05T12:55:00Z
2
value 0.00015
scoring_system epss
scoring_elements 0.03154
published_at 2026-06-06T12:55:00Z
3
value 0.00015
scoring_system epss
scoring_elements 0.03047
published_at 2026-06-09T12:55:00Z
4
value 0.00015
scoring_system epss
scoring_elements 0.03082
published_at 2026-06-08T12:55:00Z
5
value 0.00015
scoring_system epss
scoring_elements 0.03101
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-33571
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33571
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33571
3
reference_url https://docs.djangoproject.com/en/3.2/releases/security
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/3.2/releases/security
4
reference_url https://docs.djangoproject.com/en/3.2/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/3.2/releases/security/
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-p99v-5w3c-jqq9
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-p99v-5w3c-jqq9
7
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
8
reference_url https://github.com/django/django/commit/203d4ab9ebcd72fc4d6eb7398e66ed9e474e118e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/203d4ab9ebcd72fc4d6eb7398e66ed9e474e118e
9
reference_url https://github.com/django/django/commit/9f75e2e562fa0c0482f3dde6fc7399a9070b4a3d
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/9f75e2e562fa0c0482f3dde6fc7399a9070b4a3d
10
reference_url https://github.com/django/django/commit/f27c38ab5d90f68c9dd60cabef248a570c0be8fc
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/f27c38ab5d90f68c9dd60cabef248a570c0be8fc
11
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-99.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-99.yaml
12
reference_url https://groups.google.com/g/django-announce/c/sPyjSKMi8Eo
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/django-announce/c/sPyjSKMi8Eo
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
15
reference_url https://security.netapp.com/advisory/ntap-20210727-0004
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210727-0004
16
reference_url https://www.djangoproject.com/weblog/2021/jun/02/security-releases
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2021/jun/02/security-releases
17
reference_url https://www.djangoproject.com/weblog/2021/jun/02/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2021/jun/02/security-releases/
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1966253
reference_id 1966253
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1966253
19
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989394
reference_id 989394
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989394
20
reference_url https://security.archlinux.org/ASA-202106-41
reference_id ASA-202106-41
reference_type
scores
url https://security.archlinux.org/ASA-202106-41
21
reference_url https://security.archlinux.org/AVG-2026
reference_id AVG-2026
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2026
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-33571
reference_id CVE-2021-33571
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-33571
23
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
24
reference_url https://access.redhat.com/errata/RHSA-2021:3490
reference_id RHSA-2021:3490
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3490
25
reference_url https://access.redhat.com/errata/RHSA-2021:4702
reference_id RHSA-2021:4702
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4702
26
reference_url https://access.redhat.com/errata/RHSA-2021:5070
reference_id RHSA-2021:5070
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5070
27
reference_url https://usn.ubuntu.com/4975-1/
reference_id USN-4975-1
reference_type
scores
url https://usn.ubuntu.com/4975-1/
fixed_packages
0
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-4kcg-gx5y-cuaw
3
vulnerability VCID-4tyd-97z5-z3ar
4
vulnerability VCID-55xg-pw9n-zkdy
5
vulnerability VCID-5xtt-au84-zbb2
6
vulnerability VCID-9gq3-whr8-s7b8
7
vulnerability VCID-9kvc-1bdz-n3bd
8
vulnerability VCID-abpe-htm1-9ubp
9
vulnerability VCID-bb8b-hq41-s7a6
10
vulnerability VCID-e12b-tw2c-53c9
11
vulnerability VCID-e8j6-mybr-17fh
12
vulnerability VCID-eqsc-axng-ckca
13
vulnerability VCID-fcg9-xypn-ykhf
14
vulnerability VCID-fsaw-3ta1-x3dw
15
vulnerability VCID-fsz5-dkw2-hyap
16
vulnerability VCID-fxuu-kk52-r7ch
17
vulnerability VCID-ga7z-wj4j-63h1
18
vulnerability VCID-hsjn-xnpp-5yeh
19
vulnerability VCID-jgv9-vdbm-sycd
20
vulnerability VCID-jybd-p65h-xffy
21
vulnerability VCID-kxdd-yzp3-r7cb
22
vulnerability VCID-m33h-4p9q-63fb
23
vulnerability VCID-m4am-h2ea-3ffr
24
vulnerability VCID-n2v7-jqjy-37bc
25
vulnerability VCID-pa7y-gpwp-6qgj
26
vulnerability VCID-phkp-9abp-f3dq
27
vulnerability VCID-qgp1-4efd-6yg6
28
vulnerability VCID-qy1a-x3ff-4bc8
29
vulnerability VCID-rqqc-ta7c-ykgx
30
vulnerability VCID-s1rj-1xbw-fbg5
31
vulnerability VCID-shch-yusm-1uck
32
vulnerability VCID-shjc-2j68-2yfy
33
vulnerability VCID-tktt-vg92-6kae
34
vulnerability VCID-tuqc-c251-h7ds
35
vulnerability VCID-ud73-4t2c-n3at
36
vulnerability VCID-vgq9-s6th-yufg
37
vulnerability VCID-w777-44ns-cybg
38
vulnerability VCID-wa3g-27sx-mbcw
39
vulnerability VCID-whgc-pt2s-77ar
40
vulnerability VCID-xcmd-18ck-gqae
41
vulnerability VCID-ynt9-h6ww-h7e9
42
vulnerability VCID-yuda-1mur-8bbq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
aliases BIT-django-2021-33571, CVE-2021-33571, GHSA-p99v-5w3c-jqq9, PYSEC-2021-99
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z4x1-e7tp-rqhz
59
url VCID-z6tf-z1y9-cydq
vulnerability_id VCID-z6tf-z1y9-cydq
summary In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31047.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31047.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-31047
reference_id
reference_type
scores
0
value 0.0016
scoring_system epss
scoring_elements 0.36673
published_at 2026-06-05T12:55:00Z
1
value 0.0016
scoring_system epss
scoring_elements 0.36645
published_at 2026-06-07T12:55:00Z
2
value 0.0016
scoring_system epss
scoring_elements 0.36681
published_at 2026-06-06T12:55:00Z
3
value 0.0016
scoring_system epss
scoring_elements 0.36618
published_at 2026-06-09T12:55:00Z
4
value 0.0016
scoring_system epss
scoring_elements 0.36608
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-31047
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31047
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31047
3
reference_url https://docs.djangoproject.com/en/4.2/releases/security
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/4.2/releases/security
4
reference_url https://docs.djangoproject.com/en/4.2/releases/security/
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-29T15:49:48Z/
url https://docs.djangoproject.com/en/4.2/releases/security/
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
7
reference_url https://github.com/django/django/commit/21b1b1fc03e5f9e9f8c977ee6e35618dd3b353dd
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/21b1b1fc03e5f9e9f8c977ee6e35618dd3b353dd
8
reference_url https://github.com/django/django/commit/e7c3a2ccc3a562328600be05068ed9149e12ce64
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/e7c3a2ccc3a562328600be05068ed9149e12ce64
9
reference_url https://github.com/django/django/commit/eed53d0011622e70b936e203005f0e6f4ac48965
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/eed53d0011622e70b936e203005f0e6f4ac48965
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-61.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-61.yaml
11
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!forum/django-announce
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW/
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNEHD6N435OE2XUFGDAAVAXSYWLCUBFD
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNEHD6N435OE2XUFGDAAVAXSYWLCUBFD
15
reference_url https://security.netapp.com/advisory/ntap-20230609-0008
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230609-0008
16
reference_url https://www.djangoproject.com/weblog/2023/may/03/security-releases
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2023/may/03/security-releases
17
reference_url https://www.djangoproject.com/weblog/2023/may/03/security-releases/
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-29T15:49:48Z/
url https://www.djangoproject.com/weblog/2023/may/03/security-releases/
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035467
reference_id 1035467
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035467
19
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2192565
reference_id 2192565
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2192565
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW/
reference_id A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-29T15:49:48Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW/
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-31047
reference_id CVE-2023-31047
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-31047
22
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DNEHD6N435OE2XUFGDAAVAXSYWLCUBFD/
reference_id DNEHD6N435OE2XUFGDAAVAXSYWLCUBFD
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-29T15:49:48Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DNEHD6N435OE2XUFGDAAVAXSYWLCUBFD/
23
reference_url https://github.com/advisories/GHSA-r3xc-prgr-mg9p
reference_id GHSA-r3xc-prgr-mg9p
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r3xc-prgr-mg9p
24
reference_url https://security.netapp.com/advisory/ntap-20230609-0008/
reference_id ntap-20230609-0008
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-29T15:49:48Z/
url https://security.netapp.com/advisory/ntap-20230609-0008/
25
reference_url https://access.redhat.com/errata/RHSA-2023:4591
reference_id RHSA-2023:4591
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4591
26
reference_url https://access.redhat.com/errata/RHSA-2023:5931
reference_id RHSA-2023:5931
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5931
27
reference_url https://access.redhat.com/errata/RHSA-2023:6818
reference_id RHSA-2023:6818
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6818
28
reference_url https://usn.ubuntu.com/6054-1/
reference_id USN-6054-1
reference_type
scores
url https://usn.ubuntu.com/6054-1/
29
reference_url https://usn.ubuntu.com/6054-2/
reference_id USN-6054-2
reference_type
scores
url https://usn.ubuntu.com/6054-2/
fixed_packages
0
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-4kcg-gx5y-cuaw
3
vulnerability VCID-4tyd-97z5-z3ar
4
vulnerability VCID-55xg-pw9n-zkdy
5
vulnerability VCID-5xtt-au84-zbb2
6
vulnerability VCID-9gq3-whr8-s7b8
7
vulnerability VCID-9kvc-1bdz-n3bd
8
vulnerability VCID-abpe-htm1-9ubp
9
vulnerability VCID-bb8b-hq41-s7a6
10
vulnerability VCID-e12b-tw2c-53c9
11
vulnerability VCID-e8j6-mybr-17fh
12
vulnerability VCID-eqsc-axng-ckca
13
vulnerability VCID-fcg9-xypn-ykhf
14
vulnerability VCID-fsaw-3ta1-x3dw
15
vulnerability VCID-fsz5-dkw2-hyap
16
vulnerability VCID-fxuu-kk52-r7ch
17
vulnerability VCID-ga7z-wj4j-63h1
18
vulnerability VCID-hsjn-xnpp-5yeh
19
vulnerability VCID-jgv9-vdbm-sycd
20
vulnerability VCID-jybd-p65h-xffy
21
vulnerability VCID-kxdd-yzp3-r7cb
22
vulnerability VCID-m33h-4p9q-63fb
23
vulnerability VCID-m4am-h2ea-3ffr
24
vulnerability VCID-n2v7-jqjy-37bc
25
vulnerability VCID-pa7y-gpwp-6qgj
26
vulnerability VCID-phkp-9abp-f3dq
27
vulnerability VCID-qgp1-4efd-6yg6
28
vulnerability VCID-qy1a-x3ff-4bc8
29
vulnerability VCID-rqqc-ta7c-ykgx
30
vulnerability VCID-s1rj-1xbw-fbg5
31
vulnerability VCID-shch-yusm-1uck
32
vulnerability VCID-shjc-2j68-2yfy
33
vulnerability VCID-tktt-vg92-6kae
34
vulnerability VCID-tuqc-c251-h7ds
35
vulnerability VCID-ud73-4t2c-n3at
36
vulnerability VCID-vgq9-s6th-yufg
37
vulnerability VCID-w777-44ns-cybg
38
vulnerability VCID-wa3g-27sx-mbcw
39
vulnerability VCID-whgc-pt2s-77ar
40
vulnerability VCID-xcmd-18ck-gqae
41
vulnerability VCID-ynt9-h6ww-h7e9
42
vulnerability VCID-yuda-1mur-8bbq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
aliases BIT-django-2023-31047, CVE-2023-31047, GHSA-r3xc-prgr-mg9p, PYSEC-2023-61
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z6tf-z1y9-cydq
Fixing_vulnerabilities
0
url VCID-322v-ntsv-7uge
vulnerability_id VCID-322v-ntsv-7uge
summary django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:0265
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0265
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14574.json
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14574.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-14574
reference_id
reference_type
scores
0
value 0.0748
scoring_system epss
scoring_elements 0.9192
published_at 2026-06-04T12:55:00Z
1
value 0.0748
scoring_system epss
scoring_elements 0.91945
published_at 2026-06-09T12:55:00Z
2
value 0.0748
scoring_system epss
scoring_elements 0.91931
published_at 2026-06-08T12:55:00Z
3
value 0.0748
scoring_system epss
scoring_elements 0.91934
published_at 2026-06-06T12:55:00Z
4
value 0.0748
scoring_system epss
scoring_elements 0.91932
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-14574
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14574
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14574
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/advisories/GHSA-5hg3-6c2f-f3wr
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-5hg3-6c2f-f3wr
6
reference_url https://github.com/django/django/commit/6fffc3c6d420e44f4029d5643f38d00a39b08525
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/6fffc3c6d420e44f4029d5643f38d00a39b08525
7
reference_url https://github.com/django/django/commit/c4e5ff7fdb5fce447675e90291fd33fddd052b3c
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/c4e5ff7fdb5fce447675e90291fd33fddd052b3c
8
reference_url https://github.com/django/django/commit/d6eaee092709aad477a9894598496c6deec532ff
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/d6eaee092709aad477a9894598496c6deec532ff
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-2.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-2.yaml
10
reference_url https://usn.ubuntu.com/3726-1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3726-1
11
reference_url https://usn.ubuntu.com/3726-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3726-1/
12
reference_url https://web.archive.org/web/20190901075632/http://www.securitytracker.com/id/1041403
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20190901075632/http://www.securitytracker.com/id/1041403
13
reference_url https://web.archive.org/web/20200227115315/http://www.securityfocus.com/bid/104970
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200227115315/http://www.securityfocus.com/bid/104970
14
reference_url https://www.debian.org/security/2018/dsa-4264
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2018/dsa-4264
15
reference_url https://www.djangoproject.com/weblog/2018/aug/01/security-releases
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2018/aug/01/security-releases
16
reference_url https://www.djangoproject.com/weblog/2018/aug/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2018/aug/01/security-releases/
17
reference_url http://www.securityfocus.com/bid/104970
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/104970
18
reference_url http://www.securitytracker.com/id/1041403
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1041403
19
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1609031
reference_id 1609031
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1609031
20
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905216
reference_id 905216
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905216
21
reference_url https://security.archlinux.org/ASA-201808-1
reference_id ASA-201808-1
reference_type
scores
url https://security.archlinux.org/ASA-201808-1
22
reference_url https://security.archlinux.org/AVG-743
reference_id AVG-743
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-743
23
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-14574
reference_id CVE-2018-14574
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-14574
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-322v-ntsv-7uge
3
vulnerability VCID-3mfy-uj9u-d7de
4
vulnerability VCID-4cp2-k4mn-8ffj
5
vulnerability VCID-4kcg-gx5y-cuaw
6
vulnerability VCID-4tyd-97z5-z3ar
7
vulnerability VCID-4z4e-8ttu-tyd6
8
vulnerability VCID-51tx-4tp9-kbcz
9
vulnerability VCID-5q58-pzt4-8uey
10
vulnerability VCID-5xtt-au84-zbb2
11
vulnerability VCID-6jpg-yrf8-cufy
12
vulnerability VCID-7c5n-nzwk-v7bz
13
vulnerability VCID-9end-mq19-rke5
14
vulnerability VCID-9kvc-1bdz-n3bd
15
vulnerability VCID-9mpt-zxaw-kkeg
16
vulnerability VCID-attf-6gj8-ebaj
17
vulnerability VCID-au8h-vj9k-pufv
18
vulnerability VCID-bb8b-hq41-s7a6
19
vulnerability VCID-c3m7-fu62-2qd9
20
vulnerability VCID-c58g-7jpv-t7hc
21
vulnerability VCID-drwp-htkk-bkfh
22
vulnerability VCID-e12b-tw2c-53c9
23
vulnerability VCID-e8j6-mybr-17fh
24
vulnerability VCID-f1br-hvnm-wfdg
25
vulnerability VCID-f4a7-tcz5-byfj
26
vulnerability VCID-fcg9-xypn-ykhf
27
vulnerability VCID-fhp8-tck4-mye4
28
vulnerability VCID-fksk-pr23-2yd8
29
vulnerability VCID-fsaw-3ta1-x3dw
30
vulnerability VCID-g44a-m54u-97cr
31
vulnerability VCID-gfar-wbzc-3ubr
32
vulnerability VCID-hh9b-52xn-z7a9
33
vulnerability VCID-hpj4-a9fa-4bca
34
vulnerability VCID-j81e-su1y-tqa6
35
vulnerability VCID-jgv9-vdbm-sycd
36
vulnerability VCID-jybd-p65h-xffy
37
vulnerability VCID-kbab-v2gz-dfe6
38
vulnerability VCID-m1dr-sjmw-jfd2
39
vulnerability VCID-m33h-4p9q-63fb
40
vulnerability VCID-m4wa-xv9b-q7ce
41
vulnerability VCID-n2v7-jqjy-37bc
42
vulnerability VCID-n9vn-4uxr-hkau
43
vulnerability VCID-na9w-xkvx-cbhd
44
vulnerability VCID-nss9-1yrb-x7f2
45
vulnerability VCID-pa7y-gpwp-6qgj
46
vulnerability VCID-pgtx-cdua-kfb4
47
vulnerability VCID-q8r2-m9s6-rbek
48
vulnerability VCID-qgp1-4efd-6yg6
49
vulnerability VCID-qvfs-2v1h-p3h4
50
vulnerability VCID-qy1a-x3ff-4bc8
51
vulnerability VCID-s1rj-1xbw-fbg5
52
vulnerability VCID-shch-yusm-1uck
53
vulnerability VCID-shjc-2j68-2yfy
54
vulnerability VCID-t952-ghnf-jkby
55
vulnerability VCID-u9q1-63gf-7feh
56
vulnerability VCID-ud73-4t2c-n3at
57
vulnerability VCID-vdpf-jddk-syda
58
vulnerability VCID-vgq9-s6th-yufg
59
vulnerability VCID-wa3g-27sx-mbcw
60
vulnerability VCID-wch3-d92x-sudf
61
vulnerability VCID-whgc-pt2s-77ar
62
vulnerability VCID-wnxx-rc7w-cke4
63
vulnerability VCID-x61x-6b6k-h3bn
64
vulnerability VCID-xcmd-18ck-gqae
65
vulnerability VCID-ynt9-h6ww-h7e9
66
vulnerability VCID-yreb-z7nz-jkbs
67
vulnerability VCID-yuda-1mur-8bbq
68
vulnerability VCID-z4x1-e7tp-rqhz
69
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4cp2-k4mn-8ffj
3
vulnerability VCID-4kcg-gx5y-cuaw
4
vulnerability VCID-4tyd-97z5-z3ar
5
vulnerability VCID-4z4e-8ttu-tyd6
6
vulnerability VCID-51tx-4tp9-kbcz
7
vulnerability VCID-5q58-pzt4-8uey
8
vulnerability VCID-5xtt-au84-zbb2
9
vulnerability VCID-6jpg-yrf8-cufy
10
vulnerability VCID-9end-mq19-rke5
11
vulnerability VCID-9kvc-1bdz-n3bd
12
vulnerability VCID-9mpt-zxaw-kkeg
13
vulnerability VCID-attf-6gj8-ebaj
14
vulnerability VCID-au8h-vj9k-pufv
15
vulnerability VCID-bb8b-hq41-s7a6
16
vulnerability VCID-c3m7-fu62-2qd9
17
vulnerability VCID-drwp-htkk-bkfh
18
vulnerability VCID-e12b-tw2c-53c9
19
vulnerability VCID-e8j6-mybr-17fh
20
vulnerability VCID-f4a7-tcz5-byfj
21
vulnerability VCID-fcg9-xypn-ykhf
22
vulnerability VCID-fhp8-tck4-mye4
23
vulnerability VCID-fksk-pr23-2yd8
24
vulnerability VCID-fsaw-3ta1-x3dw
25
vulnerability VCID-g44a-m54u-97cr
26
vulnerability VCID-gfar-wbzc-3ubr
27
vulnerability VCID-hh9b-52xn-z7a9
28
vulnerability VCID-j81e-su1y-tqa6
29
vulnerability VCID-jgv9-vdbm-sycd
30
vulnerability VCID-jybd-p65h-xffy
31
vulnerability VCID-m1dr-sjmw-jfd2
32
vulnerability VCID-m33h-4p9q-63fb
33
vulnerability VCID-m4wa-xv9b-q7ce
34
vulnerability VCID-n2v7-jqjy-37bc
35
vulnerability VCID-n9vn-4uxr-hkau
36
vulnerability VCID-na9w-xkvx-cbhd
37
vulnerability VCID-nss9-1yrb-x7f2
38
vulnerability VCID-pa7y-gpwp-6qgj
39
vulnerability VCID-pgtx-cdua-kfb4
40
vulnerability VCID-q8r2-m9s6-rbek
41
vulnerability VCID-qgp1-4efd-6yg6
42
vulnerability VCID-qvfs-2v1h-p3h4
43
vulnerability VCID-qy1a-x3ff-4bc8
44
vulnerability VCID-s1rj-1xbw-fbg5
45
vulnerability VCID-shch-yusm-1uck
46
vulnerability VCID-shjc-2j68-2yfy
47
vulnerability VCID-u9q1-63gf-7feh
48
vulnerability VCID-ud73-4t2c-n3at
49
vulnerability VCID-vdpf-jddk-syda
50
vulnerability VCID-vgq9-s6th-yufg
51
vulnerability VCID-wa3g-27sx-mbcw
52
vulnerability VCID-whgc-pt2s-77ar
53
vulnerability VCID-wnxx-rc7w-cke4
54
vulnerability VCID-xcmd-18ck-gqae
55
vulnerability VCID-ynt9-h6ww-h7e9
56
vulnerability VCID-yreb-z7nz-jkbs
57
vulnerability VCID-yuda-1mur-8bbq
58
vulnerability VCID-z4x1-e7tp-rqhz
59
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
aliases CVE-2018-14574, GHSA-5hg3-6c2f-f3wr, PYSEC-2018-2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-322v-ntsv-7uge
1
url VCID-3mfy-uj9u-d7de
vulnerability_id VCID-3mfy-uj9u-d7de
summary silent downgrade
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12781.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12781.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12781
reference_id
reference_type
scores
0
value 0.04217
scoring_system epss
scoring_elements 0.88977
published_at 2026-06-09T12:55:00Z
1
value 0.04217
scoring_system epss
scoring_elements 0.88962
published_at 2026-06-06T12:55:00Z
2
value 0.04217
scoring_system epss
scoring_elements 0.88961
published_at 2026-06-08T12:55:00Z
3
value 0.04217
scoring_system epss
scoring_elements 0.88944
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12781
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12308
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12308
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12781
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12781
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6975
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6975
7
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
8
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
9
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
10
reference_url https://github.com/advisories/GHSA-6c7v-2f49-8h26
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-6c7v-2f49-8h26
11
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
12
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-10.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-10.yaml
13
reference_url https://groups.google.com/forum/#!topic/django-announce/Is4kLY9ZcZQ
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/django-announce/Is4kLY9ZcZQ
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5VXXWIOQGXOB7JCGJ3CVUW673LDHKEYL
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5VXXWIOQGXOB7JCGJ3CVUW673LDHKEYL
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5VXXWIOQGXOB7JCGJ3CVUW673LDHKEYL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5VXXWIOQGXOB7JCGJ3CVUW673LDHKEYL/
16
reference_url https://seclists.org/bugtraq/2019/Jul/10
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Jul/10
17
reference_url https://security.netapp.com/advisory/ntap-20190705-0002
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190705-0002
18
reference_url https://security.netapp.com/advisory/ntap-20190705-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190705-0002/
19
reference_url https://usn.ubuntu.com/4043-1
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4043-1
20
reference_url https://usn.ubuntu.com/4043-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4043-1/
21
reference_url https://www.debian.org/security/2019/dsa-4476
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4476
22
reference_url https://www.djangoproject.com/weblog/2019/jul/01/security-releases
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2019/jul/01/security-releases
23
reference_url https://www.djangoproject.com/weblog/2019/jul/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/jul/01/security-releases/
24
reference_url http://www.openwall.com/lists/oss-security/2019/07/01/3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2019/07/01/3
25
reference_url http://www.securityfocus.com/bid/109018
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/109018
26
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1724497
reference_id 1724497
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1724497
27
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931316
reference_id 931316
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931316
28
reference_url https://security.archlinux.org/ASA-201907-2
reference_id ASA-201907-2
reference_type
scores
url https://security.archlinux.org/ASA-201907-2
29
reference_url https://security.archlinux.org/AVG-1000
reference_id AVG-1000
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1000
30
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12781
reference_id CVE-2019-12781
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12781
31
reference_url https://access.redhat.com/errata/RHSA-2020:1324
reference_id RHSA-2020:1324
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1324
32
reference_url https://access.redhat.com/errata/RHSA-2020:4366
reference_id RHSA-2020:4366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4366
33
reference_url https://access.redhat.com/errata/RHSA-2020:4390
reference_id RHSA-2020:4390
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4390
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-322v-ntsv-7uge
3
vulnerability VCID-3mfy-uj9u-d7de
4
vulnerability VCID-4cp2-k4mn-8ffj
5
vulnerability VCID-4kcg-gx5y-cuaw
6
vulnerability VCID-4tyd-97z5-z3ar
7
vulnerability VCID-4z4e-8ttu-tyd6
8
vulnerability VCID-51tx-4tp9-kbcz
9
vulnerability VCID-5q58-pzt4-8uey
10
vulnerability VCID-5xtt-au84-zbb2
11
vulnerability VCID-6jpg-yrf8-cufy
12
vulnerability VCID-7c5n-nzwk-v7bz
13
vulnerability VCID-9end-mq19-rke5
14
vulnerability VCID-9kvc-1bdz-n3bd
15
vulnerability VCID-9mpt-zxaw-kkeg
16
vulnerability VCID-attf-6gj8-ebaj
17
vulnerability VCID-au8h-vj9k-pufv
18
vulnerability VCID-bb8b-hq41-s7a6
19
vulnerability VCID-c3m7-fu62-2qd9
20
vulnerability VCID-c58g-7jpv-t7hc
21
vulnerability VCID-drwp-htkk-bkfh
22
vulnerability VCID-e12b-tw2c-53c9
23
vulnerability VCID-e8j6-mybr-17fh
24
vulnerability VCID-f1br-hvnm-wfdg
25
vulnerability VCID-f4a7-tcz5-byfj
26
vulnerability VCID-fcg9-xypn-ykhf
27
vulnerability VCID-fhp8-tck4-mye4
28
vulnerability VCID-fksk-pr23-2yd8
29
vulnerability VCID-fsaw-3ta1-x3dw
30
vulnerability VCID-g44a-m54u-97cr
31
vulnerability VCID-gfar-wbzc-3ubr
32
vulnerability VCID-hh9b-52xn-z7a9
33
vulnerability VCID-hpj4-a9fa-4bca
34
vulnerability VCID-j81e-su1y-tqa6
35
vulnerability VCID-jgv9-vdbm-sycd
36
vulnerability VCID-jybd-p65h-xffy
37
vulnerability VCID-kbab-v2gz-dfe6
38
vulnerability VCID-m1dr-sjmw-jfd2
39
vulnerability VCID-m33h-4p9q-63fb
40
vulnerability VCID-m4wa-xv9b-q7ce
41
vulnerability VCID-n2v7-jqjy-37bc
42
vulnerability VCID-n9vn-4uxr-hkau
43
vulnerability VCID-na9w-xkvx-cbhd
44
vulnerability VCID-nss9-1yrb-x7f2
45
vulnerability VCID-pa7y-gpwp-6qgj
46
vulnerability VCID-pgtx-cdua-kfb4
47
vulnerability VCID-q8r2-m9s6-rbek
48
vulnerability VCID-qgp1-4efd-6yg6
49
vulnerability VCID-qvfs-2v1h-p3h4
50
vulnerability VCID-qy1a-x3ff-4bc8
51
vulnerability VCID-s1rj-1xbw-fbg5
52
vulnerability VCID-shch-yusm-1uck
53
vulnerability VCID-shjc-2j68-2yfy
54
vulnerability VCID-t952-ghnf-jkby
55
vulnerability VCID-u9q1-63gf-7feh
56
vulnerability VCID-ud73-4t2c-n3at
57
vulnerability VCID-vdpf-jddk-syda
58
vulnerability VCID-vgq9-s6th-yufg
59
vulnerability VCID-wa3g-27sx-mbcw
60
vulnerability VCID-wch3-d92x-sudf
61
vulnerability VCID-whgc-pt2s-77ar
62
vulnerability VCID-wnxx-rc7w-cke4
63
vulnerability VCID-x61x-6b6k-h3bn
64
vulnerability VCID-xcmd-18ck-gqae
65
vulnerability VCID-ynt9-h6ww-h7e9
66
vulnerability VCID-yreb-z7nz-jkbs
67
vulnerability VCID-yuda-1mur-8bbq
68
vulnerability VCID-z4x1-e7tp-rqhz
69
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4cp2-k4mn-8ffj
3
vulnerability VCID-4kcg-gx5y-cuaw
4
vulnerability VCID-4tyd-97z5-z3ar
5
vulnerability VCID-4z4e-8ttu-tyd6
6
vulnerability VCID-51tx-4tp9-kbcz
7
vulnerability VCID-5q58-pzt4-8uey
8
vulnerability VCID-5xtt-au84-zbb2
9
vulnerability VCID-6jpg-yrf8-cufy
10
vulnerability VCID-9end-mq19-rke5
11
vulnerability VCID-9kvc-1bdz-n3bd
12
vulnerability VCID-9mpt-zxaw-kkeg
13
vulnerability VCID-attf-6gj8-ebaj
14
vulnerability VCID-au8h-vj9k-pufv
15
vulnerability VCID-bb8b-hq41-s7a6
16
vulnerability VCID-c3m7-fu62-2qd9
17
vulnerability VCID-drwp-htkk-bkfh
18
vulnerability VCID-e12b-tw2c-53c9
19
vulnerability VCID-e8j6-mybr-17fh
20
vulnerability VCID-f4a7-tcz5-byfj
21
vulnerability VCID-fcg9-xypn-ykhf
22
vulnerability VCID-fhp8-tck4-mye4
23
vulnerability VCID-fksk-pr23-2yd8
24
vulnerability VCID-fsaw-3ta1-x3dw
25
vulnerability VCID-g44a-m54u-97cr
26
vulnerability VCID-gfar-wbzc-3ubr
27
vulnerability VCID-hh9b-52xn-z7a9
28
vulnerability VCID-j81e-su1y-tqa6
29
vulnerability VCID-jgv9-vdbm-sycd
30
vulnerability VCID-jybd-p65h-xffy
31
vulnerability VCID-m1dr-sjmw-jfd2
32
vulnerability VCID-m33h-4p9q-63fb
33
vulnerability VCID-m4wa-xv9b-q7ce
34
vulnerability VCID-n2v7-jqjy-37bc
35
vulnerability VCID-n9vn-4uxr-hkau
36
vulnerability VCID-na9w-xkvx-cbhd
37
vulnerability VCID-nss9-1yrb-x7f2
38
vulnerability VCID-pa7y-gpwp-6qgj
39
vulnerability VCID-pgtx-cdua-kfb4
40
vulnerability VCID-q8r2-m9s6-rbek
41
vulnerability VCID-qgp1-4efd-6yg6
42
vulnerability VCID-qvfs-2v1h-p3h4
43
vulnerability VCID-qy1a-x3ff-4bc8
44
vulnerability VCID-s1rj-1xbw-fbg5
45
vulnerability VCID-shch-yusm-1uck
46
vulnerability VCID-shjc-2j68-2yfy
47
vulnerability VCID-u9q1-63gf-7feh
48
vulnerability VCID-ud73-4t2c-n3at
49
vulnerability VCID-vdpf-jddk-syda
50
vulnerability VCID-vgq9-s6th-yufg
51
vulnerability VCID-wa3g-27sx-mbcw
52
vulnerability VCID-whgc-pt2s-77ar
53
vulnerability VCID-wnxx-rc7w-cke4
54
vulnerability VCID-xcmd-18ck-gqae
55
vulnerability VCID-ynt9-h6ww-h7e9
56
vulnerability VCID-yreb-z7nz-jkbs
57
vulnerability VCID-yuda-1mur-8bbq
58
vulnerability VCID-z4x1-e7tp-rqhz
59
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
aliases CVE-2019-12781, GHSA-6c7v-2f49-8h26, PYSEC-2019-10
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3mfy-uj9u-d7de
2
url VCID-4cp2-k4mn-8ffj
vulnerability_id VCID-4cp2-k4mn-8ffj
summary An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13596.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13596.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13596
reference_id
reference_type
scores
0
value 0.00571
scoring_system epss
scoring_elements 0.69047
published_at 2026-06-09T12:55:00Z
1
value 0.00571
scoring_system epss
scoring_elements 0.69027
published_at 2026-06-08T12:55:00Z
2
value 0.00571
scoring_system epss
scoring_elements 0.69042
published_at 2026-06-07T12:55:00Z
3
value 0.00571
scoring_system epss
scoring_elements 0.69
published_at 2026-06-04T12:55:00Z
4
value 0.00571
scoring_system epss
scoring_elements 0.69039
published_at 2026-06-05T12:55:00Z
5
value 0.00571
scoring_system epss
scoring_elements 0.69049
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13596
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13254
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13254
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13596
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13596
4
reference_url https://docs.djangoproject.com/en/3.0/releases/security
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/3.0/releases/security
5
reference_url https://docs.djangoproject.com/en/3.0/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/3.0/releases/security/
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/advisories/GHSA-2m34-jcjv-45xf
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-2m34-jcjv-45xf
8
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
9
reference_url https://github.com/django/django/commit/1f2dd37f6fcefdd10ed44cb233b2e62b520afb38
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/1f2dd37f6fcefdd10ed44cb233b2e62b520afb38
10
reference_url https://github.com/django/django/commit/6d61860b22875f358fac83d903dc629897934815
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/6d61860b22875f358fac83d903dc629897934815
11
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-32.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-32.yaml
12
reference_url https://groups.google.com/forum/#!msg/django-announce/pPEmb2ot4Fo/X-SMalYSBAAJ
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!msg/django-announce/pPEmb2ot4Fo/X-SMalYSBAAJ
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/
15
reference_url https://security.netapp.com/advisory/ntap-20200611-0002
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200611-0002
16
reference_url https://security.netapp.com/advisory/ntap-20200611-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20200611-0002/
17
reference_url https://usn.ubuntu.com/4381-1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4381-1
18
reference_url https://usn.ubuntu.com/4381-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4381-1/
19
reference_url https://usn.ubuntu.com/4381-2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4381-2
20
reference_url https://usn.ubuntu.com/4381-2/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4381-2/
21
reference_url https://www.debian.org/security/2020/dsa-4705
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2020/dsa-4705
22
reference_url https://www.djangoproject.com/weblog/2020/jun/03/security-releases
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2020/jun/03/security-releases
23
reference_url https://www.djangoproject.com/weblog/2020/jun/03/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2020/jun/03/security-releases/
24
reference_url https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2021.html
25
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1843625
reference_id 1843625
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1843625
26
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962323
reference_id 962323
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962323
27
reference_url https://security.archlinux.org/ASA-202006-8
reference_id ASA-202006-8
reference_type
scores
url https://security.archlinux.org/ASA-202006-8
28
reference_url https://security.archlinux.org/AVG-1176
reference_id AVG-1176
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1176
29
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13596
reference_id CVE-2020-13596
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13596
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-322v-ntsv-7uge
3
vulnerability VCID-3mfy-uj9u-d7de
4
vulnerability VCID-4cp2-k4mn-8ffj
5
vulnerability VCID-4kcg-gx5y-cuaw
6
vulnerability VCID-4tyd-97z5-z3ar
7
vulnerability VCID-4z4e-8ttu-tyd6
8
vulnerability VCID-51tx-4tp9-kbcz
9
vulnerability VCID-5q58-pzt4-8uey
10
vulnerability VCID-5xtt-au84-zbb2
11
vulnerability VCID-6jpg-yrf8-cufy
12
vulnerability VCID-7c5n-nzwk-v7bz
13
vulnerability VCID-9end-mq19-rke5
14
vulnerability VCID-9kvc-1bdz-n3bd
15
vulnerability VCID-9mpt-zxaw-kkeg
16
vulnerability VCID-attf-6gj8-ebaj
17
vulnerability VCID-au8h-vj9k-pufv
18
vulnerability VCID-bb8b-hq41-s7a6
19
vulnerability VCID-c3m7-fu62-2qd9
20
vulnerability VCID-c58g-7jpv-t7hc
21
vulnerability VCID-drwp-htkk-bkfh
22
vulnerability VCID-e12b-tw2c-53c9
23
vulnerability VCID-e8j6-mybr-17fh
24
vulnerability VCID-f1br-hvnm-wfdg
25
vulnerability VCID-f4a7-tcz5-byfj
26
vulnerability VCID-fcg9-xypn-ykhf
27
vulnerability VCID-fhp8-tck4-mye4
28
vulnerability VCID-fksk-pr23-2yd8
29
vulnerability VCID-fsaw-3ta1-x3dw
30
vulnerability VCID-g44a-m54u-97cr
31
vulnerability VCID-gfar-wbzc-3ubr
32
vulnerability VCID-hh9b-52xn-z7a9
33
vulnerability VCID-hpj4-a9fa-4bca
34
vulnerability VCID-j81e-su1y-tqa6
35
vulnerability VCID-jgv9-vdbm-sycd
36
vulnerability VCID-jybd-p65h-xffy
37
vulnerability VCID-kbab-v2gz-dfe6
38
vulnerability VCID-m1dr-sjmw-jfd2
39
vulnerability VCID-m33h-4p9q-63fb
40
vulnerability VCID-m4wa-xv9b-q7ce
41
vulnerability VCID-n2v7-jqjy-37bc
42
vulnerability VCID-n9vn-4uxr-hkau
43
vulnerability VCID-na9w-xkvx-cbhd
44
vulnerability VCID-nss9-1yrb-x7f2
45
vulnerability VCID-pa7y-gpwp-6qgj
46
vulnerability VCID-pgtx-cdua-kfb4
47
vulnerability VCID-q8r2-m9s6-rbek
48
vulnerability VCID-qgp1-4efd-6yg6
49
vulnerability VCID-qvfs-2v1h-p3h4
50
vulnerability VCID-qy1a-x3ff-4bc8
51
vulnerability VCID-s1rj-1xbw-fbg5
52
vulnerability VCID-shch-yusm-1uck
53
vulnerability VCID-shjc-2j68-2yfy
54
vulnerability VCID-t952-ghnf-jkby
55
vulnerability VCID-u9q1-63gf-7feh
56
vulnerability VCID-ud73-4t2c-n3at
57
vulnerability VCID-vdpf-jddk-syda
58
vulnerability VCID-vgq9-s6th-yufg
59
vulnerability VCID-wa3g-27sx-mbcw
60
vulnerability VCID-wch3-d92x-sudf
61
vulnerability VCID-whgc-pt2s-77ar
62
vulnerability VCID-wnxx-rc7w-cke4
63
vulnerability VCID-x61x-6b6k-h3bn
64
vulnerability VCID-xcmd-18ck-gqae
65
vulnerability VCID-ynt9-h6ww-h7e9
66
vulnerability VCID-yreb-z7nz-jkbs
67
vulnerability VCID-yuda-1mur-8bbq
68
vulnerability VCID-z4x1-e7tp-rqhz
69
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4cp2-k4mn-8ffj
3
vulnerability VCID-4kcg-gx5y-cuaw
4
vulnerability VCID-4tyd-97z5-z3ar
5
vulnerability VCID-4z4e-8ttu-tyd6
6
vulnerability VCID-51tx-4tp9-kbcz
7
vulnerability VCID-5q58-pzt4-8uey
8
vulnerability VCID-5xtt-au84-zbb2
9
vulnerability VCID-6jpg-yrf8-cufy
10
vulnerability VCID-9end-mq19-rke5
11
vulnerability VCID-9kvc-1bdz-n3bd
12
vulnerability VCID-9mpt-zxaw-kkeg
13
vulnerability VCID-attf-6gj8-ebaj
14
vulnerability VCID-au8h-vj9k-pufv
15
vulnerability VCID-bb8b-hq41-s7a6
16
vulnerability VCID-c3m7-fu62-2qd9
17
vulnerability VCID-drwp-htkk-bkfh
18
vulnerability VCID-e12b-tw2c-53c9
19
vulnerability VCID-e8j6-mybr-17fh
20
vulnerability VCID-f4a7-tcz5-byfj
21
vulnerability VCID-fcg9-xypn-ykhf
22
vulnerability VCID-fhp8-tck4-mye4
23
vulnerability VCID-fksk-pr23-2yd8
24
vulnerability VCID-fsaw-3ta1-x3dw
25
vulnerability VCID-g44a-m54u-97cr
26
vulnerability VCID-gfar-wbzc-3ubr
27
vulnerability VCID-hh9b-52xn-z7a9
28
vulnerability VCID-j81e-su1y-tqa6
29
vulnerability VCID-jgv9-vdbm-sycd
30
vulnerability VCID-jybd-p65h-xffy
31
vulnerability VCID-m1dr-sjmw-jfd2
32
vulnerability VCID-m33h-4p9q-63fb
33
vulnerability VCID-m4wa-xv9b-q7ce
34
vulnerability VCID-n2v7-jqjy-37bc
35
vulnerability VCID-n9vn-4uxr-hkau
36
vulnerability VCID-na9w-xkvx-cbhd
37
vulnerability VCID-nss9-1yrb-x7f2
38
vulnerability VCID-pa7y-gpwp-6qgj
39
vulnerability VCID-pgtx-cdua-kfb4
40
vulnerability VCID-q8r2-m9s6-rbek
41
vulnerability VCID-qgp1-4efd-6yg6
42
vulnerability VCID-qvfs-2v1h-p3h4
43
vulnerability VCID-qy1a-x3ff-4bc8
44
vulnerability VCID-s1rj-1xbw-fbg5
45
vulnerability VCID-shch-yusm-1uck
46
vulnerability VCID-shjc-2j68-2yfy
47
vulnerability VCID-u9q1-63gf-7feh
48
vulnerability VCID-ud73-4t2c-n3at
49
vulnerability VCID-vdpf-jddk-syda
50
vulnerability VCID-vgq9-s6th-yufg
51
vulnerability VCID-wa3g-27sx-mbcw
52
vulnerability VCID-whgc-pt2s-77ar
53
vulnerability VCID-wnxx-rc7w-cke4
54
vulnerability VCID-xcmd-18ck-gqae
55
vulnerability VCID-ynt9-h6ww-h7e9
56
vulnerability VCID-yreb-z7nz-jkbs
57
vulnerability VCID-yuda-1mur-8bbq
58
vulnerability VCID-z4x1-e7tp-rqhz
59
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
2
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-4kcg-gx5y-cuaw
3
vulnerability VCID-4tyd-97z5-z3ar
4
vulnerability VCID-55xg-pw9n-zkdy
5
vulnerability VCID-5xtt-au84-zbb2
6
vulnerability VCID-9gq3-whr8-s7b8
7
vulnerability VCID-9kvc-1bdz-n3bd
8
vulnerability VCID-abpe-htm1-9ubp
9
vulnerability VCID-bb8b-hq41-s7a6
10
vulnerability VCID-e12b-tw2c-53c9
11
vulnerability VCID-e8j6-mybr-17fh
12
vulnerability VCID-eqsc-axng-ckca
13
vulnerability VCID-fcg9-xypn-ykhf
14
vulnerability VCID-fsaw-3ta1-x3dw
15
vulnerability VCID-fsz5-dkw2-hyap
16
vulnerability VCID-fxuu-kk52-r7ch
17
vulnerability VCID-ga7z-wj4j-63h1
18
vulnerability VCID-hsjn-xnpp-5yeh
19
vulnerability VCID-jgv9-vdbm-sycd
20
vulnerability VCID-jybd-p65h-xffy
21
vulnerability VCID-kxdd-yzp3-r7cb
22
vulnerability VCID-m33h-4p9q-63fb
23
vulnerability VCID-m4am-h2ea-3ffr
24
vulnerability VCID-n2v7-jqjy-37bc
25
vulnerability VCID-pa7y-gpwp-6qgj
26
vulnerability VCID-phkp-9abp-f3dq
27
vulnerability VCID-qgp1-4efd-6yg6
28
vulnerability VCID-qy1a-x3ff-4bc8
29
vulnerability VCID-rqqc-ta7c-ykgx
30
vulnerability VCID-s1rj-1xbw-fbg5
31
vulnerability VCID-shch-yusm-1uck
32
vulnerability VCID-shjc-2j68-2yfy
33
vulnerability VCID-tktt-vg92-6kae
34
vulnerability VCID-tuqc-c251-h7ds
35
vulnerability VCID-ud73-4t2c-n3at
36
vulnerability VCID-vgq9-s6th-yufg
37
vulnerability VCID-w777-44ns-cybg
38
vulnerability VCID-wa3g-27sx-mbcw
39
vulnerability VCID-whgc-pt2s-77ar
40
vulnerability VCID-xcmd-18ck-gqae
41
vulnerability VCID-ynt9-h6ww-h7e9
42
vulnerability VCID-yuda-1mur-8bbq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
aliases BIT-django-2020-13596, CVE-2020-13596, GHSA-2m34-jcjv-45xf, PYSEC-2020-32
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4cp2-k4mn-8ffj
3
url VCID-4tyd-97z5-z3ar
vulnerability_id VCID-4tyd-97z5-z3ar
summary 
Django allows enumeration of user e-mail addresses
An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45231.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45231.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-45231
reference_id
reference_type
scores
0
value 0.00235
scoring_system epss
scoring_elements 0.46517
published_at 2026-06-09T12:55:00Z
1
value 0.00235
scoring_system epss
scoring_elements 0.46505
published_at 2026-06-08T12:55:00Z
2
value 0.00235
scoring_system epss
scoring_elements 0.46531
published_at 2026-06-07T12:55:00Z
3
value 0.00235
scoring_system epss
scoring_elements 0.46552
published_at 2026-06-06T12:55:00Z
4
value 0.00235
scoring_system epss
scoring_elements 0.46551
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-45231
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
26
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
27
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
28
reference_url https://github.com/django/django/commit/3c733c78d6f8e50296d6e248968b6516c92a53ca
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/3c733c78d6f8e50296d6e248968b6516c92a53ca
29
reference_url https://github.com/django/django/commit/96d84047715ea1715b4bd1594e46122b8a77b9e2
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/96d84047715ea1715b4bd1594e46122b8a77b9e2
30
reference_url https://github.com/django/django/commit/bf4888d317ba4506d091eeac6e8b4f1fcc731199
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/bf4888d317ba4506d091eeac6e8b4f1fcc731199
31
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:35:34Z/
url https://groups.google.com/forum/#%21forum/django-announce
32
reference_url https://www.djangoproject.com/weblog/2024/sep/03/security-releases
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2024/sep/03/security-releases
33
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2314496
reference_id 2314496
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2314496
34
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-45231
reference_id CVE-2024-45231
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-45231
35
reference_url https://github.com/advisories/GHSA-rrqc-c2jx-6jgv
reference_id GHSA-rrqc-c2jx-6jgv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rrqc-c2jx-6jgv
36
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
37
reference_url https://usn.ubuntu.com/6987-1/
reference_id USN-6987-1
reference_type
scores
url https://usn.ubuntu.com/6987-1/
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-322v-ntsv-7uge
3
vulnerability VCID-3mfy-uj9u-d7de
4
vulnerability VCID-4cp2-k4mn-8ffj
5
vulnerability VCID-4kcg-gx5y-cuaw
6
vulnerability VCID-4tyd-97z5-z3ar
7
vulnerability VCID-4z4e-8ttu-tyd6
8
vulnerability VCID-51tx-4tp9-kbcz
9
vulnerability VCID-5q58-pzt4-8uey
10
vulnerability VCID-5xtt-au84-zbb2
11
vulnerability VCID-6jpg-yrf8-cufy
12
vulnerability VCID-7c5n-nzwk-v7bz
13
vulnerability VCID-9end-mq19-rke5
14
vulnerability VCID-9kvc-1bdz-n3bd
15
vulnerability VCID-9mpt-zxaw-kkeg
16
vulnerability VCID-attf-6gj8-ebaj
17
vulnerability VCID-au8h-vj9k-pufv
18
vulnerability VCID-bb8b-hq41-s7a6
19
vulnerability VCID-c3m7-fu62-2qd9
20
vulnerability VCID-c58g-7jpv-t7hc
21
vulnerability VCID-drwp-htkk-bkfh
22
vulnerability VCID-e12b-tw2c-53c9
23
vulnerability VCID-e8j6-mybr-17fh
24
vulnerability VCID-f1br-hvnm-wfdg
25
vulnerability VCID-f4a7-tcz5-byfj
26
vulnerability VCID-fcg9-xypn-ykhf
27
vulnerability VCID-fhp8-tck4-mye4
28
vulnerability VCID-fksk-pr23-2yd8
29
vulnerability VCID-fsaw-3ta1-x3dw
30
vulnerability VCID-g44a-m54u-97cr
31
vulnerability VCID-gfar-wbzc-3ubr
32
vulnerability VCID-hh9b-52xn-z7a9
33
vulnerability VCID-hpj4-a9fa-4bca
34
vulnerability VCID-j81e-su1y-tqa6
35
vulnerability VCID-jgv9-vdbm-sycd
36
vulnerability VCID-jybd-p65h-xffy
37
vulnerability VCID-kbab-v2gz-dfe6
38
vulnerability VCID-m1dr-sjmw-jfd2
39
vulnerability VCID-m33h-4p9q-63fb
40
vulnerability VCID-m4wa-xv9b-q7ce
41
vulnerability VCID-n2v7-jqjy-37bc
42
vulnerability VCID-n9vn-4uxr-hkau
43
vulnerability VCID-na9w-xkvx-cbhd
44
vulnerability VCID-nss9-1yrb-x7f2
45
vulnerability VCID-pa7y-gpwp-6qgj
46
vulnerability VCID-pgtx-cdua-kfb4
47
vulnerability VCID-q8r2-m9s6-rbek
48
vulnerability VCID-qgp1-4efd-6yg6
49
vulnerability VCID-qvfs-2v1h-p3h4
50
vulnerability VCID-qy1a-x3ff-4bc8
51
vulnerability VCID-s1rj-1xbw-fbg5
52
vulnerability VCID-shch-yusm-1uck
53
vulnerability VCID-shjc-2j68-2yfy
54
vulnerability VCID-t952-ghnf-jkby
55
vulnerability VCID-u9q1-63gf-7feh
56
vulnerability VCID-ud73-4t2c-n3at
57
vulnerability VCID-vdpf-jddk-syda
58
vulnerability VCID-vgq9-s6th-yufg
59
vulnerability VCID-wa3g-27sx-mbcw
60
vulnerability VCID-wch3-d92x-sudf
61
vulnerability VCID-whgc-pt2s-77ar
62
vulnerability VCID-wnxx-rc7w-cke4
63
vulnerability VCID-x61x-6b6k-h3bn
64
vulnerability VCID-xcmd-18ck-gqae
65
vulnerability VCID-ynt9-h6ww-h7e9
66
vulnerability VCID-yreb-z7nz-jkbs
67
vulnerability VCID-yuda-1mur-8bbq
68
vulnerability VCID-z4x1-e7tp-rqhz
69
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4cp2-k4mn-8ffj
3
vulnerability VCID-4kcg-gx5y-cuaw
4
vulnerability VCID-4tyd-97z5-z3ar
5
vulnerability VCID-4z4e-8ttu-tyd6
6
vulnerability VCID-51tx-4tp9-kbcz
7
vulnerability VCID-5q58-pzt4-8uey
8
vulnerability VCID-5xtt-au84-zbb2
9
vulnerability VCID-6jpg-yrf8-cufy
10
vulnerability VCID-9end-mq19-rke5
11
vulnerability VCID-9kvc-1bdz-n3bd
12
vulnerability VCID-9mpt-zxaw-kkeg
13
vulnerability VCID-attf-6gj8-ebaj
14
vulnerability VCID-au8h-vj9k-pufv
15
vulnerability VCID-bb8b-hq41-s7a6
16
vulnerability VCID-c3m7-fu62-2qd9
17
vulnerability VCID-drwp-htkk-bkfh
18
vulnerability VCID-e12b-tw2c-53c9
19
vulnerability VCID-e8j6-mybr-17fh
20
vulnerability VCID-f4a7-tcz5-byfj
21
vulnerability VCID-fcg9-xypn-ykhf
22
vulnerability VCID-fhp8-tck4-mye4
23
vulnerability VCID-fksk-pr23-2yd8
24
vulnerability VCID-fsaw-3ta1-x3dw
25
vulnerability VCID-g44a-m54u-97cr
26
vulnerability VCID-gfar-wbzc-3ubr
27
vulnerability VCID-hh9b-52xn-z7a9
28
vulnerability VCID-j81e-su1y-tqa6
29
vulnerability VCID-jgv9-vdbm-sycd
30
vulnerability VCID-jybd-p65h-xffy
31
vulnerability VCID-m1dr-sjmw-jfd2
32
vulnerability VCID-m33h-4p9q-63fb
33
vulnerability VCID-m4wa-xv9b-q7ce
34
vulnerability VCID-n2v7-jqjy-37bc
35
vulnerability VCID-n9vn-4uxr-hkau
36
vulnerability VCID-na9w-xkvx-cbhd
37
vulnerability VCID-nss9-1yrb-x7f2
38
vulnerability VCID-pa7y-gpwp-6qgj
39
vulnerability VCID-pgtx-cdua-kfb4
40
vulnerability VCID-q8r2-m9s6-rbek
41
vulnerability VCID-qgp1-4efd-6yg6
42
vulnerability VCID-qvfs-2v1h-p3h4
43
vulnerability VCID-qy1a-x3ff-4bc8
44
vulnerability VCID-s1rj-1xbw-fbg5
45
vulnerability VCID-shch-yusm-1uck
46
vulnerability VCID-shjc-2j68-2yfy
47
vulnerability VCID-u9q1-63gf-7feh
48
vulnerability VCID-ud73-4t2c-n3at
49
vulnerability VCID-vdpf-jddk-syda
50
vulnerability VCID-vgq9-s6th-yufg
51
vulnerability VCID-wa3g-27sx-mbcw
52
vulnerability VCID-whgc-pt2s-77ar
53
vulnerability VCID-wnxx-rc7w-cke4
54
vulnerability VCID-xcmd-18ck-gqae
55
vulnerability VCID-ynt9-h6ww-h7e9
56
vulnerability VCID-yreb-z7nz-jkbs
57
vulnerability VCID-yuda-1mur-8bbq
58
vulnerability VCID-z4x1-e7tp-rqhz
59
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
2
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-55xg-pw9n-zkdy
3
vulnerability VCID-9gq3-whr8-s7b8
4
vulnerability VCID-abpe-htm1-9ubp
5
vulnerability VCID-eqsc-axng-ckca
6
vulnerability VCID-fsz5-dkw2-hyap
7
vulnerability VCID-fxuu-kk52-r7ch
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-kxdd-yzp3-r7cb
11
vulnerability VCID-m4am-h2ea-3ffr
12
vulnerability VCID-phkp-9abp-f3dq
13
vulnerability VCID-rqqc-ta7c-ykgx
14
vulnerability VCID-tktt-vg92-6kae
15
vulnerability VCID-tuqc-c251-h7ds
16
vulnerability VCID-w777-44ns-cybg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
aliases CVE-2024-45231, GHSA-rrqc-c2jx-6jgv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4tyd-97z5-z3ar
4
url VCID-5q58-pzt4-8uey
vulnerability_id VCID-5q58-pzt4-8uey
summary Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7471.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7471.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-7471
reference_id
reference_type
scores
0
value 0.1537
scoring_system epss
scoring_elements 0.94772
published_at 2026-06-05T12:55:00Z
1
value 0.1537
scoring_system epss
scoring_elements 0.9478
published_at 2026-06-09T12:55:00Z
2
value 0.1537
scoring_system epss
scoring_elements 0.94775
published_at 2026-06-08T12:55:00Z
3
value 0.1537
scoring_system epss
scoring_elements 0.94774
published_at 2026-06-06T12:55:00Z
4
value 0.1537
scoring_system epss
scoring_elements 0.94763
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-7471
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7471
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7471
3
reference_url https://docs.djangoproject.com/en/3.0/releases/security
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/3.0/releases/security
4
reference_url https://docs.djangoproject.com/en/3.0/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/3.0/releases/security/
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-hmr4-m2h5-33qx
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-hmr4-m2h5-33qx
7
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
8
reference_url https://github.com/django/django/commit/001b0634cd309e372edb6d7d95d083d02b8e37bd
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/001b0634cd309e372edb6d7d95d083d02b8e37bd
9
reference_url https://github.com/django/django/commit/505826b469b16ab36693360da9e11fd13213421b
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/505826b469b16ab36693360da9e11fd13213421b
10
reference_url https://github.com/django/django/commit/c67a368c16e4680b324b4f385398d638db4d8147
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/c67a368c16e4680b324b4f385398d638db4d8147
11
reference_url https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136
12
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-35.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-35.yaml
13
reference_url https://groups.google.com/forum/#!topic/django-announce/X45S86X5bZI
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/django-announce/X45S86X5bZI
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/
16
reference_url https://seclists.org/bugtraq/2020/Feb/30
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2020/Feb/30
17
reference_url https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202004-17
18
reference_url https://security.netapp.com/advisory/ntap-20200221-0006
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200221-0006
19
reference_url https://security.netapp.com/advisory/ntap-20200221-0006/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20200221-0006/
20
reference_url https://usn.ubuntu.com/4264-1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4264-1
21
reference_url https://usn.ubuntu.com/4264-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4264-1/
22
reference_url https://www.debian.org/security/2020/dsa-4629
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2020/dsa-4629
23
reference_url https://www.djangoproject.com/weblog/2020/feb/03/security-releases
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2020/feb/03/security-releases
24
reference_url https://www.djangoproject.com/weblog/2020/feb/03/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2020/feb/03/security-releases/
25
reference_url https://www.openwall.com/lists/oss-security/2020/02/03/1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2020/02/03/1
26
reference_url http://www.openwall.com/lists/oss-security/2020/02/03/1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/02/03/1
27
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1798515
reference_id 1798515
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1798515
28
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950581
reference_id 950581
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950581
29
reference_url https://security.archlinux.org/ASA-202002-1
reference_id ASA-202002-1
reference_type
scores
url https://security.archlinux.org/ASA-202002-1
30
reference_url https://security.archlinux.org/AVG-1091
reference_id AVG-1091
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1091
31
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-7471
reference_id CVE-2020-7471
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-7471
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-322v-ntsv-7uge
3
vulnerability VCID-3mfy-uj9u-d7de
4
vulnerability VCID-4cp2-k4mn-8ffj
5
vulnerability VCID-4kcg-gx5y-cuaw
6
vulnerability VCID-4tyd-97z5-z3ar
7
vulnerability VCID-4z4e-8ttu-tyd6
8
vulnerability VCID-51tx-4tp9-kbcz
9
vulnerability VCID-5q58-pzt4-8uey
10
vulnerability VCID-5xtt-au84-zbb2
11
vulnerability VCID-6jpg-yrf8-cufy
12
vulnerability VCID-7c5n-nzwk-v7bz
13
vulnerability VCID-9end-mq19-rke5
14
vulnerability VCID-9kvc-1bdz-n3bd
15
vulnerability VCID-9mpt-zxaw-kkeg
16
vulnerability VCID-attf-6gj8-ebaj
17
vulnerability VCID-au8h-vj9k-pufv
18
vulnerability VCID-bb8b-hq41-s7a6
19
vulnerability VCID-c3m7-fu62-2qd9
20
vulnerability VCID-c58g-7jpv-t7hc
21
vulnerability VCID-drwp-htkk-bkfh
22
vulnerability VCID-e12b-tw2c-53c9
23
vulnerability VCID-e8j6-mybr-17fh
24
vulnerability VCID-f1br-hvnm-wfdg
25
vulnerability VCID-f4a7-tcz5-byfj
26
vulnerability VCID-fcg9-xypn-ykhf
27
vulnerability VCID-fhp8-tck4-mye4
28
vulnerability VCID-fksk-pr23-2yd8
29
vulnerability VCID-fsaw-3ta1-x3dw
30
vulnerability VCID-g44a-m54u-97cr
31
vulnerability VCID-gfar-wbzc-3ubr
32
vulnerability VCID-hh9b-52xn-z7a9
33
vulnerability VCID-hpj4-a9fa-4bca
34
vulnerability VCID-j81e-su1y-tqa6
35
vulnerability VCID-jgv9-vdbm-sycd
36
vulnerability VCID-jybd-p65h-xffy
37
vulnerability VCID-kbab-v2gz-dfe6
38
vulnerability VCID-m1dr-sjmw-jfd2
39
vulnerability VCID-m33h-4p9q-63fb
40
vulnerability VCID-m4wa-xv9b-q7ce
41
vulnerability VCID-n2v7-jqjy-37bc
42
vulnerability VCID-n9vn-4uxr-hkau
43
vulnerability VCID-na9w-xkvx-cbhd
44
vulnerability VCID-nss9-1yrb-x7f2
45
vulnerability VCID-pa7y-gpwp-6qgj
46
vulnerability VCID-pgtx-cdua-kfb4
47
vulnerability VCID-q8r2-m9s6-rbek
48
vulnerability VCID-qgp1-4efd-6yg6
49
vulnerability VCID-qvfs-2v1h-p3h4
50
vulnerability VCID-qy1a-x3ff-4bc8
51
vulnerability VCID-s1rj-1xbw-fbg5
52
vulnerability VCID-shch-yusm-1uck
53
vulnerability VCID-shjc-2j68-2yfy
54
vulnerability VCID-t952-ghnf-jkby
55
vulnerability VCID-u9q1-63gf-7feh
56
vulnerability VCID-ud73-4t2c-n3at
57
vulnerability VCID-vdpf-jddk-syda
58
vulnerability VCID-vgq9-s6th-yufg
59
vulnerability VCID-wa3g-27sx-mbcw
60
vulnerability VCID-wch3-d92x-sudf
61
vulnerability VCID-whgc-pt2s-77ar
62
vulnerability VCID-wnxx-rc7w-cke4
63
vulnerability VCID-x61x-6b6k-h3bn
64
vulnerability VCID-xcmd-18ck-gqae
65
vulnerability VCID-ynt9-h6ww-h7e9
66
vulnerability VCID-yreb-z7nz-jkbs
67
vulnerability VCID-yuda-1mur-8bbq
68
vulnerability VCID-z4x1-e7tp-rqhz
69
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4cp2-k4mn-8ffj
3
vulnerability VCID-4kcg-gx5y-cuaw
4
vulnerability VCID-4tyd-97z5-z3ar
5
vulnerability VCID-4z4e-8ttu-tyd6
6
vulnerability VCID-51tx-4tp9-kbcz
7
vulnerability VCID-5q58-pzt4-8uey
8
vulnerability VCID-5xtt-au84-zbb2
9
vulnerability VCID-6jpg-yrf8-cufy
10
vulnerability VCID-9end-mq19-rke5
11
vulnerability VCID-9kvc-1bdz-n3bd
12
vulnerability VCID-9mpt-zxaw-kkeg
13
vulnerability VCID-attf-6gj8-ebaj
14
vulnerability VCID-au8h-vj9k-pufv
15
vulnerability VCID-bb8b-hq41-s7a6
16
vulnerability VCID-c3m7-fu62-2qd9
17
vulnerability VCID-drwp-htkk-bkfh
18
vulnerability VCID-e12b-tw2c-53c9
19
vulnerability VCID-e8j6-mybr-17fh
20
vulnerability VCID-f4a7-tcz5-byfj
21
vulnerability VCID-fcg9-xypn-ykhf
22
vulnerability VCID-fhp8-tck4-mye4
23
vulnerability VCID-fksk-pr23-2yd8
24
vulnerability VCID-fsaw-3ta1-x3dw
25
vulnerability VCID-g44a-m54u-97cr
26
vulnerability VCID-gfar-wbzc-3ubr
27
vulnerability VCID-hh9b-52xn-z7a9
28
vulnerability VCID-j81e-su1y-tqa6
29
vulnerability VCID-jgv9-vdbm-sycd
30
vulnerability VCID-jybd-p65h-xffy
31
vulnerability VCID-m1dr-sjmw-jfd2
32
vulnerability VCID-m33h-4p9q-63fb
33
vulnerability VCID-m4wa-xv9b-q7ce
34
vulnerability VCID-n2v7-jqjy-37bc
35
vulnerability VCID-n9vn-4uxr-hkau
36
vulnerability VCID-na9w-xkvx-cbhd
37
vulnerability VCID-nss9-1yrb-x7f2
38
vulnerability VCID-pa7y-gpwp-6qgj
39
vulnerability VCID-pgtx-cdua-kfb4
40
vulnerability VCID-q8r2-m9s6-rbek
41
vulnerability VCID-qgp1-4efd-6yg6
42
vulnerability VCID-qvfs-2v1h-p3h4
43
vulnerability VCID-qy1a-x3ff-4bc8
44
vulnerability VCID-s1rj-1xbw-fbg5
45
vulnerability VCID-shch-yusm-1uck
46
vulnerability VCID-shjc-2j68-2yfy
47
vulnerability VCID-u9q1-63gf-7feh
48
vulnerability VCID-ud73-4t2c-n3at
49
vulnerability VCID-vdpf-jddk-syda
50
vulnerability VCID-vgq9-s6th-yufg
51
vulnerability VCID-wa3g-27sx-mbcw
52
vulnerability VCID-whgc-pt2s-77ar
53
vulnerability VCID-wnxx-rc7w-cke4
54
vulnerability VCID-xcmd-18ck-gqae
55
vulnerability VCID-ynt9-h6ww-h7e9
56
vulnerability VCID-yreb-z7nz-jkbs
57
vulnerability VCID-yuda-1mur-8bbq
58
vulnerability VCID-z4x1-e7tp-rqhz
59
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
2
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-4kcg-gx5y-cuaw
3
vulnerability VCID-4tyd-97z5-z3ar
4
vulnerability VCID-55xg-pw9n-zkdy
5
vulnerability VCID-5xtt-au84-zbb2
6
vulnerability VCID-9gq3-whr8-s7b8
7
vulnerability VCID-9kvc-1bdz-n3bd
8
vulnerability VCID-abpe-htm1-9ubp
9
vulnerability VCID-bb8b-hq41-s7a6
10
vulnerability VCID-e12b-tw2c-53c9
11
vulnerability VCID-e8j6-mybr-17fh
12
vulnerability VCID-eqsc-axng-ckca
13
vulnerability VCID-fcg9-xypn-ykhf
14
vulnerability VCID-fsaw-3ta1-x3dw
15
vulnerability VCID-fsz5-dkw2-hyap
16
vulnerability VCID-fxuu-kk52-r7ch
17
vulnerability VCID-ga7z-wj4j-63h1
18
vulnerability VCID-hsjn-xnpp-5yeh
19
vulnerability VCID-jgv9-vdbm-sycd
20
vulnerability VCID-jybd-p65h-xffy
21
vulnerability VCID-kxdd-yzp3-r7cb
22
vulnerability VCID-m33h-4p9q-63fb
23
vulnerability VCID-m4am-h2ea-3ffr
24
vulnerability VCID-n2v7-jqjy-37bc
25
vulnerability VCID-pa7y-gpwp-6qgj
26
vulnerability VCID-phkp-9abp-f3dq
27
vulnerability VCID-qgp1-4efd-6yg6
28
vulnerability VCID-qy1a-x3ff-4bc8
29
vulnerability VCID-rqqc-ta7c-ykgx
30
vulnerability VCID-s1rj-1xbw-fbg5
31
vulnerability VCID-shch-yusm-1uck
32
vulnerability VCID-shjc-2j68-2yfy
33
vulnerability VCID-tktt-vg92-6kae
34
vulnerability VCID-tuqc-c251-h7ds
35
vulnerability VCID-ud73-4t2c-n3at
36
vulnerability VCID-vgq9-s6th-yufg
37
vulnerability VCID-w777-44ns-cybg
38
vulnerability VCID-wa3g-27sx-mbcw
39
vulnerability VCID-whgc-pt2s-77ar
40
vulnerability VCID-xcmd-18ck-gqae
41
vulnerability VCID-ynt9-h6ww-h7e9
42
vulnerability VCID-yuda-1mur-8bbq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
aliases BIT-django-2020-7471, CVE-2020-7471, GHSA-hmr4-m2h5-33qx, PYSEC-2020-35
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5q58-pzt4-8uey
5
url VCID-5xtt-au84-zbb2
vulnerability_id VCID-5xtt-au84-zbb2
summary An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate(), and QuerySet.extra() are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to these methods (on MySQL and MariaDB).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59681.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59681.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-59681
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02692
published_at 2026-06-05T12:55:00Z
1
value 0.00015
scoring_system epss
scoring_elements 0.03371
published_at 2026-06-08T12:55:00Z
2
value 0.00015
scoring_system epss
scoring_elements 0.03372
published_at 2026-06-09T12:55:00Z
3
value 0.00015
scoring_system epss
scoring_elements 0.03406
published_at 2026-06-06T12:55:00Z
4
value 0.00015
scoring_system epss
scoring_elements 0.03392
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-59681
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
26
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T19:12:04Z/
url https://docs.djangoproject.com/en/dev/releases/security/
27
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
28
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
29
reference_url https://github.com/django/django/commit/41b43c74bda19753c757036673ea9db74acf494a
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/41b43c74bda19753c757036673ea9db74acf494a
30
reference_url https://github.com/django/django/commit/43d84aef04a9e71164c21a74885996981857e66e
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/43d84aef04a9e71164c21a74885996981857e66e
31
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-106.yaml
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-106.yaml
32
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T19:12:04Z/
url https://groups.google.com/g/django-announce
33
reference_url https://www.djangoproject.com/weblog/2025/oct/01/security-releases
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2025/oct/01/security-releases
34
reference_url https://www.djangoproject.com/weblog/2025/oct/01/security-releases/
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T19:12:04Z/
url https://www.djangoproject.com/weblog/2025/oct/01/security-releases/
35
reference_url http://www.openwall.com/lists/oss-security/2025/10/01/3
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/10/01/3
36
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116979
reference_id 1116979
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116979
37
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2400449
reference_id 2400449
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2400449
38
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-59681
reference_id CVE-2025-59681
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-59681
39
reference_url https://github.com/advisories/GHSA-hpr9-3m2g-3j9p
reference_id GHSA-hpr9-3m2g-3j9p
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hpr9-3m2g-3j9p
40
reference_url https://access.redhat.com/errata/RHSA-2025:18984
reference_id RHSA-2025:18984
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:18984
41
reference_url https://access.redhat.com/errata/RHSA-2025:23196
reference_id RHSA-2025:23196
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23196
42
reference_url https://usn.ubuntu.com/7794-1/
reference_id USN-7794-1
reference_type
scores
url https://usn.ubuntu.com/7794-1/
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-322v-ntsv-7uge
3
vulnerability VCID-3mfy-uj9u-d7de
4
vulnerability VCID-4cp2-k4mn-8ffj
5
vulnerability VCID-4kcg-gx5y-cuaw
6
vulnerability VCID-4tyd-97z5-z3ar
7
vulnerability VCID-4z4e-8ttu-tyd6
8
vulnerability VCID-51tx-4tp9-kbcz
9
vulnerability VCID-5q58-pzt4-8uey
10
vulnerability VCID-5xtt-au84-zbb2
11
vulnerability VCID-6jpg-yrf8-cufy
12
vulnerability VCID-7c5n-nzwk-v7bz
13
vulnerability VCID-9end-mq19-rke5
14
vulnerability VCID-9kvc-1bdz-n3bd
15
vulnerability VCID-9mpt-zxaw-kkeg
16
vulnerability VCID-attf-6gj8-ebaj
17
vulnerability VCID-au8h-vj9k-pufv
18
vulnerability VCID-bb8b-hq41-s7a6
19
vulnerability VCID-c3m7-fu62-2qd9
20
vulnerability VCID-c58g-7jpv-t7hc
21
vulnerability VCID-drwp-htkk-bkfh
22
vulnerability VCID-e12b-tw2c-53c9
23
vulnerability VCID-e8j6-mybr-17fh
24
vulnerability VCID-f1br-hvnm-wfdg
25
vulnerability VCID-f4a7-tcz5-byfj
26
vulnerability VCID-fcg9-xypn-ykhf
27
vulnerability VCID-fhp8-tck4-mye4
28
vulnerability VCID-fksk-pr23-2yd8
29
vulnerability VCID-fsaw-3ta1-x3dw
30
vulnerability VCID-g44a-m54u-97cr
31
vulnerability VCID-gfar-wbzc-3ubr
32
vulnerability VCID-hh9b-52xn-z7a9
33
vulnerability VCID-hpj4-a9fa-4bca
34
vulnerability VCID-j81e-su1y-tqa6
35
vulnerability VCID-jgv9-vdbm-sycd
36
vulnerability VCID-jybd-p65h-xffy
37
vulnerability VCID-kbab-v2gz-dfe6
38
vulnerability VCID-m1dr-sjmw-jfd2
39
vulnerability VCID-m33h-4p9q-63fb
40
vulnerability VCID-m4wa-xv9b-q7ce
41
vulnerability VCID-n2v7-jqjy-37bc
42
vulnerability VCID-n9vn-4uxr-hkau
43
vulnerability VCID-na9w-xkvx-cbhd
44
vulnerability VCID-nss9-1yrb-x7f2
45
vulnerability VCID-pa7y-gpwp-6qgj
46
vulnerability VCID-pgtx-cdua-kfb4
47
vulnerability VCID-q8r2-m9s6-rbek
48
vulnerability VCID-qgp1-4efd-6yg6
49
vulnerability VCID-qvfs-2v1h-p3h4
50
vulnerability VCID-qy1a-x3ff-4bc8
51
vulnerability VCID-s1rj-1xbw-fbg5
52
vulnerability VCID-shch-yusm-1uck
53
vulnerability VCID-shjc-2j68-2yfy
54
vulnerability VCID-t952-ghnf-jkby
55
vulnerability VCID-u9q1-63gf-7feh
56
vulnerability VCID-ud73-4t2c-n3at
57
vulnerability VCID-vdpf-jddk-syda
58
vulnerability VCID-vgq9-s6th-yufg
59
vulnerability VCID-wa3g-27sx-mbcw
60
vulnerability VCID-wch3-d92x-sudf
61
vulnerability VCID-whgc-pt2s-77ar
62
vulnerability VCID-wnxx-rc7w-cke4
63
vulnerability VCID-x61x-6b6k-h3bn
64
vulnerability VCID-xcmd-18ck-gqae
65
vulnerability VCID-ynt9-h6ww-h7e9
66
vulnerability VCID-yreb-z7nz-jkbs
67
vulnerability VCID-yuda-1mur-8bbq
68
vulnerability VCID-z4x1-e7tp-rqhz
69
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4cp2-k4mn-8ffj
3
vulnerability VCID-4kcg-gx5y-cuaw
4
vulnerability VCID-4tyd-97z5-z3ar
5
vulnerability VCID-4z4e-8ttu-tyd6
6
vulnerability VCID-51tx-4tp9-kbcz
7
vulnerability VCID-5q58-pzt4-8uey
8
vulnerability VCID-5xtt-au84-zbb2
9
vulnerability VCID-6jpg-yrf8-cufy
10
vulnerability VCID-9end-mq19-rke5
11
vulnerability VCID-9kvc-1bdz-n3bd
12
vulnerability VCID-9mpt-zxaw-kkeg
13
vulnerability VCID-attf-6gj8-ebaj
14
vulnerability VCID-au8h-vj9k-pufv
15
vulnerability VCID-bb8b-hq41-s7a6
16
vulnerability VCID-c3m7-fu62-2qd9
17
vulnerability VCID-drwp-htkk-bkfh
18
vulnerability VCID-e12b-tw2c-53c9
19
vulnerability VCID-e8j6-mybr-17fh
20
vulnerability VCID-f4a7-tcz5-byfj
21
vulnerability VCID-fcg9-xypn-ykhf
22
vulnerability VCID-fhp8-tck4-mye4
23
vulnerability VCID-fksk-pr23-2yd8
24
vulnerability VCID-fsaw-3ta1-x3dw
25
vulnerability VCID-g44a-m54u-97cr
26
vulnerability VCID-gfar-wbzc-3ubr
27
vulnerability VCID-hh9b-52xn-z7a9
28
vulnerability VCID-j81e-su1y-tqa6
29
vulnerability VCID-jgv9-vdbm-sycd
30
vulnerability VCID-jybd-p65h-xffy
31
vulnerability VCID-m1dr-sjmw-jfd2
32
vulnerability VCID-m33h-4p9q-63fb
33
vulnerability VCID-m4wa-xv9b-q7ce
34
vulnerability VCID-n2v7-jqjy-37bc
35
vulnerability VCID-n9vn-4uxr-hkau
36
vulnerability VCID-na9w-xkvx-cbhd
37
vulnerability VCID-nss9-1yrb-x7f2
38
vulnerability VCID-pa7y-gpwp-6qgj
39
vulnerability VCID-pgtx-cdua-kfb4
40
vulnerability VCID-q8r2-m9s6-rbek
41
vulnerability VCID-qgp1-4efd-6yg6
42
vulnerability VCID-qvfs-2v1h-p3h4
43
vulnerability VCID-qy1a-x3ff-4bc8
44
vulnerability VCID-s1rj-1xbw-fbg5
45
vulnerability VCID-shch-yusm-1uck
46
vulnerability VCID-shjc-2j68-2yfy
47
vulnerability VCID-u9q1-63gf-7feh
48
vulnerability VCID-ud73-4t2c-n3at
49
vulnerability VCID-vdpf-jddk-syda
50
vulnerability VCID-vgq9-s6th-yufg
51
vulnerability VCID-wa3g-27sx-mbcw
52
vulnerability VCID-whgc-pt2s-77ar
53
vulnerability VCID-wnxx-rc7w-cke4
54
vulnerability VCID-xcmd-18ck-gqae
55
vulnerability VCID-ynt9-h6ww-h7e9
56
vulnerability VCID-yreb-z7nz-jkbs
57
vulnerability VCID-yuda-1mur-8bbq
58
vulnerability VCID-z4x1-e7tp-rqhz
59
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
2
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-55xg-pw9n-zkdy
3
vulnerability VCID-9gq3-whr8-s7b8
4
vulnerability VCID-abpe-htm1-9ubp
5
vulnerability VCID-eqsc-axng-ckca
6
vulnerability VCID-fsz5-dkw2-hyap
7
vulnerability VCID-fxuu-kk52-r7ch
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-kxdd-yzp3-r7cb
11
vulnerability VCID-m4am-h2ea-3ffr
12
vulnerability VCID-phkp-9abp-f3dq
13
vulnerability VCID-rqqc-ta7c-ykgx
14
vulnerability VCID-tktt-vg92-6kae
15
vulnerability VCID-tuqc-c251-h7ds
16
vulnerability VCID-w777-44ns-cybg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
aliases BIT-django-2025-59681, CVE-2025-59681, GHSA-hpr9-3m2g-3j9p, PYSEC-2025-106
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5xtt-au84-zbb2
6
url VCID-7c5n-nzwk-v7bz
vulnerability_id VCID-7c5n-nzwk-v7bz
summary 
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27.
`FilteredRelation` is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the `**kwargs` passed to `QuerySet.annotate()` or `QuerySet.alias()` on PostgreSQL.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Stackered for reporting this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13372.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13372.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-13372
reference_id
reference_type
scores
0
value 6e-05
scoring_system epss
scoring_elements 0.00334
published_at 2026-06-05T12:55:00Z
1
value 6e-05
scoring_system epss
scoring_elements 0.00335
published_at 2026-06-06T12:55:00Z
2
value 6e-05
scoring_system epss
scoring_elements 0.00327
published_at 2026-06-09T12:55:00Z
3
value 6e-05
scoring_system epss
scoring_elements 0.00329
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-13372
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
26
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-02T15:43:29Z/
url https://docs.djangoproject.com/en/dev/releases/security/
27
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
28
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
29
reference_url https://github.com/django/django/commit/479415ce5249bcdebeb6570c72df2a87f45a7bbf
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/479415ce5249bcdebeb6570c72df2a87f45a7bbf
30
reference_url https://github.com/django/django/commit/56aea00c3c5e1aacf4ed05f8ee06c2e78f02cea0
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/56aea00c3c5e1aacf4ed05f8ee06c2e78f02cea0
31
reference_url https://github.com/django/django/commit/5b90ca1e7591fa36fccf2d6dad67cf1477e6293e
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/5b90ca1e7591fa36fccf2d6dad67cf1477e6293e
32
reference_url https://github.com/django/django/commit/9c6a5bde24240382807d13bc3748d08444709355
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/9c6a5bde24240382807d13bc3748d08444709355
33
reference_url https://github.com/django/django/commit/f997037b235f6b5c9e7c4a501491ec45f3400f3d
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/f997037b235f6b5c9e7c4a501491ec45f3400f3d
34
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-104.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-104.yaml
35
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-02T15:43:29Z/
url https://groups.google.com/g/django-announce
36
reference_url https://www.djangoproject.com/weblog/2025/dec/02/security-releases
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2025/dec/02/security-releases
37
reference_url https://www.djangoproject.com/weblog/2025/dec/02/security-releases/
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-02T15:43:29Z/
url https://www.djangoproject.com/weblog/2025/dec/02/security-releases/
38
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121788
reference_id 1121788
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121788
39
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2418372
reference_id 2418372
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2418372
40
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-13372
reference_id CVE-2025-13372
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-13372
41
reference_url https://github.com/advisories/GHSA-rqw2-ghq9-44m7
reference_id GHSA-rqw2-ghq9-44m7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rqw2-ghq9-44m7
42
reference_url https://usn.ubuntu.com/7903-1/
reference_id USN-7903-1
reference_type
scores
url https://usn.ubuntu.com/7903-1/
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-322v-ntsv-7uge
3
vulnerability VCID-3mfy-uj9u-d7de
4
vulnerability VCID-4cp2-k4mn-8ffj
5
vulnerability VCID-4kcg-gx5y-cuaw
6
vulnerability VCID-4tyd-97z5-z3ar
7
vulnerability VCID-4z4e-8ttu-tyd6
8
vulnerability VCID-51tx-4tp9-kbcz
9
vulnerability VCID-5q58-pzt4-8uey
10
vulnerability VCID-5xtt-au84-zbb2
11
vulnerability VCID-6jpg-yrf8-cufy
12
vulnerability VCID-7c5n-nzwk-v7bz
13
vulnerability VCID-9end-mq19-rke5
14
vulnerability VCID-9kvc-1bdz-n3bd
15
vulnerability VCID-9mpt-zxaw-kkeg
16
vulnerability VCID-attf-6gj8-ebaj
17
vulnerability VCID-au8h-vj9k-pufv
18
vulnerability VCID-bb8b-hq41-s7a6
19
vulnerability VCID-c3m7-fu62-2qd9
20
vulnerability VCID-c58g-7jpv-t7hc
21
vulnerability VCID-drwp-htkk-bkfh
22
vulnerability VCID-e12b-tw2c-53c9
23
vulnerability VCID-e8j6-mybr-17fh
24
vulnerability VCID-f1br-hvnm-wfdg
25
vulnerability VCID-f4a7-tcz5-byfj
26
vulnerability VCID-fcg9-xypn-ykhf
27
vulnerability VCID-fhp8-tck4-mye4
28
vulnerability VCID-fksk-pr23-2yd8
29
vulnerability VCID-fsaw-3ta1-x3dw
30
vulnerability VCID-g44a-m54u-97cr
31
vulnerability VCID-gfar-wbzc-3ubr
32
vulnerability VCID-hh9b-52xn-z7a9
33
vulnerability VCID-hpj4-a9fa-4bca
34
vulnerability VCID-j81e-su1y-tqa6
35
vulnerability VCID-jgv9-vdbm-sycd
36
vulnerability VCID-jybd-p65h-xffy
37
vulnerability VCID-kbab-v2gz-dfe6
38
vulnerability VCID-m1dr-sjmw-jfd2
39
vulnerability VCID-m33h-4p9q-63fb
40
vulnerability VCID-m4wa-xv9b-q7ce
41
vulnerability VCID-n2v7-jqjy-37bc
42
vulnerability VCID-n9vn-4uxr-hkau
43
vulnerability VCID-na9w-xkvx-cbhd
44
vulnerability VCID-nss9-1yrb-x7f2
45
vulnerability VCID-pa7y-gpwp-6qgj
46
vulnerability VCID-pgtx-cdua-kfb4
47
vulnerability VCID-q8r2-m9s6-rbek
48
vulnerability VCID-qgp1-4efd-6yg6
49
vulnerability VCID-qvfs-2v1h-p3h4
50
vulnerability VCID-qy1a-x3ff-4bc8
51
vulnerability VCID-s1rj-1xbw-fbg5
52
vulnerability VCID-shch-yusm-1uck
53
vulnerability VCID-shjc-2j68-2yfy
54
vulnerability VCID-t952-ghnf-jkby
55
vulnerability VCID-u9q1-63gf-7feh
56
vulnerability VCID-ud73-4t2c-n3at
57
vulnerability VCID-vdpf-jddk-syda
58
vulnerability VCID-vgq9-s6th-yufg
59
vulnerability VCID-wa3g-27sx-mbcw
60
vulnerability VCID-wch3-d92x-sudf
61
vulnerability VCID-whgc-pt2s-77ar
62
vulnerability VCID-wnxx-rc7w-cke4
63
vulnerability VCID-x61x-6b6k-h3bn
64
vulnerability VCID-xcmd-18ck-gqae
65
vulnerability VCID-ynt9-h6ww-h7e9
66
vulnerability VCID-yreb-z7nz-jkbs
67
vulnerability VCID-yuda-1mur-8bbq
68
vulnerability VCID-z4x1-e7tp-rqhz
69
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4cp2-k4mn-8ffj
3
vulnerability VCID-4kcg-gx5y-cuaw
4
vulnerability VCID-4tyd-97z5-z3ar
5
vulnerability VCID-4z4e-8ttu-tyd6
6
vulnerability VCID-51tx-4tp9-kbcz
7
vulnerability VCID-5q58-pzt4-8uey
8
vulnerability VCID-5xtt-au84-zbb2
9
vulnerability VCID-6jpg-yrf8-cufy
10
vulnerability VCID-9end-mq19-rke5
11
vulnerability VCID-9kvc-1bdz-n3bd
12
vulnerability VCID-9mpt-zxaw-kkeg
13
vulnerability VCID-attf-6gj8-ebaj
14
vulnerability VCID-au8h-vj9k-pufv
15
vulnerability VCID-bb8b-hq41-s7a6
16
vulnerability VCID-c3m7-fu62-2qd9
17
vulnerability VCID-drwp-htkk-bkfh
18
vulnerability VCID-e12b-tw2c-53c9
19
vulnerability VCID-e8j6-mybr-17fh
20
vulnerability VCID-f4a7-tcz5-byfj
21
vulnerability VCID-fcg9-xypn-ykhf
22
vulnerability VCID-fhp8-tck4-mye4
23
vulnerability VCID-fksk-pr23-2yd8
24
vulnerability VCID-fsaw-3ta1-x3dw
25
vulnerability VCID-g44a-m54u-97cr
26
vulnerability VCID-gfar-wbzc-3ubr
27
vulnerability VCID-hh9b-52xn-z7a9
28
vulnerability VCID-j81e-su1y-tqa6
29
vulnerability VCID-jgv9-vdbm-sycd
30
vulnerability VCID-jybd-p65h-xffy
31
vulnerability VCID-m1dr-sjmw-jfd2
32
vulnerability VCID-m33h-4p9q-63fb
33
vulnerability VCID-m4wa-xv9b-q7ce
34
vulnerability VCID-n2v7-jqjy-37bc
35
vulnerability VCID-n9vn-4uxr-hkau
36
vulnerability VCID-na9w-xkvx-cbhd
37
vulnerability VCID-nss9-1yrb-x7f2
38
vulnerability VCID-pa7y-gpwp-6qgj
39
vulnerability VCID-pgtx-cdua-kfb4
40
vulnerability VCID-q8r2-m9s6-rbek
41
vulnerability VCID-qgp1-4efd-6yg6
42
vulnerability VCID-qvfs-2v1h-p3h4
43
vulnerability VCID-qy1a-x3ff-4bc8
44
vulnerability VCID-s1rj-1xbw-fbg5
45
vulnerability VCID-shch-yusm-1uck
46
vulnerability VCID-shjc-2j68-2yfy
47
vulnerability VCID-u9q1-63gf-7feh
48
vulnerability VCID-ud73-4t2c-n3at
49
vulnerability VCID-vdpf-jddk-syda
50
vulnerability VCID-vgq9-s6th-yufg
51
vulnerability VCID-wa3g-27sx-mbcw
52
vulnerability VCID-whgc-pt2s-77ar
53
vulnerability VCID-wnxx-rc7w-cke4
54
vulnerability VCID-xcmd-18ck-gqae
55
vulnerability VCID-ynt9-h6ww-h7e9
56
vulnerability VCID-yreb-z7nz-jkbs
57
vulnerability VCID-yuda-1mur-8bbq
58
vulnerability VCID-z4x1-e7tp-rqhz
59
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
aliases BIT-django-2025-13372, CVE-2025-13372, GHSA-rqw2-ghq9-44m7, PYSEC-2025-104
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7c5n-nzwk-v7bz
7
url VCID-9kvc-1bdz-n3bd
vulnerability_id VCID-9kvc-1bdz-n3bd
summary denial of service
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32873.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32873.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-32873
reference_id
reference_type
scores
0
value 0.00188
scoring_system epss
scoring_elements 0.4048
published_at 2026-06-05T12:55:00Z
1
value 0.00188
scoring_system epss
scoring_elements 0.40441
published_at 2026-06-09T12:55:00Z
2
value 0.00188
scoring_system epss
scoring_elements 0.40426
published_at 2026-06-08T12:55:00Z
3
value 0.00188
scoring_system epss
scoring_elements 0.40455
published_at 2026-06-07T12:55:00Z
4
value 0.00188
scoring_system epss
scoring_elements 0.40483
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-32873
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
26
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:36:22Z/
url https://docs.djangoproject.com/en/dev/releases/security/
27
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
28
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
29
reference_url https://github.com/django/django/commit/9f3419b519799d69f2aba70b9d25abe2e70d03e0
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/9f3419b519799d69f2aba70b9d25abe2e70d03e0
30
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-37.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-37.yaml
31
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:36:22Z/
url https://groups.google.com/g/django-announce
32
reference_url https://www.djangoproject.com/weblog/2025/may/07/security-releases
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2025/may/07/security-releases
33
reference_url https://www.djangoproject.com/weblog/2025/may/07/security-releases/
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T14:36:22Z/
url https://www.djangoproject.com/weblog/2025/may/07/security-releases/
34
reference_url http://www.openwall.com/lists/oss-security/2025/05/07/1
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/05/07/1
35
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104872
reference_id 1104872
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104872
36
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2364980
reference_id 2364980
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2364980
37
reference_url https://security.archlinux.org/ASA-202505-10
reference_id ASA-202505-10
reference_type
scores
url https://security.archlinux.org/ASA-202505-10
38
reference_url https://security.archlinux.org/AVG-2876
reference_id AVG-2876
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2876
39
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-32873
reference_id CVE-2025-32873
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-32873
40
reference_url https://github.com/advisories/GHSA-8j24-cjrq-gr2m
reference_id GHSA-8j24-cjrq-gr2m
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8j24-cjrq-gr2m
41
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
42
reference_url https://usn.ubuntu.com/7501-1/
reference_id USN-7501-1
reference_type
scores
url https://usn.ubuntu.com/7501-1/
43
reference_url https://usn.ubuntu.com/7501-2/
reference_id USN-7501-2
reference_type
scores
url https://usn.ubuntu.com/7501-2/
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-322v-ntsv-7uge
3
vulnerability VCID-3mfy-uj9u-d7de
4
vulnerability VCID-4cp2-k4mn-8ffj
5
vulnerability VCID-4kcg-gx5y-cuaw
6
vulnerability VCID-4tyd-97z5-z3ar
7
vulnerability VCID-4z4e-8ttu-tyd6
8
vulnerability VCID-51tx-4tp9-kbcz
9
vulnerability VCID-5q58-pzt4-8uey
10
vulnerability VCID-5xtt-au84-zbb2
11
vulnerability VCID-6jpg-yrf8-cufy
12
vulnerability VCID-7c5n-nzwk-v7bz
13
vulnerability VCID-9end-mq19-rke5
14
vulnerability VCID-9kvc-1bdz-n3bd
15
vulnerability VCID-9mpt-zxaw-kkeg
16
vulnerability VCID-attf-6gj8-ebaj
17
vulnerability VCID-au8h-vj9k-pufv
18
vulnerability VCID-bb8b-hq41-s7a6
19
vulnerability VCID-c3m7-fu62-2qd9
20
vulnerability VCID-c58g-7jpv-t7hc
21
vulnerability VCID-drwp-htkk-bkfh
22
vulnerability VCID-e12b-tw2c-53c9
23
vulnerability VCID-e8j6-mybr-17fh
24
vulnerability VCID-f1br-hvnm-wfdg
25
vulnerability VCID-f4a7-tcz5-byfj
26
vulnerability VCID-fcg9-xypn-ykhf
27
vulnerability VCID-fhp8-tck4-mye4
28
vulnerability VCID-fksk-pr23-2yd8
29
vulnerability VCID-fsaw-3ta1-x3dw
30
vulnerability VCID-g44a-m54u-97cr
31
vulnerability VCID-gfar-wbzc-3ubr
32
vulnerability VCID-hh9b-52xn-z7a9
33
vulnerability VCID-hpj4-a9fa-4bca
34
vulnerability VCID-j81e-su1y-tqa6
35
vulnerability VCID-jgv9-vdbm-sycd
36
vulnerability VCID-jybd-p65h-xffy
37
vulnerability VCID-kbab-v2gz-dfe6
38
vulnerability VCID-m1dr-sjmw-jfd2
39
vulnerability VCID-m33h-4p9q-63fb
40
vulnerability VCID-m4wa-xv9b-q7ce
41
vulnerability VCID-n2v7-jqjy-37bc
42
vulnerability VCID-n9vn-4uxr-hkau
43
vulnerability VCID-na9w-xkvx-cbhd
44
vulnerability VCID-nss9-1yrb-x7f2
45
vulnerability VCID-pa7y-gpwp-6qgj
46
vulnerability VCID-pgtx-cdua-kfb4
47
vulnerability VCID-q8r2-m9s6-rbek
48
vulnerability VCID-qgp1-4efd-6yg6
49
vulnerability VCID-qvfs-2v1h-p3h4
50
vulnerability VCID-qy1a-x3ff-4bc8
51
vulnerability VCID-s1rj-1xbw-fbg5
52
vulnerability VCID-shch-yusm-1uck
53
vulnerability VCID-shjc-2j68-2yfy
54
vulnerability VCID-t952-ghnf-jkby
55
vulnerability VCID-u9q1-63gf-7feh
56
vulnerability VCID-ud73-4t2c-n3at
57
vulnerability VCID-vdpf-jddk-syda
58
vulnerability VCID-vgq9-s6th-yufg
59
vulnerability VCID-wa3g-27sx-mbcw
60
vulnerability VCID-wch3-d92x-sudf
61
vulnerability VCID-whgc-pt2s-77ar
62
vulnerability VCID-wnxx-rc7w-cke4
63
vulnerability VCID-x61x-6b6k-h3bn
64
vulnerability VCID-xcmd-18ck-gqae
65
vulnerability VCID-ynt9-h6ww-h7e9
66
vulnerability VCID-yreb-z7nz-jkbs
67
vulnerability VCID-yuda-1mur-8bbq
68
vulnerability VCID-z4x1-e7tp-rqhz
69
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4cp2-k4mn-8ffj
3
vulnerability VCID-4kcg-gx5y-cuaw
4
vulnerability VCID-4tyd-97z5-z3ar
5
vulnerability VCID-4z4e-8ttu-tyd6
6
vulnerability VCID-51tx-4tp9-kbcz
7
vulnerability VCID-5q58-pzt4-8uey
8
vulnerability VCID-5xtt-au84-zbb2
9
vulnerability VCID-6jpg-yrf8-cufy
10
vulnerability VCID-9end-mq19-rke5
11
vulnerability VCID-9kvc-1bdz-n3bd
12
vulnerability VCID-9mpt-zxaw-kkeg
13
vulnerability VCID-attf-6gj8-ebaj
14
vulnerability VCID-au8h-vj9k-pufv
15
vulnerability VCID-bb8b-hq41-s7a6
16
vulnerability VCID-c3m7-fu62-2qd9
17
vulnerability VCID-drwp-htkk-bkfh
18
vulnerability VCID-e12b-tw2c-53c9
19
vulnerability VCID-e8j6-mybr-17fh
20
vulnerability VCID-f4a7-tcz5-byfj
21
vulnerability VCID-fcg9-xypn-ykhf
22
vulnerability VCID-fhp8-tck4-mye4
23
vulnerability VCID-fksk-pr23-2yd8
24
vulnerability VCID-fsaw-3ta1-x3dw
25
vulnerability VCID-g44a-m54u-97cr
26
vulnerability VCID-gfar-wbzc-3ubr
27
vulnerability VCID-hh9b-52xn-z7a9
28
vulnerability VCID-j81e-su1y-tqa6
29
vulnerability VCID-jgv9-vdbm-sycd
30
vulnerability VCID-jybd-p65h-xffy
31
vulnerability VCID-m1dr-sjmw-jfd2
32
vulnerability VCID-m33h-4p9q-63fb
33
vulnerability VCID-m4wa-xv9b-q7ce
34
vulnerability VCID-n2v7-jqjy-37bc
35
vulnerability VCID-n9vn-4uxr-hkau
36
vulnerability VCID-na9w-xkvx-cbhd
37
vulnerability VCID-nss9-1yrb-x7f2
38
vulnerability VCID-pa7y-gpwp-6qgj
39
vulnerability VCID-pgtx-cdua-kfb4
40
vulnerability VCID-q8r2-m9s6-rbek
41
vulnerability VCID-qgp1-4efd-6yg6
42
vulnerability VCID-qvfs-2v1h-p3h4
43
vulnerability VCID-qy1a-x3ff-4bc8
44
vulnerability VCID-s1rj-1xbw-fbg5
45
vulnerability VCID-shch-yusm-1uck
46
vulnerability VCID-shjc-2j68-2yfy
47
vulnerability VCID-u9q1-63gf-7feh
48
vulnerability VCID-ud73-4t2c-n3at
49
vulnerability VCID-vdpf-jddk-syda
50
vulnerability VCID-vgq9-s6th-yufg
51
vulnerability VCID-wa3g-27sx-mbcw
52
vulnerability VCID-whgc-pt2s-77ar
53
vulnerability VCID-wnxx-rc7w-cke4
54
vulnerability VCID-xcmd-18ck-gqae
55
vulnerability VCID-ynt9-h6ww-h7e9
56
vulnerability VCID-yreb-z7nz-jkbs
57
vulnerability VCID-yuda-1mur-8bbq
58
vulnerability VCID-z4x1-e7tp-rqhz
59
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
2
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-55xg-pw9n-zkdy
3
vulnerability VCID-9gq3-whr8-s7b8
4
vulnerability VCID-abpe-htm1-9ubp
5
vulnerability VCID-eqsc-axng-ckca
6
vulnerability VCID-fsz5-dkw2-hyap
7
vulnerability VCID-fxuu-kk52-r7ch
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-kxdd-yzp3-r7cb
11
vulnerability VCID-m4am-h2ea-3ffr
12
vulnerability VCID-phkp-9abp-f3dq
13
vulnerability VCID-rqqc-ta7c-ykgx
14
vulnerability VCID-tktt-vg92-6kae
15
vulnerability VCID-tuqc-c251-h7ds
16
vulnerability VCID-w777-44ns-cybg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
aliases BIT-django-2025-32873, CVE-2025-32873, GHSA-8j24-cjrq-gr2m, PYSEC-2025-37
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9kvc-1bdz-n3bd
8
url VCID-bb8b-hq41-s7a6
vulnerability_id VCID-bb8b-hq41-s7a6
summary An issue was discovered in Django 5.2 before 5.2.2, 5.1 before 5.1.10, and 4.2 before 4.2.22. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48432.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48432.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-48432
reference_id
reference_type
scores
0
value 0.00411
scoring_system epss
scoring_elements 0.61802
published_at 2026-06-09T12:55:00Z
1
value 0.00411
scoring_system epss
scoring_elements 0.61803
published_at 2026-06-05T12:55:00Z
2
value 0.00411
scoring_system epss
scoring_elements 0.61812
published_at 2026-06-06T12:55:00Z
3
value 0.00411
scoring_system epss
scoring_elements 0.618
published_at 2026-06-07T12:55:00Z
4
value 0.00411
scoring_system epss
scoring_elements 0.61785
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-48432
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
26
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/
url https://docs.djangoproject.com/en/dev/releases/security/
27
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
28
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
29
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-47.yaml
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-47.yaml
30
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/
url https://groups.google.com/g/django-announce
31
reference_url https://www.djangoproject.com/weblog/2025/jun/04/security-releases
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2025/jun/04/security-releases
32
reference_url https://www.djangoproject.com/weblog/2025/jun/04/security-releases/
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/
url https://www.djangoproject.com/weblog/2025/jun/04/security-releases/
33
reference_url https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases
34
reference_url http://www.openwall.com/lists/oss-security/2025/06/04/5
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/06/04/5
35
reference_url http://www.openwall.com/lists/oss-security/2025/06/10/2
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/06/10/2
36
reference_url http://www.openwall.com/lists/oss-security/2025/06/10/3
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/06/10/3
37
reference_url http://www.openwall.com/lists/oss-security/2025/06/10/4
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/06/10/4
38
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107282
reference_id 1107282
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107282
39
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2370365
reference_id 2370365
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2370365
40
reference_url https://security.archlinux.org/ASA-202506-6
reference_id ASA-202506-6
reference_type
scores
url https://security.archlinux.org/ASA-202506-6
41
reference_url https://security.archlinux.org/AVG-2894
reference_id AVG-2894
reference_type
scores
0
value Low
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2894
42
reference_url https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases/
reference_id bugfix-releases
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/
url https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases/
43
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-48432
reference_id CVE-2025-48432
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-48432
44
reference_url https://github.com/advisories/GHSA-7xr5-9hcq-chf9
reference_id GHSA-7xr5-9hcq-chf9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7xr5-9hcq-chf9
45
reference_url https://access.redhat.com/errata/RHSA-2025:14686
reference_id RHSA-2025:14686
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14686
46
reference_url https://access.redhat.com/errata/RHSA-2025:16487
reference_id RHSA-2025:16487
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:16487
47
reference_url https://usn.ubuntu.com/7555-1/
reference_id USN-7555-1
reference_type
scores
url https://usn.ubuntu.com/7555-1/
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-322v-ntsv-7uge
3
vulnerability VCID-3mfy-uj9u-d7de
4
vulnerability VCID-4cp2-k4mn-8ffj
5
vulnerability VCID-4kcg-gx5y-cuaw
6
vulnerability VCID-4tyd-97z5-z3ar
7
vulnerability VCID-4z4e-8ttu-tyd6
8
vulnerability VCID-51tx-4tp9-kbcz
9
vulnerability VCID-5q58-pzt4-8uey
10
vulnerability VCID-5xtt-au84-zbb2
11
vulnerability VCID-6jpg-yrf8-cufy
12
vulnerability VCID-7c5n-nzwk-v7bz
13
vulnerability VCID-9end-mq19-rke5
14
vulnerability VCID-9kvc-1bdz-n3bd
15
vulnerability VCID-9mpt-zxaw-kkeg
16
vulnerability VCID-attf-6gj8-ebaj
17
vulnerability VCID-au8h-vj9k-pufv
18
vulnerability VCID-bb8b-hq41-s7a6
19
vulnerability VCID-c3m7-fu62-2qd9
20
vulnerability VCID-c58g-7jpv-t7hc
21
vulnerability VCID-drwp-htkk-bkfh
22
vulnerability VCID-e12b-tw2c-53c9
23
vulnerability VCID-e8j6-mybr-17fh
24
vulnerability VCID-f1br-hvnm-wfdg
25
vulnerability VCID-f4a7-tcz5-byfj
26
vulnerability VCID-fcg9-xypn-ykhf
27
vulnerability VCID-fhp8-tck4-mye4
28
vulnerability VCID-fksk-pr23-2yd8
29
vulnerability VCID-fsaw-3ta1-x3dw
30
vulnerability VCID-g44a-m54u-97cr
31
vulnerability VCID-gfar-wbzc-3ubr
32
vulnerability VCID-hh9b-52xn-z7a9
33
vulnerability VCID-hpj4-a9fa-4bca
34
vulnerability VCID-j81e-su1y-tqa6
35
vulnerability VCID-jgv9-vdbm-sycd
36
vulnerability VCID-jybd-p65h-xffy
37
vulnerability VCID-kbab-v2gz-dfe6
38
vulnerability VCID-m1dr-sjmw-jfd2
39
vulnerability VCID-m33h-4p9q-63fb
40
vulnerability VCID-m4wa-xv9b-q7ce
41
vulnerability VCID-n2v7-jqjy-37bc
42
vulnerability VCID-n9vn-4uxr-hkau
43
vulnerability VCID-na9w-xkvx-cbhd
44
vulnerability VCID-nss9-1yrb-x7f2
45
vulnerability VCID-pa7y-gpwp-6qgj
46
vulnerability VCID-pgtx-cdua-kfb4
47
vulnerability VCID-q8r2-m9s6-rbek
48
vulnerability VCID-qgp1-4efd-6yg6
49
vulnerability VCID-qvfs-2v1h-p3h4
50
vulnerability VCID-qy1a-x3ff-4bc8
51
vulnerability VCID-s1rj-1xbw-fbg5
52
vulnerability VCID-shch-yusm-1uck
53
vulnerability VCID-shjc-2j68-2yfy
54
vulnerability VCID-t952-ghnf-jkby
55
vulnerability VCID-u9q1-63gf-7feh
56
vulnerability VCID-ud73-4t2c-n3at
57
vulnerability VCID-vdpf-jddk-syda
58
vulnerability VCID-vgq9-s6th-yufg
59
vulnerability VCID-wa3g-27sx-mbcw
60
vulnerability VCID-wch3-d92x-sudf
61
vulnerability VCID-whgc-pt2s-77ar
62
vulnerability VCID-wnxx-rc7w-cke4
63
vulnerability VCID-x61x-6b6k-h3bn
64
vulnerability VCID-xcmd-18ck-gqae
65
vulnerability VCID-ynt9-h6ww-h7e9
66
vulnerability VCID-yreb-z7nz-jkbs
67
vulnerability VCID-yuda-1mur-8bbq
68
vulnerability VCID-z4x1-e7tp-rqhz
69
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4cp2-k4mn-8ffj
3
vulnerability VCID-4kcg-gx5y-cuaw
4
vulnerability VCID-4tyd-97z5-z3ar
5
vulnerability VCID-4z4e-8ttu-tyd6
6
vulnerability VCID-51tx-4tp9-kbcz
7
vulnerability VCID-5q58-pzt4-8uey
8
vulnerability VCID-5xtt-au84-zbb2
9
vulnerability VCID-6jpg-yrf8-cufy
10
vulnerability VCID-9end-mq19-rke5
11
vulnerability VCID-9kvc-1bdz-n3bd
12
vulnerability VCID-9mpt-zxaw-kkeg
13
vulnerability VCID-attf-6gj8-ebaj
14
vulnerability VCID-au8h-vj9k-pufv
15
vulnerability VCID-bb8b-hq41-s7a6
16
vulnerability VCID-c3m7-fu62-2qd9
17
vulnerability VCID-drwp-htkk-bkfh
18
vulnerability VCID-e12b-tw2c-53c9
19
vulnerability VCID-e8j6-mybr-17fh
20
vulnerability VCID-f4a7-tcz5-byfj
21
vulnerability VCID-fcg9-xypn-ykhf
22
vulnerability VCID-fhp8-tck4-mye4
23
vulnerability VCID-fksk-pr23-2yd8
24
vulnerability VCID-fsaw-3ta1-x3dw
25
vulnerability VCID-g44a-m54u-97cr
26
vulnerability VCID-gfar-wbzc-3ubr
27
vulnerability VCID-hh9b-52xn-z7a9
28
vulnerability VCID-j81e-su1y-tqa6
29
vulnerability VCID-jgv9-vdbm-sycd
30
vulnerability VCID-jybd-p65h-xffy
31
vulnerability VCID-m1dr-sjmw-jfd2
32
vulnerability VCID-m33h-4p9q-63fb
33
vulnerability VCID-m4wa-xv9b-q7ce
34
vulnerability VCID-n2v7-jqjy-37bc
35
vulnerability VCID-n9vn-4uxr-hkau
36
vulnerability VCID-na9w-xkvx-cbhd
37
vulnerability VCID-nss9-1yrb-x7f2
38
vulnerability VCID-pa7y-gpwp-6qgj
39
vulnerability VCID-pgtx-cdua-kfb4
40
vulnerability VCID-q8r2-m9s6-rbek
41
vulnerability VCID-qgp1-4efd-6yg6
42
vulnerability VCID-qvfs-2v1h-p3h4
43
vulnerability VCID-qy1a-x3ff-4bc8
44
vulnerability VCID-s1rj-1xbw-fbg5
45
vulnerability VCID-shch-yusm-1uck
46
vulnerability VCID-shjc-2j68-2yfy
47
vulnerability VCID-u9q1-63gf-7feh
48
vulnerability VCID-ud73-4t2c-n3at
49
vulnerability VCID-vdpf-jddk-syda
50
vulnerability VCID-vgq9-s6th-yufg
51
vulnerability VCID-wa3g-27sx-mbcw
52
vulnerability VCID-whgc-pt2s-77ar
53
vulnerability VCID-wnxx-rc7w-cke4
54
vulnerability VCID-xcmd-18ck-gqae
55
vulnerability VCID-ynt9-h6ww-h7e9
56
vulnerability VCID-yreb-z7nz-jkbs
57
vulnerability VCID-yuda-1mur-8bbq
58
vulnerability VCID-z4x1-e7tp-rqhz
59
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
2
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-55xg-pw9n-zkdy
3
vulnerability VCID-9gq3-whr8-s7b8
4
vulnerability VCID-abpe-htm1-9ubp
5
vulnerability VCID-eqsc-axng-ckca
6
vulnerability VCID-fsz5-dkw2-hyap
7
vulnerability VCID-fxuu-kk52-r7ch
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-kxdd-yzp3-r7cb
11
vulnerability VCID-m4am-h2ea-3ffr
12
vulnerability VCID-phkp-9abp-f3dq
13
vulnerability VCID-rqqc-ta7c-ykgx
14
vulnerability VCID-tktt-vg92-6kae
15
vulnerability VCID-tuqc-c251-h7ds
16
vulnerability VCID-w777-44ns-cybg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
aliases BIT-django-2025-48432, CVE-2025-48432, GHSA-7xr5-9hcq-chf9, PYSEC-2025-47
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bb8b-hq41-s7a6
9
url VCID-c3m7-fu62-2qd9
vulnerability_id VCID-c3m7-fu62-2qd9
summary An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14232.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14232.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14232
reference_id
reference_type
scores
0
value 0.0297
scoring_system epss
scoring_elements 0.86781
published_at 2026-06-07T12:55:00Z
1
value 0.0297
scoring_system epss
scoring_elements 0.86763
published_at 2026-06-04T12:55:00Z
2
value 0.0297
scoring_system epss
scoring_elements 0.86784
published_at 2026-06-06T12:55:00Z
3
value 0.0297
scoring_system epss
scoring_elements 0.86786
published_at 2026-06-05T12:55:00Z
4
value 0.0297
scoring_system epss
scoring_elements 0.86782
published_at 2026-06-09T12:55:00Z
5
value 0.0297
scoring_system epss
scoring_elements 0.8677
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14232
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14233
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14233
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14234
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14234
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14235
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14235
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
25
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
26
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
27
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
28
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
29
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
30
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
31
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/
url https://docs.djangoproject.com/en/dev/releases/security/
32
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
33
reference_url https://github.com/advisories/GHSA-c4qh-4vgv-qc6g
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-c4qh-4vgv-qc6g
34
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
35
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-11.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-11.yaml
36
reference_url https://github.com/pypa/advisory-db/tree/main/vulns/django/PYSEC-2019-11.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-db/tree/main/vulns/django/PYSEC-2019-11.yaml
37
reference_url https://groups.google.com/forum/#%21topic/django-announce/jIoju2-KLDs
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/
url https://groups.google.com/forum/#%21topic/django-announce/jIoju2-KLDs
38
reference_url https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
39
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK
40
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK
41
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
42
reference_url https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/3LGJSPCN3VEG2UJPYCUB6TU75JTIV2TQ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/3LGJSPCN3VEG2UJPYCUB6TU75JTIV2TQ
43
reference_url https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/5XTP44JEOSNXRVW4JDZXA5XGMBDZLWSW
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/5XTP44JEOSNXRVW4JDZXA5XGMBDZLWSW
44
reference_url https://seclists.org/bugtraq/2019/Aug/15
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/
url https://seclists.org/bugtraq/2019/Aug/15
45
reference_url https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/
url https://security.gentoo.org/glsa/202004-17
46
reference_url https://security.netapp.com/advisory/ntap-20190828-0002
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190828-0002
47
reference_url https://security.netapp.com/advisory/ntap-20190828-0002/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/
url https://security.netapp.com/advisory/ntap-20190828-0002/
48
reference_url https://www.debian.org/security/2019/dsa-4498
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/
url https://www.debian.org/security/2019/dsa-4498
49
reference_url https://www.djangoproject.com/weblog/2019/aug/01/security-releases
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2019/aug/01/security-releases
50
reference_url https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/
url https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
51
reference_url https://www.openwall.com/lists/oss-security/2023/10/04/6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2023/10/04/6
52
reference_url http://www.openwall.com/lists/oss-security/2023/10/04/6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/
url http://www.openwall.com/lists/oss-security/2023/10/04/6
53
reference_url http://www.openwall.com/lists/oss-security/2024/03/04/1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/
url http://www.openwall.com/lists/oss-security/2024/03/04/1
54
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1734405
reference_id 1734405
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1734405
55
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934026
reference_id 934026
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934026
56
reference_url https://security.archlinux.org/ASA-201908-2
reference_id ASA-201908-2
reference_type
scores
url https://security.archlinux.org/ASA-201908-2
57
reference_url https://security.archlinux.org/AVG-1015
reference_id AVG-1015
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1015
58
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14232
reference_id CVE-2019-14232
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-14232
59
reference_url https://access.redhat.com/errata/RHSA-2020:1324
reference_id RHSA-2020:1324
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1324
60
reference_url https://access.redhat.com/errata/RHSA-2020:4390
reference_id RHSA-2020:4390
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4390
61
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
reference_id STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
62
reference_url https://usn.ubuntu.com/4084-1/
reference_id USN-4084-1
reference_type
scores
url https://usn.ubuntu.com/4084-1/
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-322v-ntsv-7uge
3
vulnerability VCID-3mfy-uj9u-d7de
4
vulnerability VCID-4cp2-k4mn-8ffj
5
vulnerability VCID-4kcg-gx5y-cuaw
6
vulnerability VCID-4tyd-97z5-z3ar
7
vulnerability VCID-4z4e-8ttu-tyd6
8
vulnerability VCID-51tx-4tp9-kbcz
9
vulnerability VCID-5q58-pzt4-8uey
10
vulnerability VCID-5xtt-au84-zbb2
11
vulnerability VCID-6jpg-yrf8-cufy
12
vulnerability VCID-7c5n-nzwk-v7bz
13
vulnerability VCID-9end-mq19-rke5
14
vulnerability VCID-9kvc-1bdz-n3bd
15
vulnerability VCID-9mpt-zxaw-kkeg
16
vulnerability VCID-attf-6gj8-ebaj
17
vulnerability VCID-au8h-vj9k-pufv
18
vulnerability VCID-bb8b-hq41-s7a6
19
vulnerability VCID-c3m7-fu62-2qd9
20
vulnerability VCID-c58g-7jpv-t7hc
21
vulnerability VCID-drwp-htkk-bkfh
22
vulnerability VCID-e12b-tw2c-53c9
23
vulnerability VCID-e8j6-mybr-17fh
24
vulnerability VCID-f1br-hvnm-wfdg
25
vulnerability VCID-f4a7-tcz5-byfj
26
vulnerability VCID-fcg9-xypn-ykhf
27
vulnerability VCID-fhp8-tck4-mye4
28
vulnerability VCID-fksk-pr23-2yd8
29
vulnerability VCID-fsaw-3ta1-x3dw
30
vulnerability VCID-g44a-m54u-97cr
31
vulnerability VCID-gfar-wbzc-3ubr
32
vulnerability VCID-hh9b-52xn-z7a9
33
vulnerability VCID-hpj4-a9fa-4bca
34
vulnerability VCID-j81e-su1y-tqa6
35
vulnerability VCID-jgv9-vdbm-sycd
36
vulnerability VCID-jybd-p65h-xffy
37
vulnerability VCID-kbab-v2gz-dfe6
38
vulnerability VCID-m1dr-sjmw-jfd2
39
vulnerability VCID-m33h-4p9q-63fb
40
vulnerability VCID-m4wa-xv9b-q7ce
41
vulnerability VCID-n2v7-jqjy-37bc
42
vulnerability VCID-n9vn-4uxr-hkau
43
vulnerability VCID-na9w-xkvx-cbhd
44
vulnerability VCID-nss9-1yrb-x7f2
45
vulnerability VCID-pa7y-gpwp-6qgj
46
vulnerability VCID-pgtx-cdua-kfb4
47
vulnerability VCID-q8r2-m9s6-rbek
48
vulnerability VCID-qgp1-4efd-6yg6
49
vulnerability VCID-qvfs-2v1h-p3h4
50
vulnerability VCID-qy1a-x3ff-4bc8
51
vulnerability VCID-s1rj-1xbw-fbg5
52
vulnerability VCID-shch-yusm-1uck
53
vulnerability VCID-shjc-2j68-2yfy
54
vulnerability VCID-t952-ghnf-jkby
55
vulnerability VCID-u9q1-63gf-7feh
56
vulnerability VCID-ud73-4t2c-n3at
57
vulnerability VCID-vdpf-jddk-syda
58
vulnerability VCID-vgq9-s6th-yufg
59
vulnerability VCID-wa3g-27sx-mbcw
60
vulnerability VCID-wch3-d92x-sudf
61
vulnerability VCID-whgc-pt2s-77ar
62
vulnerability VCID-wnxx-rc7w-cke4
63
vulnerability VCID-x61x-6b6k-h3bn
64
vulnerability VCID-xcmd-18ck-gqae
65
vulnerability VCID-ynt9-h6ww-h7e9
66
vulnerability VCID-yreb-z7nz-jkbs
67
vulnerability VCID-yuda-1mur-8bbq
68
vulnerability VCID-z4x1-e7tp-rqhz
69
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4cp2-k4mn-8ffj
3
vulnerability VCID-4kcg-gx5y-cuaw
4
vulnerability VCID-4tyd-97z5-z3ar
5
vulnerability VCID-4z4e-8ttu-tyd6
6
vulnerability VCID-51tx-4tp9-kbcz
7
vulnerability VCID-5q58-pzt4-8uey
8
vulnerability VCID-5xtt-au84-zbb2
9
vulnerability VCID-6jpg-yrf8-cufy
10
vulnerability VCID-9end-mq19-rke5
11
vulnerability VCID-9kvc-1bdz-n3bd
12
vulnerability VCID-9mpt-zxaw-kkeg
13
vulnerability VCID-attf-6gj8-ebaj
14
vulnerability VCID-au8h-vj9k-pufv
15
vulnerability VCID-bb8b-hq41-s7a6
16
vulnerability VCID-c3m7-fu62-2qd9
17
vulnerability VCID-drwp-htkk-bkfh
18
vulnerability VCID-e12b-tw2c-53c9
19
vulnerability VCID-e8j6-mybr-17fh
20
vulnerability VCID-f4a7-tcz5-byfj
21
vulnerability VCID-fcg9-xypn-ykhf
22
vulnerability VCID-fhp8-tck4-mye4
23
vulnerability VCID-fksk-pr23-2yd8
24
vulnerability VCID-fsaw-3ta1-x3dw
25
vulnerability VCID-g44a-m54u-97cr
26
vulnerability VCID-gfar-wbzc-3ubr
27
vulnerability VCID-hh9b-52xn-z7a9
28
vulnerability VCID-j81e-su1y-tqa6
29
vulnerability VCID-jgv9-vdbm-sycd
30
vulnerability VCID-jybd-p65h-xffy
31
vulnerability VCID-m1dr-sjmw-jfd2
32
vulnerability VCID-m33h-4p9q-63fb
33
vulnerability VCID-m4wa-xv9b-q7ce
34
vulnerability VCID-n2v7-jqjy-37bc
35
vulnerability VCID-n9vn-4uxr-hkau
36
vulnerability VCID-na9w-xkvx-cbhd
37
vulnerability VCID-nss9-1yrb-x7f2
38
vulnerability VCID-pa7y-gpwp-6qgj
39
vulnerability VCID-pgtx-cdua-kfb4
40
vulnerability VCID-q8r2-m9s6-rbek
41
vulnerability VCID-qgp1-4efd-6yg6
42
vulnerability VCID-qvfs-2v1h-p3h4
43
vulnerability VCID-qy1a-x3ff-4bc8
44
vulnerability VCID-s1rj-1xbw-fbg5
45
vulnerability VCID-shch-yusm-1uck
46
vulnerability VCID-shjc-2j68-2yfy
47
vulnerability VCID-u9q1-63gf-7feh
48
vulnerability VCID-ud73-4t2c-n3at
49
vulnerability VCID-vdpf-jddk-syda
50
vulnerability VCID-vgq9-s6th-yufg
51
vulnerability VCID-wa3g-27sx-mbcw
52
vulnerability VCID-whgc-pt2s-77ar
53
vulnerability VCID-wnxx-rc7w-cke4
54
vulnerability VCID-xcmd-18ck-gqae
55
vulnerability VCID-ynt9-h6ww-h7e9
56
vulnerability VCID-yreb-z7nz-jkbs
57
vulnerability VCID-yuda-1mur-8bbq
58
vulnerability VCID-z4x1-e7tp-rqhz
59
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
2
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-4kcg-gx5y-cuaw
3
vulnerability VCID-4tyd-97z5-z3ar
4
vulnerability VCID-55xg-pw9n-zkdy
5
vulnerability VCID-5xtt-au84-zbb2
6
vulnerability VCID-9gq3-whr8-s7b8
7
vulnerability VCID-9kvc-1bdz-n3bd
8
vulnerability VCID-abpe-htm1-9ubp
9
vulnerability VCID-bb8b-hq41-s7a6
10
vulnerability VCID-e12b-tw2c-53c9
11
vulnerability VCID-e8j6-mybr-17fh
12
vulnerability VCID-eqsc-axng-ckca
13
vulnerability VCID-fcg9-xypn-ykhf
14
vulnerability VCID-fsaw-3ta1-x3dw
15
vulnerability VCID-fsz5-dkw2-hyap
16
vulnerability VCID-fxuu-kk52-r7ch
17
vulnerability VCID-ga7z-wj4j-63h1
18
vulnerability VCID-hsjn-xnpp-5yeh
19
vulnerability VCID-jgv9-vdbm-sycd
20
vulnerability VCID-jybd-p65h-xffy
21
vulnerability VCID-kxdd-yzp3-r7cb
22
vulnerability VCID-m33h-4p9q-63fb
23
vulnerability VCID-m4am-h2ea-3ffr
24
vulnerability VCID-n2v7-jqjy-37bc
25
vulnerability VCID-pa7y-gpwp-6qgj
26
vulnerability VCID-phkp-9abp-f3dq
27
vulnerability VCID-qgp1-4efd-6yg6
28
vulnerability VCID-qy1a-x3ff-4bc8
29
vulnerability VCID-rqqc-ta7c-ykgx
30
vulnerability VCID-s1rj-1xbw-fbg5
31
vulnerability VCID-shch-yusm-1uck
32
vulnerability VCID-shjc-2j68-2yfy
33
vulnerability VCID-tktt-vg92-6kae
34
vulnerability VCID-tuqc-c251-h7ds
35
vulnerability VCID-ud73-4t2c-n3at
36
vulnerability VCID-vgq9-s6th-yufg
37
vulnerability VCID-w777-44ns-cybg
38
vulnerability VCID-wa3g-27sx-mbcw
39
vulnerability VCID-whgc-pt2s-77ar
40
vulnerability VCID-xcmd-18ck-gqae
41
vulnerability VCID-ynt9-h6ww-h7e9
42
vulnerability VCID-yuda-1mur-8bbq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
aliases CVE-2019-14232, GHSA-c4qh-4vgv-qc6g, PYSEC-2019-11
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c3m7-fu62-2qd9
10
url VCID-c58g-7jpv-t7hc
vulnerability_id VCID-c58g-7jpv-t7hc
summary An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2927
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2927
1
reference_url https://access.redhat.com/errata/RHSA-2019:0051
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0051
2
reference_url https://access.redhat.com/errata/RHSA-2019:0082
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0082
3
reference_url https://access.redhat.com/errata/RHSA-2019:0265
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0265
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7536.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7536.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-7536
reference_id
reference_type
scores
0
value 0.01372
scoring_system epss
scoring_elements 0.80581
published_at 2026-06-08T12:55:00Z
1
value 0.01372
scoring_system epss
scoring_elements 0.8056
published_at 2026-06-04T12:55:00Z
2
value 0.01372
scoring_system epss
scoring_elements 0.80586
published_at 2026-06-05T12:55:00Z
3
value 0.01372
scoring_system epss
scoring_elements 0.80602
published_at 2026-06-09T12:55:00Z
4
value 0.01372
scoring_system epss
scoring_elements 0.80588
published_at 2026-06-06T12:55:00Z
5
value 0.01372
scoring_system epss
scoring_elements 0.80585
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-7536
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7536
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7536
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7537
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7537
8
reference_url https://github.com/advisories/GHSA-r28v-mw67-m5p9
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-r28v-mw67-m5p9
9
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
10
reference_url https://github.com/django/django/commit/1ca63a66ef3163149ad822701273e8a1844192c2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/1ca63a66ef3163149ad822701273e8a1844192c2
11
reference_url https://github.com/django/django/commit/abf89d729f210c692a50e0ad3f75fb6bec6fae16
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/abf89d729f210c692a50e0ad3f75fb6bec6fae16
12
reference_url https://github.com/django/django/commit/e157315da3ae7005fa0683ffc9751dbeca7306c8
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/e157315da3ae7005fa0683ffc9751dbeca7306c8
13
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-5.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-5.yaml
14
reference_url https://lists.debian.org/debian-lts-announce/2018/03/msg00006.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/03/msg00006.html
15
reference_url https://usn.ubuntu.com/3591-1
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3591-1
16
reference_url https://usn.ubuntu.com/3591-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3591-1/
17
reference_url https://web.archive.org/web/20200227131019/http://www.securityfocus.com/bid/103361
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200227131019/http://www.securityfocus.com/bid/103361
18
reference_url https://www.debian.org/security/2018/dsa-4161
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2018/dsa-4161
19
reference_url https://www.djangoproject.com/weblog/2018/mar/06/security-releases
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2018/mar/06/security-releases
20
reference_url https://www.djangoproject.com/weblog/2018/mar/06/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2018/mar/06/security-releases/
21
reference_url http://www.securityfocus.com/bid/103361
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/103361
22
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1549777
reference_id 1549777
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1549777
23
reference_url https://security.archlinux.org/ASA-201803-5
reference_id ASA-201803-5
reference_type
scores
url https://security.archlinux.org/ASA-201803-5
24
reference_url https://security.archlinux.org/AVG-649
reference_id AVG-649
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-649
25
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-7536
reference_id CVE-2018-7536
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-7536
fixed_packages
0
url pkg:deb/debian/python-django@1.7.11-1%2Bdeb8u3
purl pkg:deb/debian/python-django@1.7.11-1%2Bdeb8u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-2yaw-hhv6-fygg
3
vulnerability VCID-322v-ntsv-7uge
4
vulnerability VCID-3kza-a88p-kfg7
5
vulnerability VCID-3mfy-uj9u-d7de
6
vulnerability VCID-4cp2-k4mn-8ffj
7
vulnerability VCID-4kcg-gx5y-cuaw
8
vulnerability VCID-4tyd-97z5-z3ar
9
vulnerability VCID-4z4e-8ttu-tyd6
10
vulnerability VCID-51tx-4tp9-kbcz
11
vulnerability VCID-5q58-pzt4-8uey
12
vulnerability VCID-5xtt-au84-zbb2
13
vulnerability VCID-6jpg-yrf8-cufy
14
vulnerability VCID-6wah-r8vr-5qc4
15
vulnerability VCID-7c5n-nzwk-v7bz
16
vulnerability VCID-8gus-er59-1qak
17
vulnerability VCID-9end-mq19-rke5
18
vulnerability VCID-9kvc-1bdz-n3bd
19
vulnerability VCID-9mpt-zxaw-kkeg
20
vulnerability VCID-attf-6gj8-ebaj
21
vulnerability VCID-au8h-vj9k-pufv
22
vulnerability VCID-bb8b-hq41-s7a6
23
vulnerability VCID-c3m7-fu62-2qd9
24
vulnerability VCID-c58g-7jpv-t7hc
25
vulnerability VCID-drwp-htkk-bkfh
26
vulnerability VCID-e12b-tw2c-53c9
27
vulnerability VCID-e8j6-mybr-17fh
28
vulnerability VCID-f1br-hvnm-wfdg
29
vulnerability VCID-f4a7-tcz5-byfj
30
vulnerability VCID-fcg9-xypn-ykhf
31
vulnerability VCID-fhp8-tck4-mye4
32
vulnerability VCID-fksk-pr23-2yd8
33
vulnerability VCID-fsaw-3ta1-x3dw
34
vulnerability VCID-g44a-m54u-97cr
35
vulnerability VCID-gfar-wbzc-3ubr
36
vulnerability VCID-hh9b-52xn-z7a9
37
vulnerability VCID-hpj4-a9fa-4bca
38
vulnerability VCID-j81e-su1y-tqa6
39
vulnerability VCID-jgv9-vdbm-sycd
40
vulnerability VCID-jybd-p65h-xffy
41
vulnerability VCID-kbab-v2gz-dfe6
42
vulnerability VCID-ksh8-pazn-dbca
43
vulnerability VCID-m1dr-sjmw-jfd2
44
vulnerability VCID-m33h-4p9q-63fb
45
vulnerability VCID-m4wa-xv9b-q7ce
46
vulnerability VCID-n2v7-jqjy-37bc
47
vulnerability VCID-n9vn-4uxr-hkau
48
vulnerability VCID-na9w-xkvx-cbhd
49
vulnerability VCID-nss9-1yrb-x7f2
50
vulnerability VCID-pa7y-gpwp-6qgj
51
vulnerability VCID-pgtx-cdua-kfb4
52
vulnerability VCID-q8r2-m9s6-rbek
53
vulnerability VCID-qgp1-4efd-6yg6
54
vulnerability VCID-qvfs-2v1h-p3h4
55
vulnerability VCID-qy1a-x3ff-4bc8
56
vulnerability VCID-qy2a-mvpz-q7eh
57
vulnerability VCID-rruq-9scz-vbg8
58
vulnerability VCID-rxxr-sseq-k7a9
59
vulnerability VCID-s1rj-1xbw-fbg5
60
vulnerability VCID-shch-yusm-1uck
61
vulnerability VCID-shjc-2j68-2yfy
62
vulnerability VCID-t952-ghnf-jkby
63
vulnerability VCID-u9q1-63gf-7feh
64
vulnerability VCID-ud73-4t2c-n3at
65
vulnerability VCID-upbz-vg19-rugv
66
vulnerability VCID-vdpf-jddk-syda
67
vulnerability VCID-vgq9-s6th-yufg
68
vulnerability VCID-wa3g-27sx-mbcw
69
vulnerability VCID-wch3-d92x-sudf
70
vulnerability VCID-weqb-fxu4-17e7
71
vulnerability VCID-whgc-pt2s-77ar
72
vulnerability VCID-wnxx-rc7w-cke4
73
vulnerability VCID-x61x-6b6k-h3bn
74
vulnerability VCID-xcmd-18ck-gqae
75
vulnerability VCID-ynt9-h6ww-h7e9
76
vulnerability VCID-yreb-z7nz-jkbs
77
vulnerability VCID-yuda-1mur-8bbq
78
vulnerability VCID-z4x1-e7tp-rqhz
79
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1.7.11-1%252Bdeb8u3
1
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-322v-ntsv-7uge
3
vulnerability VCID-3mfy-uj9u-d7de
4
vulnerability VCID-4cp2-k4mn-8ffj
5
vulnerability VCID-4kcg-gx5y-cuaw
6
vulnerability VCID-4tyd-97z5-z3ar
7
vulnerability VCID-4z4e-8ttu-tyd6
8
vulnerability VCID-51tx-4tp9-kbcz
9
vulnerability VCID-5q58-pzt4-8uey
10
vulnerability VCID-5xtt-au84-zbb2
11
vulnerability VCID-6jpg-yrf8-cufy
12
vulnerability VCID-7c5n-nzwk-v7bz
13
vulnerability VCID-9end-mq19-rke5
14
vulnerability VCID-9kvc-1bdz-n3bd
15
vulnerability VCID-9mpt-zxaw-kkeg
16
vulnerability VCID-attf-6gj8-ebaj
17
vulnerability VCID-au8h-vj9k-pufv
18
vulnerability VCID-bb8b-hq41-s7a6
19
vulnerability VCID-c3m7-fu62-2qd9
20
vulnerability VCID-c58g-7jpv-t7hc
21
vulnerability VCID-drwp-htkk-bkfh
22
vulnerability VCID-e12b-tw2c-53c9
23
vulnerability VCID-e8j6-mybr-17fh
24
vulnerability VCID-f1br-hvnm-wfdg
25
vulnerability VCID-f4a7-tcz5-byfj
26
vulnerability VCID-fcg9-xypn-ykhf
27
vulnerability VCID-fhp8-tck4-mye4
28
vulnerability VCID-fksk-pr23-2yd8
29
vulnerability VCID-fsaw-3ta1-x3dw
30
vulnerability VCID-g44a-m54u-97cr
31
vulnerability VCID-gfar-wbzc-3ubr
32
vulnerability VCID-hh9b-52xn-z7a9
33
vulnerability VCID-hpj4-a9fa-4bca
34
vulnerability VCID-j81e-su1y-tqa6
35
vulnerability VCID-jgv9-vdbm-sycd
36
vulnerability VCID-jybd-p65h-xffy
37
vulnerability VCID-kbab-v2gz-dfe6
38
vulnerability VCID-m1dr-sjmw-jfd2
39
vulnerability VCID-m33h-4p9q-63fb
40
vulnerability VCID-m4wa-xv9b-q7ce
41
vulnerability VCID-n2v7-jqjy-37bc
42
vulnerability VCID-n9vn-4uxr-hkau
43
vulnerability VCID-na9w-xkvx-cbhd
44
vulnerability VCID-nss9-1yrb-x7f2
45
vulnerability VCID-pa7y-gpwp-6qgj
46
vulnerability VCID-pgtx-cdua-kfb4
47
vulnerability VCID-q8r2-m9s6-rbek
48
vulnerability VCID-qgp1-4efd-6yg6
49
vulnerability VCID-qvfs-2v1h-p3h4
50
vulnerability VCID-qy1a-x3ff-4bc8
51
vulnerability VCID-s1rj-1xbw-fbg5
52
vulnerability VCID-shch-yusm-1uck
53
vulnerability VCID-shjc-2j68-2yfy
54
vulnerability VCID-t952-ghnf-jkby
55
vulnerability VCID-u9q1-63gf-7feh
56
vulnerability VCID-ud73-4t2c-n3at
57
vulnerability VCID-vdpf-jddk-syda
58
vulnerability VCID-vgq9-s6th-yufg
59
vulnerability VCID-wa3g-27sx-mbcw
60
vulnerability VCID-wch3-d92x-sudf
61
vulnerability VCID-whgc-pt2s-77ar
62
vulnerability VCID-wnxx-rc7w-cke4
63
vulnerability VCID-x61x-6b6k-h3bn
64
vulnerability VCID-xcmd-18ck-gqae
65
vulnerability VCID-ynt9-h6ww-h7e9
66
vulnerability VCID-yreb-z7nz-jkbs
67
vulnerability VCID-yuda-1mur-8bbq
68
vulnerability VCID-z4x1-e7tp-rqhz
69
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
2
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4cp2-k4mn-8ffj
3
vulnerability VCID-4kcg-gx5y-cuaw
4
vulnerability VCID-4tyd-97z5-z3ar
5
vulnerability VCID-4z4e-8ttu-tyd6
6
vulnerability VCID-51tx-4tp9-kbcz
7
vulnerability VCID-5q58-pzt4-8uey
8
vulnerability VCID-5xtt-au84-zbb2
9
vulnerability VCID-6jpg-yrf8-cufy
10
vulnerability VCID-9end-mq19-rke5
11
vulnerability VCID-9kvc-1bdz-n3bd
12
vulnerability VCID-9mpt-zxaw-kkeg
13
vulnerability VCID-attf-6gj8-ebaj
14
vulnerability VCID-au8h-vj9k-pufv
15
vulnerability VCID-bb8b-hq41-s7a6
16
vulnerability VCID-c3m7-fu62-2qd9
17
vulnerability VCID-drwp-htkk-bkfh
18
vulnerability VCID-e12b-tw2c-53c9
19
vulnerability VCID-e8j6-mybr-17fh
20
vulnerability VCID-f4a7-tcz5-byfj
21
vulnerability VCID-fcg9-xypn-ykhf
22
vulnerability VCID-fhp8-tck4-mye4
23
vulnerability VCID-fksk-pr23-2yd8
24
vulnerability VCID-fsaw-3ta1-x3dw
25
vulnerability VCID-g44a-m54u-97cr
26
vulnerability VCID-gfar-wbzc-3ubr
27
vulnerability VCID-hh9b-52xn-z7a9
28
vulnerability VCID-j81e-su1y-tqa6
29
vulnerability VCID-jgv9-vdbm-sycd
30
vulnerability VCID-jybd-p65h-xffy
31
vulnerability VCID-m1dr-sjmw-jfd2
32
vulnerability VCID-m33h-4p9q-63fb
33
vulnerability VCID-m4wa-xv9b-q7ce
34
vulnerability VCID-n2v7-jqjy-37bc
35
vulnerability VCID-n9vn-4uxr-hkau
36
vulnerability VCID-na9w-xkvx-cbhd
37
vulnerability VCID-nss9-1yrb-x7f2
38
vulnerability VCID-pa7y-gpwp-6qgj
39
vulnerability VCID-pgtx-cdua-kfb4
40
vulnerability VCID-q8r2-m9s6-rbek
41
vulnerability VCID-qgp1-4efd-6yg6
42
vulnerability VCID-qvfs-2v1h-p3h4
43
vulnerability VCID-qy1a-x3ff-4bc8
44
vulnerability VCID-s1rj-1xbw-fbg5
45
vulnerability VCID-shch-yusm-1uck
46
vulnerability VCID-shjc-2j68-2yfy
47
vulnerability VCID-u9q1-63gf-7feh
48
vulnerability VCID-ud73-4t2c-n3at
49
vulnerability VCID-vdpf-jddk-syda
50
vulnerability VCID-vgq9-s6th-yufg
51
vulnerability VCID-wa3g-27sx-mbcw
52
vulnerability VCID-whgc-pt2s-77ar
53
vulnerability VCID-wnxx-rc7w-cke4
54
vulnerability VCID-xcmd-18ck-gqae
55
vulnerability VCID-ynt9-h6ww-h7e9
56
vulnerability VCID-yreb-z7nz-jkbs
57
vulnerability VCID-yuda-1mur-8bbq
58
vulnerability VCID-z4x1-e7tp-rqhz
59
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
aliases CVE-2018-7536, GHSA-r28v-mw67-m5p9, PYSEC-2018-5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c58g-7jpv-t7hc
11
url VCID-e12b-tw2c-53c9
vulnerability_id VCID-e12b-tw2c-53c9
summary An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41991.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41991.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-41991
reference_id
reference_type
scores
0
value 0.0091
scoring_system epss
scoring_elements 0.76222
published_at 2026-06-05T12:55:00Z
1
value 0.0091
scoring_system epss
scoring_elements 0.7623
published_at 2026-06-09T12:55:00Z
2
value 0.0091
scoring_system epss
scoring_elements 0.76224
published_at 2026-06-06T12:55:00Z
3
value 0.0091
scoring_system epss
scoring_elements 0.76206
published_at 2026-06-08T12:55:00Z
4
value 0.0091
scoring_system epss
scoring_elements 0.76217
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-41991
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
26
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-07T17:57:11Z/
url https://docs.djangoproject.com/en/dev/releases/security/
27
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
28
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
29
reference_url https://github.com/django/django/commit/523da8771bce321023f490f70d71a9e973ddc927
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/523da8771bce321023f490f70d71a9e973ddc927
30
reference_url https://github.com/django/django/commit/efea1ef7e2190e3f77ca0651b5458297bc0f6a9f
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/efea1ef7e2190e3f77ca0651b5458297bc0f6a9f
31
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-69.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-69.yaml
32
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-07T17:57:11Z/
url https://groups.google.com/forum/#%21forum/django-announce
33
reference_url https://security.netapp.com/advisory/ntap-20240905-0007
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240905-0007
34
reference_url https://www.djangoproject.com/weblog/2024/aug/06/security-releases
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2024/aug/06/security-releases
35
reference_url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-07T17:57:11Z/
url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
36
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074
reference_id 1078074
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074
37
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2302435
reference_id 2302435
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2302435
38
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-41991
reference_id CVE-2024-41991
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-41991
39
reference_url https://github.com/advisories/GHSA-r836-hh6v-rg5g
reference_id GHSA-r836-hh6v-rg5g
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r836-hh6v-rg5g
40
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
41
reference_url https://access.redhat.com/errata/RHSA-2024:6428
reference_id RHSA-2024:6428
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6428
42
reference_url https://access.redhat.com/errata/RHSA-2024:7987
reference_id RHSA-2024:7987
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:7987
43
reference_url https://access.redhat.com/errata/RHSA-2025:1335
reference_id RHSA-2025:1335
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1335
44
reference_url https://usn.ubuntu.com/6946-1/
reference_id USN-6946-1
reference_type
scores
url https://usn.ubuntu.com/6946-1/
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-322v-ntsv-7uge
3
vulnerability VCID-3mfy-uj9u-d7de
4
vulnerability VCID-4cp2-k4mn-8ffj
5
vulnerability VCID-4kcg-gx5y-cuaw
6
vulnerability VCID-4tyd-97z5-z3ar
7
vulnerability VCID-4z4e-8ttu-tyd6
8
vulnerability VCID-51tx-4tp9-kbcz
9
vulnerability VCID-5q58-pzt4-8uey
10
vulnerability VCID-5xtt-au84-zbb2
11
vulnerability VCID-6jpg-yrf8-cufy
12
vulnerability VCID-7c5n-nzwk-v7bz
13
vulnerability VCID-9end-mq19-rke5
14
vulnerability VCID-9kvc-1bdz-n3bd
15
vulnerability VCID-9mpt-zxaw-kkeg
16
vulnerability VCID-attf-6gj8-ebaj
17
vulnerability VCID-au8h-vj9k-pufv
18
vulnerability VCID-bb8b-hq41-s7a6
19
vulnerability VCID-c3m7-fu62-2qd9
20
vulnerability VCID-c58g-7jpv-t7hc
21
vulnerability VCID-drwp-htkk-bkfh
22
vulnerability VCID-e12b-tw2c-53c9
23
vulnerability VCID-e8j6-mybr-17fh
24
vulnerability VCID-f1br-hvnm-wfdg
25
vulnerability VCID-f4a7-tcz5-byfj
26
vulnerability VCID-fcg9-xypn-ykhf
27
vulnerability VCID-fhp8-tck4-mye4
28
vulnerability VCID-fksk-pr23-2yd8
29
vulnerability VCID-fsaw-3ta1-x3dw
30
vulnerability VCID-g44a-m54u-97cr
31
vulnerability VCID-gfar-wbzc-3ubr
32
vulnerability VCID-hh9b-52xn-z7a9
33
vulnerability VCID-hpj4-a9fa-4bca
34
vulnerability VCID-j81e-su1y-tqa6
35
vulnerability VCID-jgv9-vdbm-sycd
36
vulnerability VCID-jybd-p65h-xffy
37
vulnerability VCID-kbab-v2gz-dfe6
38
vulnerability VCID-m1dr-sjmw-jfd2
39
vulnerability VCID-m33h-4p9q-63fb
40
vulnerability VCID-m4wa-xv9b-q7ce
41
vulnerability VCID-n2v7-jqjy-37bc
42
vulnerability VCID-n9vn-4uxr-hkau
43
vulnerability VCID-na9w-xkvx-cbhd
44
vulnerability VCID-nss9-1yrb-x7f2
45
vulnerability VCID-pa7y-gpwp-6qgj
46
vulnerability VCID-pgtx-cdua-kfb4
47
vulnerability VCID-q8r2-m9s6-rbek
48
vulnerability VCID-qgp1-4efd-6yg6
49
vulnerability VCID-qvfs-2v1h-p3h4
50
vulnerability VCID-qy1a-x3ff-4bc8
51
vulnerability VCID-s1rj-1xbw-fbg5
52
vulnerability VCID-shch-yusm-1uck
53
vulnerability VCID-shjc-2j68-2yfy
54
vulnerability VCID-t952-ghnf-jkby
55
vulnerability VCID-u9q1-63gf-7feh
56
vulnerability VCID-ud73-4t2c-n3at
57
vulnerability VCID-vdpf-jddk-syda
58
vulnerability VCID-vgq9-s6th-yufg
59
vulnerability VCID-wa3g-27sx-mbcw
60
vulnerability VCID-wch3-d92x-sudf
61
vulnerability VCID-whgc-pt2s-77ar
62
vulnerability VCID-wnxx-rc7w-cke4
63
vulnerability VCID-x61x-6b6k-h3bn
64
vulnerability VCID-xcmd-18ck-gqae
65
vulnerability VCID-ynt9-h6ww-h7e9
66
vulnerability VCID-yreb-z7nz-jkbs
67
vulnerability VCID-yuda-1mur-8bbq
68
vulnerability VCID-z4x1-e7tp-rqhz
69
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4cp2-k4mn-8ffj
3
vulnerability VCID-4kcg-gx5y-cuaw
4
vulnerability VCID-4tyd-97z5-z3ar
5
vulnerability VCID-4z4e-8ttu-tyd6
6
vulnerability VCID-51tx-4tp9-kbcz
7
vulnerability VCID-5q58-pzt4-8uey
8
vulnerability VCID-5xtt-au84-zbb2
9
vulnerability VCID-6jpg-yrf8-cufy
10
vulnerability VCID-9end-mq19-rke5
11
vulnerability VCID-9kvc-1bdz-n3bd
12
vulnerability VCID-9mpt-zxaw-kkeg
13
vulnerability VCID-attf-6gj8-ebaj
14
vulnerability VCID-au8h-vj9k-pufv
15
vulnerability VCID-bb8b-hq41-s7a6
16
vulnerability VCID-c3m7-fu62-2qd9
17
vulnerability VCID-drwp-htkk-bkfh
18
vulnerability VCID-e12b-tw2c-53c9
19
vulnerability VCID-e8j6-mybr-17fh
20
vulnerability VCID-f4a7-tcz5-byfj
21
vulnerability VCID-fcg9-xypn-ykhf
22
vulnerability VCID-fhp8-tck4-mye4
23
vulnerability VCID-fksk-pr23-2yd8
24
vulnerability VCID-fsaw-3ta1-x3dw
25
vulnerability VCID-g44a-m54u-97cr
26
vulnerability VCID-gfar-wbzc-3ubr
27
vulnerability VCID-hh9b-52xn-z7a9
28
vulnerability VCID-j81e-su1y-tqa6
29
vulnerability VCID-jgv9-vdbm-sycd
30
vulnerability VCID-jybd-p65h-xffy
31
vulnerability VCID-m1dr-sjmw-jfd2
32
vulnerability VCID-m33h-4p9q-63fb
33
vulnerability VCID-m4wa-xv9b-q7ce
34
vulnerability VCID-n2v7-jqjy-37bc
35
vulnerability VCID-n9vn-4uxr-hkau
36
vulnerability VCID-na9w-xkvx-cbhd
37
vulnerability VCID-nss9-1yrb-x7f2
38
vulnerability VCID-pa7y-gpwp-6qgj
39
vulnerability VCID-pgtx-cdua-kfb4
40
vulnerability VCID-q8r2-m9s6-rbek
41
vulnerability VCID-qgp1-4efd-6yg6
42
vulnerability VCID-qvfs-2v1h-p3h4
43
vulnerability VCID-qy1a-x3ff-4bc8
44
vulnerability VCID-s1rj-1xbw-fbg5
45
vulnerability VCID-shch-yusm-1uck
46
vulnerability VCID-shjc-2j68-2yfy
47
vulnerability VCID-u9q1-63gf-7feh
48
vulnerability VCID-ud73-4t2c-n3at
49
vulnerability VCID-vdpf-jddk-syda
50
vulnerability VCID-vgq9-s6th-yufg
51
vulnerability VCID-wa3g-27sx-mbcw
52
vulnerability VCID-whgc-pt2s-77ar
53
vulnerability VCID-wnxx-rc7w-cke4
54
vulnerability VCID-xcmd-18ck-gqae
55
vulnerability VCID-ynt9-h6ww-h7e9
56
vulnerability VCID-yreb-z7nz-jkbs
57
vulnerability VCID-yuda-1mur-8bbq
58
vulnerability VCID-z4x1-e7tp-rqhz
59
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
2
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-55xg-pw9n-zkdy
3
vulnerability VCID-9gq3-whr8-s7b8
4
vulnerability VCID-abpe-htm1-9ubp
5
vulnerability VCID-eqsc-axng-ckca
6
vulnerability VCID-fsz5-dkw2-hyap
7
vulnerability VCID-fxuu-kk52-r7ch
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-kxdd-yzp3-r7cb
11
vulnerability VCID-m4am-h2ea-3ffr
12
vulnerability VCID-phkp-9abp-f3dq
13
vulnerability VCID-rqqc-ta7c-ykgx
14
vulnerability VCID-tktt-vg92-6kae
15
vulnerability VCID-tuqc-c251-h7ds
16
vulnerability VCID-w777-44ns-cybg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
aliases BIT-django-2024-41991, CVE-2024-41991, GHSA-r836-hh6v-rg5g, PYSEC-2024-69
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e12b-tw2c-53c9
12
url VCID-e8j6-mybr-17fh
vulnerability_id VCID-e8j6-mybr-17fh
summary An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations from the parent class, potentially allow directory traversal via certain inputs during a save() call. (Built-in Storage sub-classes are unaffected.)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39330.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39330.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-39330
reference_id
reference_type
scores
0
value 0.00186
scoring_system epss
scoring_elements 0.40254
published_at 2026-06-09T12:55:00Z
1
value 0.00186
scoring_system epss
scoring_elements 0.4024
published_at 2026-06-08T12:55:00Z
2
value 0.00186
scoring_system epss
scoring_elements 0.40269
published_at 2026-06-07T12:55:00Z
3
value 0.00186
scoring_system epss
scoring_elements 0.40297
published_at 2026-06-06T12:55:00Z
4
value 0.00186
scoring_system epss
scoring_elements 0.40294
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-39330
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
26
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-10T13:59:56Z/
url https://docs.djangoproject.com/en/dev/releases/security/
27
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
28
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
29
reference_url https://github.com/django/django/commit/2b00edc0151a660d1eb86da4059904a0fc4e095e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/2b00edc0151a660d1eb86da4059904a0fc4e095e
30
reference_url https://github.com/django/django/commit/9f4f63e9ebb7bf6cb9547ee4e2526b9b96703270
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/9f4f63e9ebb7bf6cb9547ee4e2526b9b96703270
31
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-58.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-58.yaml
32
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-10T13:59:56Z/
url https://groups.google.com/forum/#%21forum/django-announce
33
reference_url https://security.netapp.com/advisory/ntap-20240808-0005
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240808-0005
34
reference_url https://www.djangoproject.com/weblog/2024/jul/09/security-releases
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2024/jul/09/security-releases
35
reference_url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-10T13:59:56Z/
url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
36
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076069
reference_id 1076069
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076069
37
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2295937
reference_id 2295937
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2295937
38
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-39330
reference_id CVE-2024-39330
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-39330
39
reference_url https://github.com/advisories/GHSA-9jmf-237g-qf46
reference_id GHSA-9jmf-237g-qf46
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9jmf-237g-qf46
40
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
41
reference_url https://access.redhat.com/errata/RHSA-2024:6428
reference_id RHSA-2024:6428
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6428
42
reference_url https://access.redhat.com/errata/RHSA-2024:8906
reference_id RHSA-2024:8906
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8906
43
reference_url https://access.redhat.com/errata/RHSA-2024:9481
reference_id RHSA-2024:9481
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9481
44
reference_url https://usn.ubuntu.com/6888-1/
reference_id USN-6888-1
reference_type
scores
url https://usn.ubuntu.com/6888-1/
45
reference_url https://usn.ubuntu.com/6888-2/
reference_id USN-6888-2
reference_type
scores
url https://usn.ubuntu.com/6888-2/
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-322v-ntsv-7uge
3
vulnerability VCID-3mfy-uj9u-d7de
4
vulnerability VCID-4cp2-k4mn-8ffj
5
vulnerability VCID-4kcg-gx5y-cuaw
6
vulnerability VCID-4tyd-97z5-z3ar
7
vulnerability VCID-4z4e-8ttu-tyd6
8
vulnerability VCID-51tx-4tp9-kbcz
9
vulnerability VCID-5q58-pzt4-8uey
10
vulnerability VCID-5xtt-au84-zbb2
11
vulnerability VCID-6jpg-yrf8-cufy
12
vulnerability VCID-7c5n-nzwk-v7bz
13
vulnerability VCID-9end-mq19-rke5
14
vulnerability VCID-9kvc-1bdz-n3bd
15
vulnerability VCID-9mpt-zxaw-kkeg
16
vulnerability VCID-attf-6gj8-ebaj
17
vulnerability VCID-au8h-vj9k-pufv
18
vulnerability VCID-bb8b-hq41-s7a6
19
vulnerability VCID-c3m7-fu62-2qd9
20
vulnerability VCID-c58g-7jpv-t7hc
21
vulnerability VCID-drwp-htkk-bkfh
22
vulnerability VCID-e12b-tw2c-53c9
23
vulnerability VCID-e8j6-mybr-17fh
24
vulnerability VCID-f1br-hvnm-wfdg
25
vulnerability VCID-f4a7-tcz5-byfj
26
vulnerability VCID-fcg9-xypn-ykhf
27
vulnerability VCID-fhp8-tck4-mye4
28
vulnerability VCID-fksk-pr23-2yd8
29
vulnerability VCID-fsaw-3ta1-x3dw
30
vulnerability VCID-g44a-m54u-97cr
31
vulnerability VCID-gfar-wbzc-3ubr
32
vulnerability VCID-hh9b-52xn-z7a9
33
vulnerability VCID-hpj4-a9fa-4bca
34
vulnerability VCID-j81e-su1y-tqa6
35
vulnerability VCID-jgv9-vdbm-sycd
36
vulnerability VCID-jybd-p65h-xffy
37
vulnerability VCID-kbab-v2gz-dfe6
38
vulnerability VCID-m1dr-sjmw-jfd2
39
vulnerability VCID-m33h-4p9q-63fb
40
vulnerability VCID-m4wa-xv9b-q7ce
41
vulnerability VCID-n2v7-jqjy-37bc
42
vulnerability VCID-n9vn-4uxr-hkau
43
vulnerability VCID-na9w-xkvx-cbhd
44
vulnerability VCID-nss9-1yrb-x7f2
45
vulnerability VCID-pa7y-gpwp-6qgj
46
vulnerability VCID-pgtx-cdua-kfb4
47
vulnerability VCID-q8r2-m9s6-rbek
48
vulnerability VCID-qgp1-4efd-6yg6
49
vulnerability VCID-qvfs-2v1h-p3h4
50
vulnerability VCID-qy1a-x3ff-4bc8
51
vulnerability VCID-s1rj-1xbw-fbg5
52
vulnerability VCID-shch-yusm-1uck
53
vulnerability VCID-shjc-2j68-2yfy
54
vulnerability VCID-t952-ghnf-jkby
55
vulnerability VCID-u9q1-63gf-7feh
56
vulnerability VCID-ud73-4t2c-n3at
57
vulnerability VCID-vdpf-jddk-syda
58
vulnerability VCID-vgq9-s6th-yufg
59
vulnerability VCID-wa3g-27sx-mbcw
60
vulnerability VCID-wch3-d92x-sudf
61
vulnerability VCID-whgc-pt2s-77ar
62
vulnerability VCID-wnxx-rc7w-cke4
63
vulnerability VCID-x61x-6b6k-h3bn
64
vulnerability VCID-xcmd-18ck-gqae
65
vulnerability VCID-ynt9-h6ww-h7e9
66
vulnerability VCID-yreb-z7nz-jkbs
67
vulnerability VCID-yuda-1mur-8bbq
68
vulnerability VCID-z4x1-e7tp-rqhz
69
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4cp2-k4mn-8ffj
3
vulnerability VCID-4kcg-gx5y-cuaw
4
vulnerability VCID-4tyd-97z5-z3ar
5
vulnerability VCID-4z4e-8ttu-tyd6
6
vulnerability VCID-51tx-4tp9-kbcz
7
vulnerability VCID-5q58-pzt4-8uey
8
vulnerability VCID-5xtt-au84-zbb2
9
vulnerability VCID-6jpg-yrf8-cufy
10
vulnerability VCID-9end-mq19-rke5
11
vulnerability VCID-9kvc-1bdz-n3bd
12
vulnerability VCID-9mpt-zxaw-kkeg
13
vulnerability VCID-attf-6gj8-ebaj
14
vulnerability VCID-au8h-vj9k-pufv
15
vulnerability VCID-bb8b-hq41-s7a6
16
vulnerability VCID-c3m7-fu62-2qd9
17
vulnerability VCID-drwp-htkk-bkfh
18
vulnerability VCID-e12b-tw2c-53c9
19
vulnerability VCID-e8j6-mybr-17fh
20
vulnerability VCID-f4a7-tcz5-byfj
21
vulnerability VCID-fcg9-xypn-ykhf
22
vulnerability VCID-fhp8-tck4-mye4
23
vulnerability VCID-fksk-pr23-2yd8
24
vulnerability VCID-fsaw-3ta1-x3dw
25
vulnerability VCID-g44a-m54u-97cr
26
vulnerability VCID-gfar-wbzc-3ubr
27
vulnerability VCID-hh9b-52xn-z7a9
28
vulnerability VCID-j81e-su1y-tqa6
29
vulnerability VCID-jgv9-vdbm-sycd
30
vulnerability VCID-jybd-p65h-xffy
31
vulnerability VCID-m1dr-sjmw-jfd2
32
vulnerability VCID-m33h-4p9q-63fb
33
vulnerability VCID-m4wa-xv9b-q7ce
34
vulnerability VCID-n2v7-jqjy-37bc
35
vulnerability VCID-n9vn-4uxr-hkau
36
vulnerability VCID-na9w-xkvx-cbhd
37
vulnerability VCID-nss9-1yrb-x7f2
38
vulnerability VCID-pa7y-gpwp-6qgj
39
vulnerability VCID-pgtx-cdua-kfb4
40
vulnerability VCID-q8r2-m9s6-rbek
41
vulnerability VCID-qgp1-4efd-6yg6
42
vulnerability VCID-qvfs-2v1h-p3h4
43
vulnerability VCID-qy1a-x3ff-4bc8
44
vulnerability VCID-s1rj-1xbw-fbg5
45
vulnerability VCID-shch-yusm-1uck
46
vulnerability VCID-shjc-2j68-2yfy
47
vulnerability VCID-u9q1-63gf-7feh
48
vulnerability VCID-ud73-4t2c-n3at
49
vulnerability VCID-vdpf-jddk-syda
50
vulnerability VCID-vgq9-s6th-yufg
51
vulnerability VCID-wa3g-27sx-mbcw
52
vulnerability VCID-whgc-pt2s-77ar
53
vulnerability VCID-wnxx-rc7w-cke4
54
vulnerability VCID-xcmd-18ck-gqae
55
vulnerability VCID-ynt9-h6ww-h7e9
56
vulnerability VCID-yreb-z7nz-jkbs
57
vulnerability VCID-yuda-1mur-8bbq
58
vulnerability VCID-z4x1-e7tp-rqhz
59
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
2
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-55xg-pw9n-zkdy
3
vulnerability VCID-9gq3-whr8-s7b8
4
vulnerability VCID-abpe-htm1-9ubp
5
vulnerability VCID-eqsc-axng-ckca
6
vulnerability VCID-fsz5-dkw2-hyap
7
vulnerability VCID-fxuu-kk52-r7ch
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-kxdd-yzp3-r7cb
11
vulnerability VCID-m4am-h2ea-3ffr
12
vulnerability VCID-phkp-9abp-f3dq
13
vulnerability VCID-rqqc-ta7c-ykgx
14
vulnerability VCID-tktt-vg92-6kae
15
vulnerability VCID-tuqc-c251-h7ds
16
vulnerability VCID-w777-44ns-cybg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
aliases BIT-django-2024-39330, CVE-2024-39330, GHSA-9jmf-237g-qf46, PYSEC-2024-58
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e8j6-mybr-17fh
13
url VCID-f1br-hvnm-wfdg
vulnerability_id VCID-f1br-hvnm-wfdg
summary In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3498.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3498.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-3498
reference_id
reference_type
scores
0
value 0.00522
scoring_system epss
scoring_elements 0.67246
published_at 2026-06-04T12:55:00Z
1
value 0.01439
scoring_system epss
scoring_elements 0.8108
published_at 2026-06-08T12:55:00Z
2
value 0.01439
scoring_system epss
scoring_elements 0.81084
published_at 2026-06-07T12:55:00Z
3
value 0.01439
scoring_system epss
scoring_elements 0.81087
published_at 2026-06-06T12:55:00Z
4
value 0.01439
scoring_system epss
scoring_elements 0.81083
published_at 2026-06-05T12:55:00Z
5
value 0.01439
scoring_system epss
scoring_elements 0.81098
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-3498
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3498
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3498
3
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
4
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-337x-4q8g-prc5
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-337x-4q8g-prc5
7
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-17.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-17.yaml
9
reference_url https://groups.google.com/forum/#!topic/django-announce/VYU7xQQTEPQ
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/django-announce/VYU7xQQTEPQ
10
reference_url https://lists.debian.org/debian-lts-announce/2019/01/msg00005.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/01/msg00005.html
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/
13
reference_url https://usn.ubuntu.com/3851-1
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3851-1
14
reference_url https://usn.ubuntu.com/3851-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3851-1/
15
reference_url https://web.archive.org/web/20200227094237/http://www.securityfocus.com/bid/106453
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200227094237/http://www.securityfocus.com/bid/106453
16
reference_url https://www.debian.org/security/2019/dsa-4363
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4363
17
reference_url https://www.djangoproject.com/weblog/2019/jan/04/security-releases
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2019/jan/04/security-releases
18
reference_url https://www.djangoproject.com/weblog/2019/jan/04/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/jan/04/security-releases/
19
reference_url http://www.securityfocus.com/bid/106453
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/106453
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1663722
reference_id 1663722
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1663722
21
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918230
reference_id 918230
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918230
22
reference_url https://security.archlinux.org/ASA-201901-6
reference_id ASA-201901-6
reference_type
scores
url https://security.archlinux.org/ASA-201901-6
23
reference_url https://security.archlinux.org/AVG-839
reference_id AVG-839
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-839
24
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-3498
reference_id CVE-2019-3498
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-3498
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-322v-ntsv-7uge
3
vulnerability VCID-3mfy-uj9u-d7de
4
vulnerability VCID-4cp2-k4mn-8ffj
5
vulnerability VCID-4kcg-gx5y-cuaw
6
vulnerability VCID-4tyd-97z5-z3ar
7
vulnerability VCID-4z4e-8ttu-tyd6
8
vulnerability VCID-51tx-4tp9-kbcz
9
vulnerability VCID-5q58-pzt4-8uey
10
vulnerability VCID-5xtt-au84-zbb2
11
vulnerability VCID-6jpg-yrf8-cufy
12
vulnerability VCID-7c5n-nzwk-v7bz
13
vulnerability VCID-9end-mq19-rke5
14
vulnerability VCID-9kvc-1bdz-n3bd
15
vulnerability VCID-9mpt-zxaw-kkeg
16
vulnerability VCID-attf-6gj8-ebaj
17
vulnerability VCID-au8h-vj9k-pufv
18
vulnerability VCID-bb8b-hq41-s7a6
19
vulnerability VCID-c3m7-fu62-2qd9
20
vulnerability VCID-c58g-7jpv-t7hc
21
vulnerability VCID-drwp-htkk-bkfh
22
vulnerability VCID-e12b-tw2c-53c9
23
vulnerability VCID-e8j6-mybr-17fh
24
vulnerability VCID-f1br-hvnm-wfdg
25
vulnerability VCID-f4a7-tcz5-byfj
26
vulnerability VCID-fcg9-xypn-ykhf
27
vulnerability VCID-fhp8-tck4-mye4
28
vulnerability VCID-fksk-pr23-2yd8
29
vulnerability VCID-fsaw-3ta1-x3dw
30
vulnerability VCID-g44a-m54u-97cr
31
vulnerability VCID-gfar-wbzc-3ubr
32
vulnerability VCID-hh9b-52xn-z7a9
33
vulnerability VCID-hpj4-a9fa-4bca
34
vulnerability VCID-j81e-su1y-tqa6
35
vulnerability VCID-jgv9-vdbm-sycd
36
vulnerability VCID-jybd-p65h-xffy
37
vulnerability VCID-kbab-v2gz-dfe6
38
vulnerability VCID-m1dr-sjmw-jfd2
39
vulnerability VCID-m33h-4p9q-63fb
40
vulnerability VCID-m4wa-xv9b-q7ce
41
vulnerability VCID-n2v7-jqjy-37bc
42
vulnerability VCID-n9vn-4uxr-hkau
43
vulnerability VCID-na9w-xkvx-cbhd
44
vulnerability VCID-nss9-1yrb-x7f2
45
vulnerability VCID-pa7y-gpwp-6qgj
46
vulnerability VCID-pgtx-cdua-kfb4
47
vulnerability VCID-q8r2-m9s6-rbek
48
vulnerability VCID-qgp1-4efd-6yg6
49
vulnerability VCID-qvfs-2v1h-p3h4
50
vulnerability VCID-qy1a-x3ff-4bc8
51
vulnerability VCID-s1rj-1xbw-fbg5
52
vulnerability VCID-shch-yusm-1uck
53
vulnerability VCID-shjc-2j68-2yfy
54
vulnerability VCID-t952-ghnf-jkby
55
vulnerability VCID-u9q1-63gf-7feh
56
vulnerability VCID-ud73-4t2c-n3at
57
vulnerability VCID-vdpf-jddk-syda
58
vulnerability VCID-vgq9-s6th-yufg
59
vulnerability VCID-wa3g-27sx-mbcw
60
vulnerability VCID-wch3-d92x-sudf
61
vulnerability VCID-whgc-pt2s-77ar
62
vulnerability VCID-wnxx-rc7w-cke4
63
vulnerability VCID-x61x-6b6k-h3bn
64
vulnerability VCID-xcmd-18ck-gqae
65
vulnerability VCID-ynt9-h6ww-h7e9
66
vulnerability VCID-yreb-z7nz-jkbs
67
vulnerability VCID-yuda-1mur-8bbq
68
vulnerability VCID-z4x1-e7tp-rqhz
69
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4cp2-k4mn-8ffj
3
vulnerability VCID-4kcg-gx5y-cuaw
4
vulnerability VCID-4tyd-97z5-z3ar
5
vulnerability VCID-4z4e-8ttu-tyd6
6
vulnerability VCID-51tx-4tp9-kbcz
7
vulnerability VCID-5q58-pzt4-8uey
8
vulnerability VCID-5xtt-au84-zbb2
9
vulnerability VCID-6jpg-yrf8-cufy
10
vulnerability VCID-9end-mq19-rke5
11
vulnerability VCID-9kvc-1bdz-n3bd
12
vulnerability VCID-9mpt-zxaw-kkeg
13
vulnerability VCID-attf-6gj8-ebaj
14
vulnerability VCID-au8h-vj9k-pufv
15
vulnerability VCID-bb8b-hq41-s7a6
16
vulnerability VCID-c3m7-fu62-2qd9
17
vulnerability VCID-drwp-htkk-bkfh
18
vulnerability VCID-e12b-tw2c-53c9
19
vulnerability VCID-e8j6-mybr-17fh
20
vulnerability VCID-f4a7-tcz5-byfj
21
vulnerability VCID-fcg9-xypn-ykhf
22
vulnerability VCID-fhp8-tck4-mye4
23
vulnerability VCID-fksk-pr23-2yd8
24
vulnerability VCID-fsaw-3ta1-x3dw
25
vulnerability VCID-g44a-m54u-97cr
26
vulnerability VCID-gfar-wbzc-3ubr
27
vulnerability VCID-hh9b-52xn-z7a9
28
vulnerability VCID-j81e-su1y-tqa6
29
vulnerability VCID-jgv9-vdbm-sycd
30
vulnerability VCID-jybd-p65h-xffy
31
vulnerability VCID-m1dr-sjmw-jfd2
32
vulnerability VCID-m33h-4p9q-63fb
33
vulnerability VCID-m4wa-xv9b-q7ce
34
vulnerability VCID-n2v7-jqjy-37bc
35
vulnerability VCID-n9vn-4uxr-hkau
36
vulnerability VCID-na9w-xkvx-cbhd
37
vulnerability VCID-nss9-1yrb-x7f2
38
vulnerability VCID-pa7y-gpwp-6qgj
39
vulnerability VCID-pgtx-cdua-kfb4
40
vulnerability VCID-q8r2-m9s6-rbek
41
vulnerability VCID-qgp1-4efd-6yg6
42
vulnerability VCID-qvfs-2v1h-p3h4
43
vulnerability VCID-qy1a-x3ff-4bc8
44
vulnerability VCID-s1rj-1xbw-fbg5
45
vulnerability VCID-shch-yusm-1uck
46
vulnerability VCID-shjc-2j68-2yfy
47
vulnerability VCID-u9q1-63gf-7feh
48
vulnerability VCID-ud73-4t2c-n3at
49
vulnerability VCID-vdpf-jddk-syda
50
vulnerability VCID-vgq9-s6th-yufg
51
vulnerability VCID-wa3g-27sx-mbcw
52
vulnerability VCID-whgc-pt2s-77ar
53
vulnerability VCID-wnxx-rc7w-cke4
54
vulnerability VCID-xcmd-18ck-gqae
55
vulnerability VCID-ynt9-h6ww-h7e9
56
vulnerability VCID-yreb-z7nz-jkbs
57
vulnerability VCID-yuda-1mur-8bbq
58
vulnerability VCID-z4x1-e7tp-rqhz
59
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
aliases CVE-2019-3498, GHSA-337x-4q8g-prc5, PYSEC-2019-17
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f1br-hvnm-wfdg
14
url VCID-fcg9-xypn-ykhf
vulnerability_id VCID-fcg9-xypn-ykhf
summary 
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27.
Algorithmic complexity in `django.core.serializers.xml_serializer.getInnerText()` allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML input processed by the XML `Deserializer`.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Seokchan Yoon for reporting this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64460.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64460.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-64460
reference_id
reference_type
scores
0
value 0.00067
scoring_system epss
scoring_elements 0.21005
published_at 2026-06-06T12:55:00Z
1
value 0.00067
scoring_system epss
scoring_elements 0.20898
published_at 2026-06-09T12:55:00Z
2
value 0.00067
scoring_system epss
scoring_elements 0.20895
published_at 2026-06-08T12:55:00Z
3
value 0.00067
scoring_system epss
scoring_elements 0.21018
published_at 2026-06-05T12:55:00Z
4
value 0.00067
scoring_system epss
scoring_elements 0.20959
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-64460
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
26
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:53:53Z/
url https://docs.djangoproject.com/en/dev/releases/security/
27
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
28
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
29
reference_url https://github.com/django/django/commit/0db9ea4669312f1f4973e09f4bca06ab9c1ec74b
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/0db9ea4669312f1f4973e09f4bca06ab9c1ec74b
30
reference_url https://github.com/django/django/commit/1dbd07a608e495a0c229edaaf84d58d8976313b5
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/1dbd07a608e495a0c229edaaf84d58d8976313b5
31
reference_url https://github.com/django/django/commit/4d2b8803bebcdefd2b76e9e8fc528d5fddea93f0
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/4d2b8803bebcdefd2b76e9e8fc528d5fddea93f0
32
reference_url https://github.com/django/django/commit/99e7d22f55497278d0bcb2e15e72ef532e62a31d
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/99e7d22f55497278d0bcb2e15e72ef532e62a31d
33
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-109.yaml
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-109.yaml
34
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:53:53Z/
url https://groups.google.com/g/django-announce
35
reference_url https://www.djangoproject.com/weblog/2025/dec/02/security-releases
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2025/dec/02/security-releases
36
reference_url https://www.djangoproject.com/weblog/2025/dec/02/security-releases/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:53:53Z/
url https://www.djangoproject.com/weblog/2025/dec/02/security-releases/
37
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121788
reference_id 1121788
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121788
38
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2418366
reference_id 2418366
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2418366
39
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-64460
reference_id CVE-2025-64460
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-64460
40
reference_url https://github.com/advisories/GHSA-vrcr-9hj9-jcg6
reference_id GHSA-vrcr-9hj9-jcg6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vrcr-9hj9-jcg6
41
reference_url https://access.redhat.com/errata/RHSA-2026:0414
reference_id RHSA-2026:0414
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0414
42
reference_url https://access.redhat.com/errata/RHSA-2026:1249
reference_id RHSA-2026:1249
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1249
43
reference_url https://access.redhat.com/errata/RHSA-2026:1497
reference_id RHSA-2026:1497
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1497
44
reference_url https://access.redhat.com/errata/RHSA-2026:1506
reference_id RHSA-2026:1506
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1506
45
reference_url https://access.redhat.com/errata/RHSA-2026:1599
reference_id RHSA-2026:1599
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1599
46
reference_url https://access.redhat.com/errata/RHSA-2026:1609
reference_id RHSA-2026:1609
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1609
47
reference_url https://usn.ubuntu.com/7903-1/
reference_id USN-7903-1
reference_type
scores
url https://usn.ubuntu.com/7903-1/
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-322v-ntsv-7uge
3
vulnerability VCID-3mfy-uj9u-d7de
4
vulnerability VCID-4cp2-k4mn-8ffj
5
vulnerability VCID-4kcg-gx5y-cuaw
6
vulnerability VCID-4tyd-97z5-z3ar
7
vulnerability VCID-4z4e-8ttu-tyd6
8
vulnerability VCID-51tx-4tp9-kbcz
9
vulnerability VCID-5q58-pzt4-8uey
10
vulnerability VCID-5xtt-au84-zbb2
11
vulnerability VCID-6jpg-yrf8-cufy
12
vulnerability VCID-7c5n-nzwk-v7bz
13
vulnerability VCID-9end-mq19-rke5
14
vulnerability VCID-9kvc-1bdz-n3bd
15
vulnerability VCID-9mpt-zxaw-kkeg
16
vulnerability VCID-attf-6gj8-ebaj
17
vulnerability VCID-au8h-vj9k-pufv
18
vulnerability VCID-bb8b-hq41-s7a6
19
vulnerability VCID-c3m7-fu62-2qd9
20
vulnerability VCID-c58g-7jpv-t7hc
21
vulnerability VCID-drwp-htkk-bkfh
22
vulnerability VCID-e12b-tw2c-53c9
23
vulnerability VCID-e8j6-mybr-17fh
24
vulnerability VCID-f1br-hvnm-wfdg
25
vulnerability VCID-f4a7-tcz5-byfj
26
vulnerability VCID-fcg9-xypn-ykhf
27
vulnerability VCID-fhp8-tck4-mye4
28
vulnerability VCID-fksk-pr23-2yd8
29
vulnerability VCID-fsaw-3ta1-x3dw
30
vulnerability VCID-g44a-m54u-97cr
31
vulnerability VCID-gfar-wbzc-3ubr
32
vulnerability VCID-hh9b-52xn-z7a9
33
vulnerability VCID-hpj4-a9fa-4bca
34
vulnerability VCID-j81e-su1y-tqa6
35
vulnerability VCID-jgv9-vdbm-sycd
36
vulnerability VCID-jybd-p65h-xffy
37
vulnerability VCID-kbab-v2gz-dfe6
38
vulnerability VCID-m1dr-sjmw-jfd2
39
vulnerability VCID-m33h-4p9q-63fb
40
vulnerability VCID-m4wa-xv9b-q7ce
41
vulnerability VCID-n2v7-jqjy-37bc
42
vulnerability VCID-n9vn-4uxr-hkau
43
vulnerability VCID-na9w-xkvx-cbhd
44
vulnerability VCID-nss9-1yrb-x7f2
45
vulnerability VCID-pa7y-gpwp-6qgj
46
vulnerability VCID-pgtx-cdua-kfb4
47
vulnerability VCID-q8r2-m9s6-rbek
48
vulnerability VCID-qgp1-4efd-6yg6
49
vulnerability VCID-qvfs-2v1h-p3h4
50
vulnerability VCID-qy1a-x3ff-4bc8
51
vulnerability VCID-s1rj-1xbw-fbg5
52
vulnerability VCID-shch-yusm-1uck
53
vulnerability VCID-shjc-2j68-2yfy
54
vulnerability VCID-t952-ghnf-jkby
55
vulnerability VCID-u9q1-63gf-7feh
56
vulnerability VCID-ud73-4t2c-n3at
57
vulnerability VCID-vdpf-jddk-syda
58
vulnerability VCID-vgq9-s6th-yufg
59
vulnerability VCID-wa3g-27sx-mbcw
60
vulnerability VCID-wch3-d92x-sudf
61
vulnerability VCID-whgc-pt2s-77ar
62
vulnerability VCID-wnxx-rc7w-cke4
63
vulnerability VCID-x61x-6b6k-h3bn
64
vulnerability VCID-xcmd-18ck-gqae
65
vulnerability VCID-ynt9-h6ww-h7e9
66
vulnerability VCID-yreb-z7nz-jkbs
67
vulnerability VCID-yuda-1mur-8bbq
68
vulnerability VCID-z4x1-e7tp-rqhz
69
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4cp2-k4mn-8ffj
3
vulnerability VCID-4kcg-gx5y-cuaw
4
vulnerability VCID-4tyd-97z5-z3ar
5
vulnerability VCID-4z4e-8ttu-tyd6
6
vulnerability VCID-51tx-4tp9-kbcz
7
vulnerability VCID-5q58-pzt4-8uey
8
vulnerability VCID-5xtt-au84-zbb2
9
vulnerability VCID-6jpg-yrf8-cufy
10
vulnerability VCID-9end-mq19-rke5
11
vulnerability VCID-9kvc-1bdz-n3bd
12
vulnerability VCID-9mpt-zxaw-kkeg
13
vulnerability VCID-attf-6gj8-ebaj
14
vulnerability VCID-au8h-vj9k-pufv
15
vulnerability VCID-bb8b-hq41-s7a6
16
vulnerability VCID-c3m7-fu62-2qd9
17
vulnerability VCID-drwp-htkk-bkfh
18
vulnerability VCID-e12b-tw2c-53c9
19
vulnerability VCID-e8j6-mybr-17fh
20
vulnerability VCID-f4a7-tcz5-byfj
21
vulnerability VCID-fcg9-xypn-ykhf
22
vulnerability VCID-fhp8-tck4-mye4
23
vulnerability VCID-fksk-pr23-2yd8
24
vulnerability VCID-fsaw-3ta1-x3dw
25
vulnerability VCID-g44a-m54u-97cr
26
vulnerability VCID-gfar-wbzc-3ubr
27
vulnerability VCID-hh9b-52xn-z7a9
28
vulnerability VCID-j81e-su1y-tqa6
29
vulnerability VCID-jgv9-vdbm-sycd
30
vulnerability VCID-jybd-p65h-xffy
31
vulnerability VCID-m1dr-sjmw-jfd2
32
vulnerability VCID-m33h-4p9q-63fb
33
vulnerability VCID-m4wa-xv9b-q7ce
34
vulnerability VCID-n2v7-jqjy-37bc
35
vulnerability VCID-n9vn-4uxr-hkau
36
vulnerability VCID-na9w-xkvx-cbhd
37
vulnerability VCID-nss9-1yrb-x7f2
38
vulnerability VCID-pa7y-gpwp-6qgj
39
vulnerability VCID-pgtx-cdua-kfb4
40
vulnerability VCID-q8r2-m9s6-rbek
41
vulnerability VCID-qgp1-4efd-6yg6
42
vulnerability VCID-qvfs-2v1h-p3h4
43
vulnerability VCID-qy1a-x3ff-4bc8
44
vulnerability VCID-s1rj-1xbw-fbg5
45
vulnerability VCID-shch-yusm-1uck
46
vulnerability VCID-shjc-2j68-2yfy
47
vulnerability VCID-u9q1-63gf-7feh
48
vulnerability VCID-ud73-4t2c-n3at
49
vulnerability VCID-vdpf-jddk-syda
50
vulnerability VCID-vgq9-s6th-yufg
51
vulnerability VCID-wa3g-27sx-mbcw
52
vulnerability VCID-whgc-pt2s-77ar
53
vulnerability VCID-wnxx-rc7w-cke4
54
vulnerability VCID-xcmd-18ck-gqae
55
vulnerability VCID-ynt9-h6ww-h7e9
56
vulnerability VCID-yreb-z7nz-jkbs
57
vulnerability VCID-yuda-1mur-8bbq
58
vulnerability VCID-z4x1-e7tp-rqhz
59
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
2
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-55xg-pw9n-zkdy
3
vulnerability VCID-9gq3-whr8-s7b8
4
vulnerability VCID-abpe-htm1-9ubp
5
vulnerability VCID-eqsc-axng-ckca
6
vulnerability VCID-fsz5-dkw2-hyap
7
vulnerability VCID-fxuu-kk52-r7ch
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-kxdd-yzp3-r7cb
11
vulnerability VCID-m4am-h2ea-3ffr
12
vulnerability VCID-phkp-9abp-f3dq
13
vulnerability VCID-rqqc-ta7c-ykgx
14
vulnerability VCID-tktt-vg92-6kae
15
vulnerability VCID-tuqc-c251-h7ds
16
vulnerability VCID-w777-44ns-cybg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
aliases BIT-django-2025-64460, CVE-2025-64460, GHSA-vrcr-9hj9-jcg6, PYSEC-2025-109
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fcg9-xypn-ykhf
15
url VCID-fsaw-3ta1-x3dw
vulnerability_id VCID-fsaw-3ta1-x3dw
summary In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27351.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27351.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-27351
reference_id
reference_type
scores
0
value 0.02611
scoring_system epss
scoring_elements 0.85948
published_at 2026-06-09T12:55:00Z
1
value 0.02611
scoring_system epss
scoring_elements 0.85934
published_at 2026-06-08T12:55:00Z
2
value 0.02611
scoring_system epss
scoring_elements 0.85946
published_at 2026-06-07T12:55:00Z
3
value 0.02611
scoring_system epss
scoring_elements 0.85949
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-27351
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/5.0/releases/security
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/5.0/releases/security
26
reference_url https://docs.djangoproject.com/en/5.0/releases/security/
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T19:41:21Z/
url https://docs.djangoproject.com/en/5.0/releases/security/
27
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
28
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
29
reference_url https://github.com/django/django/commit/072963e4c4d0b3a7a8c5412bc0c7d27d1a9c3521
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/072963e4c4d0b3a7a8c5412bc0c7d27d1a9c3521
30
reference_url https://github.com/django/django/commit/3394fc6132436eca89e997083bae9985fb7e761e
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/3394fc6132436eca89e997083bae9985fb7e761e
31
reference_url https://github.com/django/django/commit/3c9a2771cc80821e041b16eb36c1c37af5349d4a
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/3c9a2771cc80821e041b16eb36c1c37af5349d4a
32
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-47.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-47.yaml
33
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T19:41:21Z/
url https://groups.google.com/forum/#%21forum/django-announce
34
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
35
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
36
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
37
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
38
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
39
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
40
reference_url https://www.djangoproject.com/weblog/2024/mar/04/security-releases
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2024/mar/04/security-releases
41
reference_url https://www.djangoproject.com/weblog/2024/mar/04/security-releases/
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T19:41:21Z/
url https://www.djangoproject.com/weblog/2024/mar/04/security-releases/
42
reference_url http://www.openwall.com/lists/oss-security/2024/03/04/1
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T19:41:21Z/
url http://www.openwall.com/lists/oss-security/2024/03/04/1
43
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2266045
reference_id 2266045
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2266045
44
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-27351
reference_id CVE-2024-27351
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-27351
45
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX/
reference_id D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T19:41:21Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX/
46
reference_url https://github.com/advisories/GHSA-vm8q-m57g-pff3
reference_id GHSA-vm8q-m57g-pff3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vm8q-m57g-pff3
47
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
48
reference_url https://access.redhat.com/errata/RHSA-2024:1878
reference_id RHSA-2024:1878
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1878
49
reference_url https://access.redhat.com/errata/RHSA-2024:3781
reference_id RHSA-2024:3781
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3781
50
reference_url https://access.redhat.com/errata/RHSA-2024:5662
reference_id RHSA-2024:5662
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5662
51
reference_url https://access.redhat.com/errata/RHSA-2025:4187
reference_id RHSA-2025:4187
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4187
52
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6/
reference_id SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T19:41:21Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6/
53
reference_url https://usn.ubuntu.com/6674-1/
reference_id USN-6674-1
reference_type
scores
url https://usn.ubuntu.com/6674-1/
54
reference_url https://usn.ubuntu.com/6674-2/
reference_id USN-6674-2
reference_type
scores
url https://usn.ubuntu.com/6674-2/
55
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/
reference_id ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-20T19:41:21Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-322v-ntsv-7uge
3
vulnerability VCID-3mfy-uj9u-d7de
4
vulnerability VCID-4cp2-k4mn-8ffj
5
vulnerability VCID-4kcg-gx5y-cuaw
6
vulnerability VCID-4tyd-97z5-z3ar
7
vulnerability VCID-4z4e-8ttu-tyd6
8
vulnerability VCID-51tx-4tp9-kbcz
9
vulnerability VCID-5q58-pzt4-8uey
10
vulnerability VCID-5xtt-au84-zbb2
11
vulnerability VCID-6jpg-yrf8-cufy
12
vulnerability VCID-7c5n-nzwk-v7bz
13
vulnerability VCID-9end-mq19-rke5
14
vulnerability VCID-9kvc-1bdz-n3bd
15
vulnerability VCID-9mpt-zxaw-kkeg
16
vulnerability VCID-attf-6gj8-ebaj
17
vulnerability VCID-au8h-vj9k-pufv
18
vulnerability VCID-bb8b-hq41-s7a6
19
vulnerability VCID-c3m7-fu62-2qd9
20
vulnerability VCID-c58g-7jpv-t7hc
21
vulnerability VCID-drwp-htkk-bkfh
22
vulnerability VCID-e12b-tw2c-53c9
23
vulnerability VCID-e8j6-mybr-17fh
24
vulnerability VCID-f1br-hvnm-wfdg
25
vulnerability VCID-f4a7-tcz5-byfj
26
vulnerability VCID-fcg9-xypn-ykhf
27
vulnerability VCID-fhp8-tck4-mye4
28
vulnerability VCID-fksk-pr23-2yd8
29
vulnerability VCID-fsaw-3ta1-x3dw
30
vulnerability VCID-g44a-m54u-97cr
31
vulnerability VCID-gfar-wbzc-3ubr
32
vulnerability VCID-hh9b-52xn-z7a9
33
vulnerability VCID-hpj4-a9fa-4bca
34
vulnerability VCID-j81e-su1y-tqa6
35
vulnerability VCID-jgv9-vdbm-sycd
36
vulnerability VCID-jybd-p65h-xffy
37
vulnerability VCID-kbab-v2gz-dfe6
38
vulnerability VCID-m1dr-sjmw-jfd2
39
vulnerability VCID-m33h-4p9q-63fb
40
vulnerability VCID-m4wa-xv9b-q7ce
41
vulnerability VCID-n2v7-jqjy-37bc
42
vulnerability VCID-n9vn-4uxr-hkau
43
vulnerability VCID-na9w-xkvx-cbhd
44
vulnerability VCID-nss9-1yrb-x7f2
45
vulnerability VCID-pa7y-gpwp-6qgj
46
vulnerability VCID-pgtx-cdua-kfb4
47
vulnerability VCID-q8r2-m9s6-rbek
48
vulnerability VCID-qgp1-4efd-6yg6
49
vulnerability VCID-qvfs-2v1h-p3h4
50
vulnerability VCID-qy1a-x3ff-4bc8
51
vulnerability VCID-s1rj-1xbw-fbg5
52
vulnerability VCID-shch-yusm-1uck
53
vulnerability VCID-shjc-2j68-2yfy
54
vulnerability VCID-t952-ghnf-jkby
55
vulnerability VCID-u9q1-63gf-7feh
56
vulnerability VCID-ud73-4t2c-n3at
57
vulnerability VCID-vdpf-jddk-syda
58
vulnerability VCID-vgq9-s6th-yufg
59
vulnerability VCID-wa3g-27sx-mbcw
60
vulnerability VCID-wch3-d92x-sudf
61
vulnerability VCID-whgc-pt2s-77ar
62
vulnerability VCID-wnxx-rc7w-cke4
63
vulnerability VCID-x61x-6b6k-h3bn
64
vulnerability VCID-xcmd-18ck-gqae
65
vulnerability VCID-ynt9-h6ww-h7e9
66
vulnerability VCID-yreb-z7nz-jkbs
67
vulnerability VCID-yuda-1mur-8bbq
68
vulnerability VCID-z4x1-e7tp-rqhz
69
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4cp2-k4mn-8ffj
3
vulnerability VCID-4kcg-gx5y-cuaw
4
vulnerability VCID-4tyd-97z5-z3ar
5
vulnerability VCID-4z4e-8ttu-tyd6
6
vulnerability VCID-51tx-4tp9-kbcz
7
vulnerability VCID-5q58-pzt4-8uey
8
vulnerability VCID-5xtt-au84-zbb2
9
vulnerability VCID-6jpg-yrf8-cufy
10
vulnerability VCID-9end-mq19-rke5
11
vulnerability VCID-9kvc-1bdz-n3bd
12
vulnerability VCID-9mpt-zxaw-kkeg
13
vulnerability VCID-attf-6gj8-ebaj
14
vulnerability VCID-au8h-vj9k-pufv
15
vulnerability VCID-bb8b-hq41-s7a6
16
vulnerability VCID-c3m7-fu62-2qd9
17
vulnerability VCID-drwp-htkk-bkfh
18
vulnerability VCID-e12b-tw2c-53c9
19
vulnerability VCID-e8j6-mybr-17fh
20
vulnerability VCID-f4a7-tcz5-byfj
21
vulnerability VCID-fcg9-xypn-ykhf
22
vulnerability VCID-fhp8-tck4-mye4
23
vulnerability VCID-fksk-pr23-2yd8
24
vulnerability VCID-fsaw-3ta1-x3dw
25
vulnerability VCID-g44a-m54u-97cr
26
vulnerability VCID-gfar-wbzc-3ubr
27
vulnerability VCID-hh9b-52xn-z7a9
28
vulnerability VCID-j81e-su1y-tqa6
29
vulnerability VCID-jgv9-vdbm-sycd
30
vulnerability VCID-jybd-p65h-xffy
31
vulnerability VCID-m1dr-sjmw-jfd2
32
vulnerability VCID-m33h-4p9q-63fb
33
vulnerability VCID-m4wa-xv9b-q7ce
34
vulnerability VCID-n2v7-jqjy-37bc
35
vulnerability VCID-n9vn-4uxr-hkau
36
vulnerability VCID-na9w-xkvx-cbhd
37
vulnerability VCID-nss9-1yrb-x7f2
38
vulnerability VCID-pa7y-gpwp-6qgj
39
vulnerability VCID-pgtx-cdua-kfb4
40
vulnerability VCID-q8r2-m9s6-rbek
41
vulnerability VCID-qgp1-4efd-6yg6
42
vulnerability VCID-qvfs-2v1h-p3h4
43
vulnerability VCID-qy1a-x3ff-4bc8
44
vulnerability VCID-s1rj-1xbw-fbg5
45
vulnerability VCID-shch-yusm-1uck
46
vulnerability VCID-shjc-2j68-2yfy
47
vulnerability VCID-u9q1-63gf-7feh
48
vulnerability VCID-ud73-4t2c-n3at
49
vulnerability VCID-vdpf-jddk-syda
50
vulnerability VCID-vgq9-s6th-yufg
51
vulnerability VCID-wa3g-27sx-mbcw
52
vulnerability VCID-whgc-pt2s-77ar
53
vulnerability VCID-wnxx-rc7w-cke4
54
vulnerability VCID-xcmd-18ck-gqae
55
vulnerability VCID-ynt9-h6ww-h7e9
56
vulnerability VCID-yreb-z7nz-jkbs
57
vulnerability VCID-yuda-1mur-8bbq
58
vulnerability VCID-z4x1-e7tp-rqhz
59
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
2
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-55xg-pw9n-zkdy
3
vulnerability VCID-9gq3-whr8-s7b8
4
vulnerability VCID-abpe-htm1-9ubp
5
vulnerability VCID-eqsc-axng-ckca
6
vulnerability VCID-fsz5-dkw2-hyap
7
vulnerability VCID-fxuu-kk52-r7ch
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-kxdd-yzp3-r7cb
11
vulnerability VCID-m4am-h2ea-3ffr
12
vulnerability VCID-phkp-9abp-f3dq
13
vulnerability VCID-rqqc-ta7c-ykgx
14
vulnerability VCID-tktt-vg92-6kae
15
vulnerability VCID-tuqc-c251-h7ds
16
vulnerability VCID-w777-44ns-cybg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
aliases BIT-django-2024-27351, CVE-2024-27351, GHSA-vm8q-m57g-pff3, PYSEC-2024-47
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fsaw-3ta1-x3dw
16
url VCID-g44a-m54u-97cr
vulnerability_id VCID-g44a-m54u-97cr
summary An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14235.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14235.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14235
reference_id
reference_type
scores
0
value 0.06773
scoring_system epss
scoring_elements 0.9149
published_at 2026-06-09T12:55:00Z
1
value 0.06773
scoring_system epss
scoring_elements 0.91475
published_at 2026-06-08T12:55:00Z
2
value 0.06773
scoring_system epss
scoring_elements 0.91481
published_at 2026-06-06T12:55:00Z
3
value 0.06773
scoring_system epss
scoring_elements 0.91479
published_at 2026-06-07T12:55:00Z
4
value 0.06773
scoring_system epss
scoring_elements 0.91465
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14235
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14233
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14233
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14234
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14234
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14235
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14235
8
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
9
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
10
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
11
reference_url https://github.com/advisories/GHSA-v9qg-3j8p-r63v
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-v9qg-3j8p-r63v
12
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
13
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-14.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-14.yaml
14
reference_url https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
17
reference_url https://seclists.org/bugtraq/2019/Aug/15
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Aug/15
18
reference_url https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202004-17
19
reference_url https://security.netapp.com/advisory/ntap-20190828-0002
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190828-0002
20
reference_url https://security.netapp.com/advisory/ntap-20190828-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190828-0002/
21
reference_url https://www.debian.org/security/2019/dsa-4498
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4498
22
reference_url https://www.djangoproject.com/weblog/2019/aug/01/security-releases
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2019/aug/01/security-releases
23
reference_url https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
24
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1734422
reference_id 1734422
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1734422
25
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934026
reference_id 934026
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934026
26
reference_url https://security.archlinux.org/ASA-201908-2
reference_id ASA-201908-2
reference_type
scores
url https://security.archlinux.org/ASA-201908-2
27
reference_url https://security.archlinux.org/AVG-1015
reference_id AVG-1015
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1015
28
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14235
reference_id CVE-2019-14235
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-14235
29
reference_url https://access.redhat.com/errata/RHSA-2020:1324
reference_id RHSA-2020:1324
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1324
30
reference_url https://access.redhat.com/errata/RHSA-2020:4390
reference_id RHSA-2020:4390
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4390
31
reference_url https://usn.ubuntu.com/4084-1/
reference_id USN-4084-1
reference_type
scores
url https://usn.ubuntu.com/4084-1/
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-322v-ntsv-7uge
3
vulnerability VCID-3mfy-uj9u-d7de
4
vulnerability VCID-4cp2-k4mn-8ffj
5
vulnerability VCID-4kcg-gx5y-cuaw
6
vulnerability VCID-4tyd-97z5-z3ar
7
vulnerability VCID-4z4e-8ttu-tyd6
8
vulnerability VCID-51tx-4tp9-kbcz
9
vulnerability VCID-5q58-pzt4-8uey
10
vulnerability VCID-5xtt-au84-zbb2
11
vulnerability VCID-6jpg-yrf8-cufy
12
vulnerability VCID-7c5n-nzwk-v7bz
13
vulnerability VCID-9end-mq19-rke5
14
vulnerability VCID-9kvc-1bdz-n3bd
15
vulnerability VCID-9mpt-zxaw-kkeg
16
vulnerability VCID-attf-6gj8-ebaj
17
vulnerability VCID-au8h-vj9k-pufv
18
vulnerability VCID-bb8b-hq41-s7a6
19
vulnerability VCID-c3m7-fu62-2qd9
20
vulnerability VCID-c58g-7jpv-t7hc
21
vulnerability VCID-drwp-htkk-bkfh
22
vulnerability VCID-e12b-tw2c-53c9
23
vulnerability VCID-e8j6-mybr-17fh
24
vulnerability VCID-f1br-hvnm-wfdg
25
vulnerability VCID-f4a7-tcz5-byfj
26
vulnerability VCID-fcg9-xypn-ykhf
27
vulnerability VCID-fhp8-tck4-mye4
28
vulnerability VCID-fksk-pr23-2yd8
29
vulnerability VCID-fsaw-3ta1-x3dw
30
vulnerability VCID-g44a-m54u-97cr
31
vulnerability VCID-gfar-wbzc-3ubr
32
vulnerability VCID-hh9b-52xn-z7a9
33
vulnerability VCID-hpj4-a9fa-4bca
34
vulnerability VCID-j81e-su1y-tqa6
35
vulnerability VCID-jgv9-vdbm-sycd
36
vulnerability VCID-jybd-p65h-xffy
37
vulnerability VCID-kbab-v2gz-dfe6
38
vulnerability VCID-m1dr-sjmw-jfd2
39
vulnerability VCID-m33h-4p9q-63fb
40
vulnerability VCID-m4wa-xv9b-q7ce
41
vulnerability VCID-n2v7-jqjy-37bc
42
vulnerability VCID-n9vn-4uxr-hkau
43
vulnerability VCID-na9w-xkvx-cbhd
44
vulnerability VCID-nss9-1yrb-x7f2
45
vulnerability VCID-pa7y-gpwp-6qgj
46
vulnerability VCID-pgtx-cdua-kfb4
47
vulnerability VCID-q8r2-m9s6-rbek
48
vulnerability VCID-qgp1-4efd-6yg6
49
vulnerability VCID-qvfs-2v1h-p3h4
50
vulnerability VCID-qy1a-x3ff-4bc8
51
vulnerability VCID-s1rj-1xbw-fbg5
52
vulnerability VCID-shch-yusm-1uck
53
vulnerability VCID-shjc-2j68-2yfy
54
vulnerability VCID-t952-ghnf-jkby
55
vulnerability VCID-u9q1-63gf-7feh
56
vulnerability VCID-ud73-4t2c-n3at
57
vulnerability VCID-vdpf-jddk-syda
58
vulnerability VCID-vgq9-s6th-yufg
59
vulnerability VCID-wa3g-27sx-mbcw
60
vulnerability VCID-wch3-d92x-sudf
61
vulnerability VCID-whgc-pt2s-77ar
62
vulnerability VCID-wnxx-rc7w-cke4
63
vulnerability VCID-x61x-6b6k-h3bn
64
vulnerability VCID-xcmd-18ck-gqae
65
vulnerability VCID-ynt9-h6ww-h7e9
66
vulnerability VCID-yreb-z7nz-jkbs
67
vulnerability VCID-yuda-1mur-8bbq
68
vulnerability VCID-z4x1-e7tp-rqhz
69
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4cp2-k4mn-8ffj
3
vulnerability VCID-4kcg-gx5y-cuaw
4
vulnerability VCID-4tyd-97z5-z3ar
5
vulnerability VCID-4z4e-8ttu-tyd6
6
vulnerability VCID-51tx-4tp9-kbcz
7
vulnerability VCID-5q58-pzt4-8uey
8
vulnerability VCID-5xtt-au84-zbb2
9
vulnerability VCID-6jpg-yrf8-cufy
10
vulnerability VCID-9end-mq19-rke5
11
vulnerability VCID-9kvc-1bdz-n3bd
12
vulnerability VCID-9mpt-zxaw-kkeg
13
vulnerability VCID-attf-6gj8-ebaj
14
vulnerability VCID-au8h-vj9k-pufv
15
vulnerability VCID-bb8b-hq41-s7a6
16
vulnerability VCID-c3m7-fu62-2qd9
17
vulnerability VCID-drwp-htkk-bkfh
18
vulnerability VCID-e12b-tw2c-53c9
19
vulnerability VCID-e8j6-mybr-17fh
20
vulnerability VCID-f4a7-tcz5-byfj
21
vulnerability VCID-fcg9-xypn-ykhf
22
vulnerability VCID-fhp8-tck4-mye4
23
vulnerability VCID-fksk-pr23-2yd8
24
vulnerability VCID-fsaw-3ta1-x3dw
25
vulnerability VCID-g44a-m54u-97cr
26
vulnerability VCID-gfar-wbzc-3ubr
27
vulnerability VCID-hh9b-52xn-z7a9
28
vulnerability VCID-j81e-su1y-tqa6
29
vulnerability VCID-jgv9-vdbm-sycd
30
vulnerability VCID-jybd-p65h-xffy
31
vulnerability VCID-m1dr-sjmw-jfd2
32
vulnerability VCID-m33h-4p9q-63fb
33
vulnerability VCID-m4wa-xv9b-q7ce
34
vulnerability VCID-n2v7-jqjy-37bc
35
vulnerability VCID-n9vn-4uxr-hkau
36
vulnerability VCID-na9w-xkvx-cbhd
37
vulnerability VCID-nss9-1yrb-x7f2
38
vulnerability VCID-pa7y-gpwp-6qgj
39
vulnerability VCID-pgtx-cdua-kfb4
40
vulnerability VCID-q8r2-m9s6-rbek
41
vulnerability VCID-qgp1-4efd-6yg6
42
vulnerability VCID-qvfs-2v1h-p3h4
43
vulnerability VCID-qy1a-x3ff-4bc8
44
vulnerability VCID-s1rj-1xbw-fbg5
45
vulnerability VCID-shch-yusm-1uck
46
vulnerability VCID-shjc-2j68-2yfy
47
vulnerability VCID-u9q1-63gf-7feh
48
vulnerability VCID-ud73-4t2c-n3at
49
vulnerability VCID-vdpf-jddk-syda
50
vulnerability VCID-vgq9-s6th-yufg
51
vulnerability VCID-wa3g-27sx-mbcw
52
vulnerability VCID-whgc-pt2s-77ar
53
vulnerability VCID-wnxx-rc7w-cke4
54
vulnerability VCID-xcmd-18ck-gqae
55
vulnerability VCID-ynt9-h6ww-h7e9
56
vulnerability VCID-yreb-z7nz-jkbs
57
vulnerability VCID-yuda-1mur-8bbq
58
vulnerability VCID-z4x1-e7tp-rqhz
59
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
2
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-4kcg-gx5y-cuaw
3
vulnerability VCID-4tyd-97z5-z3ar
4
vulnerability VCID-55xg-pw9n-zkdy
5
vulnerability VCID-5xtt-au84-zbb2
6
vulnerability VCID-9gq3-whr8-s7b8
7
vulnerability VCID-9kvc-1bdz-n3bd
8
vulnerability VCID-abpe-htm1-9ubp
9
vulnerability VCID-bb8b-hq41-s7a6
10
vulnerability VCID-e12b-tw2c-53c9
11
vulnerability VCID-e8j6-mybr-17fh
12
vulnerability VCID-eqsc-axng-ckca
13
vulnerability VCID-fcg9-xypn-ykhf
14
vulnerability VCID-fsaw-3ta1-x3dw
15
vulnerability VCID-fsz5-dkw2-hyap
16
vulnerability VCID-fxuu-kk52-r7ch
17
vulnerability VCID-ga7z-wj4j-63h1
18
vulnerability VCID-hsjn-xnpp-5yeh
19
vulnerability VCID-jgv9-vdbm-sycd
20
vulnerability VCID-jybd-p65h-xffy
21
vulnerability VCID-kxdd-yzp3-r7cb
22
vulnerability VCID-m33h-4p9q-63fb
23
vulnerability VCID-m4am-h2ea-3ffr
24
vulnerability VCID-n2v7-jqjy-37bc
25
vulnerability VCID-pa7y-gpwp-6qgj
26
vulnerability VCID-phkp-9abp-f3dq
27
vulnerability VCID-qgp1-4efd-6yg6
28
vulnerability VCID-qy1a-x3ff-4bc8
29
vulnerability VCID-rqqc-ta7c-ykgx
30
vulnerability VCID-s1rj-1xbw-fbg5
31
vulnerability VCID-shch-yusm-1uck
32
vulnerability VCID-shjc-2j68-2yfy
33
vulnerability VCID-tktt-vg92-6kae
34
vulnerability VCID-tuqc-c251-h7ds
35
vulnerability VCID-ud73-4t2c-n3at
36
vulnerability VCID-vgq9-s6th-yufg
37
vulnerability VCID-w777-44ns-cybg
38
vulnerability VCID-wa3g-27sx-mbcw
39
vulnerability VCID-whgc-pt2s-77ar
40
vulnerability VCID-xcmd-18ck-gqae
41
vulnerability VCID-ynt9-h6ww-h7e9
42
vulnerability VCID-yuda-1mur-8bbq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
aliases CVE-2019-14235, GHSA-v9qg-3j8p-r63v, PYSEC-2019-14
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g44a-m54u-97cr
17
url VCID-gfar-wbzc-3ubr
vulnerability_id VCID-gfar-wbzc-3ubr
summary An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.strip_tags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14233.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14233.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14233
reference_id
reference_type
scores
0
value 0.06773
scoring_system epss
scoring_elements 0.9149
published_at 2026-06-09T12:55:00Z
1
value 0.06773
scoring_system epss
scoring_elements 0.91475
published_at 2026-06-08T12:55:00Z
2
value 0.06773
scoring_system epss
scoring_elements 0.91481
published_at 2026-06-06T12:55:00Z
3
value 0.06773
scoring_system epss
scoring_elements 0.91479
published_at 2026-06-07T12:55:00Z
4
value 0.06773
scoring_system epss
scoring_elements 0.91465
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14233
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14233
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14233
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14234
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14234
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14235
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14235
8
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
9
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
10
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
11
reference_url https://github.com/advisories/GHSA-h5jv-4p7w-64jg
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-h5jv-4p7w-64jg
12
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
13
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-12.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-12.yaml
14
reference_url https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
17
reference_url https://seclists.org/bugtraq/2019/Aug/15
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Aug/15
18
reference_url https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202004-17
19
reference_url https://security.netapp.com/advisory/ntap-20190828-0002
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190828-0002
20
reference_url https://security.netapp.com/advisory/ntap-20190828-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190828-0002/
21
reference_url https://www.debian.org/security/2019/dsa-4498
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4498
22
reference_url https://www.djangoproject.com/weblog/2019/aug/01/security-releases
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2019/aug/01/security-releases
23
reference_url https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
24
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1734410
reference_id 1734410
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1734410
25
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934026
reference_id 934026
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934026
26
reference_url https://security.archlinux.org/ASA-201908-2
reference_id ASA-201908-2
reference_type
scores
url https://security.archlinux.org/ASA-201908-2
27
reference_url https://security.archlinux.org/AVG-1015
reference_id AVG-1015
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1015
28
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14233
reference_id CVE-2019-14233
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-14233
29
reference_url https://access.redhat.com/errata/RHSA-2020:1324
reference_id RHSA-2020:1324
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1324
30
reference_url https://access.redhat.com/errata/RHSA-2020:4390
reference_id RHSA-2020:4390
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4390
31
reference_url https://usn.ubuntu.com/4084-1/
reference_id USN-4084-1
reference_type
scores
url https://usn.ubuntu.com/4084-1/
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-322v-ntsv-7uge
3
vulnerability VCID-3mfy-uj9u-d7de
4
vulnerability VCID-4cp2-k4mn-8ffj
5
vulnerability VCID-4kcg-gx5y-cuaw
6
vulnerability VCID-4tyd-97z5-z3ar
7
vulnerability VCID-4z4e-8ttu-tyd6
8
vulnerability VCID-51tx-4tp9-kbcz
9
vulnerability VCID-5q58-pzt4-8uey
10
vulnerability VCID-5xtt-au84-zbb2
11
vulnerability VCID-6jpg-yrf8-cufy
12
vulnerability VCID-7c5n-nzwk-v7bz
13
vulnerability VCID-9end-mq19-rke5
14
vulnerability VCID-9kvc-1bdz-n3bd
15
vulnerability VCID-9mpt-zxaw-kkeg
16
vulnerability VCID-attf-6gj8-ebaj
17
vulnerability VCID-au8h-vj9k-pufv
18
vulnerability VCID-bb8b-hq41-s7a6
19
vulnerability VCID-c3m7-fu62-2qd9
20
vulnerability VCID-c58g-7jpv-t7hc
21
vulnerability VCID-drwp-htkk-bkfh
22
vulnerability VCID-e12b-tw2c-53c9
23
vulnerability VCID-e8j6-mybr-17fh
24
vulnerability VCID-f1br-hvnm-wfdg
25
vulnerability VCID-f4a7-tcz5-byfj
26
vulnerability VCID-fcg9-xypn-ykhf
27
vulnerability VCID-fhp8-tck4-mye4
28
vulnerability VCID-fksk-pr23-2yd8
29
vulnerability VCID-fsaw-3ta1-x3dw
30
vulnerability VCID-g44a-m54u-97cr
31
vulnerability VCID-gfar-wbzc-3ubr
32
vulnerability VCID-hh9b-52xn-z7a9
33
vulnerability VCID-hpj4-a9fa-4bca
34
vulnerability VCID-j81e-su1y-tqa6
35
vulnerability VCID-jgv9-vdbm-sycd
36
vulnerability VCID-jybd-p65h-xffy
37
vulnerability VCID-kbab-v2gz-dfe6
38
vulnerability VCID-m1dr-sjmw-jfd2
39
vulnerability VCID-m33h-4p9q-63fb
40
vulnerability VCID-m4wa-xv9b-q7ce
41
vulnerability VCID-n2v7-jqjy-37bc
42
vulnerability VCID-n9vn-4uxr-hkau
43
vulnerability VCID-na9w-xkvx-cbhd
44
vulnerability VCID-nss9-1yrb-x7f2
45
vulnerability VCID-pa7y-gpwp-6qgj
46
vulnerability VCID-pgtx-cdua-kfb4
47
vulnerability VCID-q8r2-m9s6-rbek
48
vulnerability VCID-qgp1-4efd-6yg6
49
vulnerability VCID-qvfs-2v1h-p3h4
50
vulnerability VCID-qy1a-x3ff-4bc8
51
vulnerability VCID-s1rj-1xbw-fbg5
52
vulnerability VCID-shch-yusm-1uck
53
vulnerability VCID-shjc-2j68-2yfy
54
vulnerability VCID-t952-ghnf-jkby
55
vulnerability VCID-u9q1-63gf-7feh
56
vulnerability VCID-ud73-4t2c-n3at
57
vulnerability VCID-vdpf-jddk-syda
58
vulnerability VCID-vgq9-s6th-yufg
59
vulnerability VCID-wa3g-27sx-mbcw
60
vulnerability VCID-wch3-d92x-sudf
61
vulnerability VCID-whgc-pt2s-77ar
62
vulnerability VCID-wnxx-rc7w-cke4
63
vulnerability VCID-x61x-6b6k-h3bn
64
vulnerability VCID-xcmd-18ck-gqae
65
vulnerability VCID-ynt9-h6ww-h7e9
66
vulnerability VCID-yreb-z7nz-jkbs
67
vulnerability VCID-yuda-1mur-8bbq
68
vulnerability VCID-z4x1-e7tp-rqhz
69
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4cp2-k4mn-8ffj
3
vulnerability VCID-4kcg-gx5y-cuaw
4
vulnerability VCID-4tyd-97z5-z3ar
5
vulnerability VCID-4z4e-8ttu-tyd6
6
vulnerability VCID-51tx-4tp9-kbcz
7
vulnerability VCID-5q58-pzt4-8uey
8
vulnerability VCID-5xtt-au84-zbb2
9
vulnerability VCID-6jpg-yrf8-cufy
10
vulnerability VCID-9end-mq19-rke5
11
vulnerability VCID-9kvc-1bdz-n3bd
12
vulnerability VCID-9mpt-zxaw-kkeg
13
vulnerability VCID-attf-6gj8-ebaj
14
vulnerability VCID-au8h-vj9k-pufv
15
vulnerability VCID-bb8b-hq41-s7a6
16
vulnerability VCID-c3m7-fu62-2qd9
17
vulnerability VCID-drwp-htkk-bkfh
18
vulnerability VCID-e12b-tw2c-53c9
19
vulnerability VCID-e8j6-mybr-17fh
20
vulnerability VCID-f4a7-tcz5-byfj
21
vulnerability VCID-fcg9-xypn-ykhf
22
vulnerability VCID-fhp8-tck4-mye4
23
vulnerability VCID-fksk-pr23-2yd8
24
vulnerability VCID-fsaw-3ta1-x3dw
25
vulnerability VCID-g44a-m54u-97cr
26
vulnerability VCID-gfar-wbzc-3ubr
27
vulnerability VCID-hh9b-52xn-z7a9
28
vulnerability VCID-j81e-su1y-tqa6
29
vulnerability VCID-jgv9-vdbm-sycd
30
vulnerability VCID-jybd-p65h-xffy
31
vulnerability VCID-m1dr-sjmw-jfd2
32
vulnerability VCID-m33h-4p9q-63fb
33
vulnerability VCID-m4wa-xv9b-q7ce
34
vulnerability VCID-n2v7-jqjy-37bc
35
vulnerability VCID-n9vn-4uxr-hkau
36
vulnerability VCID-na9w-xkvx-cbhd
37
vulnerability VCID-nss9-1yrb-x7f2
38
vulnerability VCID-pa7y-gpwp-6qgj
39
vulnerability VCID-pgtx-cdua-kfb4
40
vulnerability VCID-q8r2-m9s6-rbek
41
vulnerability VCID-qgp1-4efd-6yg6
42
vulnerability VCID-qvfs-2v1h-p3h4
43
vulnerability VCID-qy1a-x3ff-4bc8
44
vulnerability VCID-s1rj-1xbw-fbg5
45
vulnerability VCID-shch-yusm-1uck
46
vulnerability VCID-shjc-2j68-2yfy
47
vulnerability VCID-u9q1-63gf-7feh
48
vulnerability VCID-ud73-4t2c-n3at
49
vulnerability VCID-vdpf-jddk-syda
50
vulnerability VCID-vgq9-s6th-yufg
51
vulnerability VCID-wa3g-27sx-mbcw
52
vulnerability VCID-whgc-pt2s-77ar
53
vulnerability VCID-wnxx-rc7w-cke4
54
vulnerability VCID-xcmd-18ck-gqae
55
vulnerability VCID-ynt9-h6ww-h7e9
56
vulnerability VCID-yreb-z7nz-jkbs
57
vulnerability VCID-yuda-1mur-8bbq
58
vulnerability VCID-z4x1-e7tp-rqhz
59
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
2
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-4kcg-gx5y-cuaw
3
vulnerability VCID-4tyd-97z5-z3ar
4
vulnerability VCID-55xg-pw9n-zkdy
5
vulnerability VCID-5xtt-au84-zbb2
6
vulnerability VCID-9gq3-whr8-s7b8
7
vulnerability VCID-9kvc-1bdz-n3bd
8
vulnerability VCID-abpe-htm1-9ubp
9
vulnerability VCID-bb8b-hq41-s7a6
10
vulnerability VCID-e12b-tw2c-53c9
11
vulnerability VCID-e8j6-mybr-17fh
12
vulnerability VCID-eqsc-axng-ckca
13
vulnerability VCID-fcg9-xypn-ykhf
14
vulnerability VCID-fsaw-3ta1-x3dw
15
vulnerability VCID-fsz5-dkw2-hyap
16
vulnerability VCID-fxuu-kk52-r7ch
17
vulnerability VCID-ga7z-wj4j-63h1
18
vulnerability VCID-hsjn-xnpp-5yeh
19
vulnerability VCID-jgv9-vdbm-sycd
20
vulnerability VCID-jybd-p65h-xffy
21
vulnerability VCID-kxdd-yzp3-r7cb
22
vulnerability VCID-m33h-4p9q-63fb
23
vulnerability VCID-m4am-h2ea-3ffr
24
vulnerability VCID-n2v7-jqjy-37bc
25
vulnerability VCID-pa7y-gpwp-6qgj
26
vulnerability VCID-phkp-9abp-f3dq
27
vulnerability VCID-qgp1-4efd-6yg6
28
vulnerability VCID-qy1a-x3ff-4bc8
29
vulnerability VCID-rqqc-ta7c-ykgx
30
vulnerability VCID-s1rj-1xbw-fbg5
31
vulnerability VCID-shch-yusm-1uck
32
vulnerability VCID-shjc-2j68-2yfy
33
vulnerability VCID-tktt-vg92-6kae
34
vulnerability VCID-tuqc-c251-h7ds
35
vulnerability VCID-ud73-4t2c-n3at
36
vulnerability VCID-vgq9-s6th-yufg
37
vulnerability VCID-w777-44ns-cybg
38
vulnerability VCID-wa3g-27sx-mbcw
39
vulnerability VCID-whgc-pt2s-77ar
40
vulnerability VCID-xcmd-18ck-gqae
41
vulnerability VCID-ynt9-h6ww-h7e9
42
vulnerability VCID-yuda-1mur-8bbq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
aliases CVE-2019-14233, GHSA-h5jv-4p7w-64jg, PYSEC-2019-12
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gfar-wbzc-3ubr
18
url VCID-hpj4-a9fa-4bca
vulnerability_id VCID-hpj4-a9fa-4bca
summary In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with "DEBUG = True" (which makes this page accessible) in your production settings.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12794.json
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12794.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-12794
reference_id
reference_type
scores
0
value 0.09727
scoring_system epss
scoring_elements 0.93084
published_at 2026-06-04T12:55:00Z
1
value 0.09727
scoring_system epss
scoring_elements 0.93095
published_at 2026-06-05T12:55:00Z
2
value 0.09727
scoring_system epss
scoring_elements 0.93088
published_at 2026-06-08T12:55:00Z
3
value 0.09727
scoring_system epss
scoring_elements 0.9309
published_at 2026-06-07T12:55:00Z
4
value 0.09727
scoring_system epss
scoring_elements 0.93093
published_at 2026-06-06T12:55:00Z
5
value 0.09727
scoring_system epss
scoring_elements 0.93096
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-12794
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12794
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12794
3
reference_url https://github.com/advisories/GHSA-9r8w-6x8c-6jr9
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-9r8w-6x8c-6jr9
4
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
5
reference_url https://github.com/django/django/commit/58e08e80e362db79eb0fd775dc81faad90dca47a
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/58e08e80e362db79eb0fd775dc81faad90dca47a
6
reference_url https://github.com/django/django/commit/e35a0c56086924f331e9422daa266e907a4784cc
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/e35a0c56086924f331e9422daa266e907a4784cc
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2017-44.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2017-44.yaml
8
reference_url https://usn.ubuntu.com/3559-1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3559-1
9
reference_url https://usn.ubuntu.com/3559-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3559-1/
10
reference_url https://web.archive.org/web/20170927072701/http://www.securitytracker.com/id/1039264
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20170927072701/http://www.securitytracker.com/id/1039264
11
reference_url https://web.archive.org/web/20200227150819/http://www.securityfocus.com/bid/100643
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200227150819/http://www.securityfocus.com/bid/100643
12
reference_url https://www.djangoproject.com/weblog/2017/sep/05/security-releases
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2017/sep/05/security-releases
13
reference_url https://www.djangoproject.com/weblog/2017/sep/05/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2017/sep/05/security-releases/
14
reference_url http://www.securityfocus.com/bid/100643
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/100643
15
reference_url http://www.securitytracker.com/id/1039264
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1039264
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1486451
reference_id 1486451
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1486451
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874415
reference_id 874415
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874415
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-12794
reference_id CVE-2017-12794
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-12794
fixed_packages
0
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4cp2-k4mn-8ffj
3
vulnerability VCID-4kcg-gx5y-cuaw
4
vulnerability VCID-4tyd-97z5-z3ar
5
vulnerability VCID-4z4e-8ttu-tyd6
6
vulnerability VCID-51tx-4tp9-kbcz
7
vulnerability VCID-5q58-pzt4-8uey
8
vulnerability VCID-5xtt-au84-zbb2
9
vulnerability VCID-6jpg-yrf8-cufy
10
vulnerability VCID-9end-mq19-rke5
11
vulnerability VCID-9kvc-1bdz-n3bd
12
vulnerability VCID-9mpt-zxaw-kkeg
13
vulnerability VCID-attf-6gj8-ebaj
14
vulnerability VCID-au8h-vj9k-pufv
15
vulnerability VCID-bb8b-hq41-s7a6
16
vulnerability VCID-c3m7-fu62-2qd9
17
vulnerability VCID-drwp-htkk-bkfh
18
vulnerability VCID-e12b-tw2c-53c9
19
vulnerability VCID-e8j6-mybr-17fh
20
vulnerability VCID-f4a7-tcz5-byfj
21
vulnerability VCID-fcg9-xypn-ykhf
22
vulnerability VCID-fhp8-tck4-mye4
23
vulnerability VCID-fksk-pr23-2yd8
24
vulnerability VCID-fsaw-3ta1-x3dw
25
vulnerability VCID-g44a-m54u-97cr
26
vulnerability VCID-gfar-wbzc-3ubr
27
vulnerability VCID-hh9b-52xn-z7a9
28
vulnerability VCID-j81e-su1y-tqa6
29
vulnerability VCID-jgv9-vdbm-sycd
30
vulnerability VCID-jybd-p65h-xffy
31
vulnerability VCID-m1dr-sjmw-jfd2
32
vulnerability VCID-m33h-4p9q-63fb
33
vulnerability VCID-m4wa-xv9b-q7ce
34
vulnerability VCID-n2v7-jqjy-37bc
35
vulnerability VCID-n9vn-4uxr-hkau
36
vulnerability VCID-na9w-xkvx-cbhd
37
vulnerability VCID-nss9-1yrb-x7f2
38
vulnerability VCID-pa7y-gpwp-6qgj
39
vulnerability VCID-pgtx-cdua-kfb4
40
vulnerability VCID-q8r2-m9s6-rbek
41
vulnerability VCID-qgp1-4efd-6yg6
42
vulnerability VCID-qvfs-2v1h-p3h4
43
vulnerability VCID-qy1a-x3ff-4bc8
44
vulnerability VCID-s1rj-1xbw-fbg5
45
vulnerability VCID-shch-yusm-1uck
46
vulnerability VCID-shjc-2j68-2yfy
47
vulnerability VCID-u9q1-63gf-7feh
48
vulnerability VCID-ud73-4t2c-n3at
49
vulnerability VCID-vdpf-jddk-syda
50
vulnerability VCID-vgq9-s6th-yufg
51
vulnerability VCID-wa3g-27sx-mbcw
52
vulnerability VCID-whgc-pt2s-77ar
53
vulnerability VCID-wnxx-rc7w-cke4
54
vulnerability VCID-xcmd-18ck-gqae
55
vulnerability VCID-ynt9-h6ww-h7e9
56
vulnerability VCID-yreb-z7nz-jkbs
57
vulnerability VCID-yuda-1mur-8bbq
58
vulnerability VCID-z4x1-e7tp-rqhz
59
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
aliases CVE-2017-12794, GHSA-9r8w-6x8c-6jr9, PYSEC-2017-44
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hpj4-a9fa-4bca
19
url VCID-jgv9-vdbm-sycd
vulnerability_id VCID-jgv9-vdbm-sycd
summary An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41989.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41989.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-41989
reference_id
reference_type
scores
0
value 0.01386
scoring_system epss
scoring_elements 0.8069
published_at 2026-06-05T12:55:00Z
1
value 0.01386
scoring_system epss
scoring_elements 0.80705
published_at 2026-06-09T12:55:00Z
2
value 0.01386
scoring_system epss
scoring_elements 0.80693
published_at 2026-06-06T12:55:00Z
3
value 0.01386
scoring_system epss
scoring_elements 0.80685
published_at 2026-06-08T12:55:00Z
4
value 0.01386
scoring_system epss
scoring_elements 0.80689
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-41989
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
26
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T19:34:43Z/
url https://docs.djangoproject.com/en/dev/releases/security/
27
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
28
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
29
reference_url https://github.com/django/django/commit/27900fe56f3d3cabb4aeb6ccb82f92bab29073a8
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/27900fe56f3d3cabb4aeb6ccb82f92bab29073a8
30
reference_url https://github.com/django/django/commit/fc76660f589ac07e45e9cd34ccb8087aeb11904b
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/fc76660f589ac07e45e9cd34ccb8087aeb11904b
31
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-67.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-67.yaml
32
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T19:34:43Z/
url https://groups.google.com/forum/#%21forum/django-announce
33
reference_url https://security.netapp.com/advisory/ntap-20240905-0007
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240905-0007
34
reference_url https://www.djangoproject.com/weblog/2024/aug/06/security-releases
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2024/aug/06/security-releases
35
reference_url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T19:34:43Z/
url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
36
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074
reference_id 1078074
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074
37
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2302433
reference_id 2302433
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2302433
38
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-41989
reference_id CVE-2024-41989
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-41989
39
reference_url https://github.com/advisories/GHSA-jh75-99hh-qvx9
reference_id GHSA-jh75-99hh-qvx9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jh75-99hh-qvx9
40
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
41
reference_url https://access.redhat.com/errata/RHSA-2024:6428
reference_id RHSA-2024:6428
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6428
42
reference_url https://access.redhat.com/errata/RHSA-2024:8534
reference_id RHSA-2024:8534
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8534
43
reference_url https://access.redhat.com/errata/RHSA-2025:1335
reference_id RHSA-2025:1335
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1335
44
reference_url https://usn.ubuntu.com/6946-1/
reference_id USN-6946-1
reference_type
scores
url https://usn.ubuntu.com/6946-1/
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-322v-ntsv-7uge
3
vulnerability VCID-3mfy-uj9u-d7de
4
vulnerability VCID-4cp2-k4mn-8ffj
5
vulnerability VCID-4kcg-gx5y-cuaw
6
vulnerability VCID-4tyd-97z5-z3ar
7
vulnerability VCID-4z4e-8ttu-tyd6
8
vulnerability VCID-51tx-4tp9-kbcz
9
vulnerability VCID-5q58-pzt4-8uey
10
vulnerability VCID-5xtt-au84-zbb2
11
vulnerability VCID-6jpg-yrf8-cufy
12
vulnerability VCID-7c5n-nzwk-v7bz
13
vulnerability VCID-9end-mq19-rke5
14
vulnerability VCID-9kvc-1bdz-n3bd
15
vulnerability VCID-9mpt-zxaw-kkeg
16
vulnerability VCID-attf-6gj8-ebaj
17
vulnerability VCID-au8h-vj9k-pufv
18
vulnerability VCID-bb8b-hq41-s7a6
19
vulnerability VCID-c3m7-fu62-2qd9
20
vulnerability VCID-c58g-7jpv-t7hc
21
vulnerability VCID-drwp-htkk-bkfh
22
vulnerability VCID-e12b-tw2c-53c9
23
vulnerability VCID-e8j6-mybr-17fh
24
vulnerability VCID-f1br-hvnm-wfdg
25
vulnerability VCID-f4a7-tcz5-byfj
26
vulnerability VCID-fcg9-xypn-ykhf
27
vulnerability VCID-fhp8-tck4-mye4
28
vulnerability VCID-fksk-pr23-2yd8
29
vulnerability VCID-fsaw-3ta1-x3dw
30
vulnerability VCID-g44a-m54u-97cr
31
vulnerability VCID-gfar-wbzc-3ubr
32
vulnerability VCID-hh9b-52xn-z7a9
33
vulnerability VCID-hpj4-a9fa-4bca
34
vulnerability VCID-j81e-su1y-tqa6
35
vulnerability VCID-jgv9-vdbm-sycd
36
vulnerability VCID-jybd-p65h-xffy
37
vulnerability VCID-kbab-v2gz-dfe6
38
vulnerability VCID-m1dr-sjmw-jfd2
39
vulnerability VCID-m33h-4p9q-63fb
40
vulnerability VCID-m4wa-xv9b-q7ce
41
vulnerability VCID-n2v7-jqjy-37bc
42
vulnerability VCID-n9vn-4uxr-hkau
43
vulnerability VCID-na9w-xkvx-cbhd
44
vulnerability VCID-nss9-1yrb-x7f2
45
vulnerability VCID-pa7y-gpwp-6qgj
46
vulnerability VCID-pgtx-cdua-kfb4
47
vulnerability VCID-q8r2-m9s6-rbek
48
vulnerability VCID-qgp1-4efd-6yg6
49
vulnerability VCID-qvfs-2v1h-p3h4
50
vulnerability VCID-qy1a-x3ff-4bc8
51
vulnerability VCID-s1rj-1xbw-fbg5
52
vulnerability VCID-shch-yusm-1uck
53
vulnerability VCID-shjc-2j68-2yfy
54
vulnerability VCID-t952-ghnf-jkby
55
vulnerability VCID-u9q1-63gf-7feh
56
vulnerability VCID-ud73-4t2c-n3at
57
vulnerability VCID-vdpf-jddk-syda
58
vulnerability VCID-vgq9-s6th-yufg
59
vulnerability VCID-wa3g-27sx-mbcw
60
vulnerability VCID-wch3-d92x-sudf
61
vulnerability VCID-whgc-pt2s-77ar
62
vulnerability VCID-wnxx-rc7w-cke4
63
vulnerability VCID-x61x-6b6k-h3bn
64
vulnerability VCID-xcmd-18ck-gqae
65
vulnerability VCID-ynt9-h6ww-h7e9
66
vulnerability VCID-yreb-z7nz-jkbs
67
vulnerability VCID-yuda-1mur-8bbq
68
vulnerability VCID-z4x1-e7tp-rqhz
69
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4cp2-k4mn-8ffj
3
vulnerability VCID-4kcg-gx5y-cuaw
4
vulnerability VCID-4tyd-97z5-z3ar
5
vulnerability VCID-4z4e-8ttu-tyd6
6
vulnerability VCID-51tx-4tp9-kbcz
7
vulnerability VCID-5q58-pzt4-8uey
8
vulnerability VCID-5xtt-au84-zbb2
9
vulnerability VCID-6jpg-yrf8-cufy
10
vulnerability VCID-9end-mq19-rke5
11
vulnerability VCID-9kvc-1bdz-n3bd
12
vulnerability VCID-9mpt-zxaw-kkeg
13
vulnerability VCID-attf-6gj8-ebaj
14
vulnerability VCID-au8h-vj9k-pufv
15
vulnerability VCID-bb8b-hq41-s7a6
16
vulnerability VCID-c3m7-fu62-2qd9
17
vulnerability VCID-drwp-htkk-bkfh
18
vulnerability VCID-e12b-tw2c-53c9
19
vulnerability VCID-e8j6-mybr-17fh
20
vulnerability VCID-f4a7-tcz5-byfj
21
vulnerability VCID-fcg9-xypn-ykhf
22
vulnerability VCID-fhp8-tck4-mye4
23
vulnerability VCID-fksk-pr23-2yd8
24
vulnerability VCID-fsaw-3ta1-x3dw
25
vulnerability VCID-g44a-m54u-97cr
26
vulnerability VCID-gfar-wbzc-3ubr
27
vulnerability VCID-hh9b-52xn-z7a9
28
vulnerability VCID-j81e-su1y-tqa6
29
vulnerability VCID-jgv9-vdbm-sycd
30
vulnerability VCID-jybd-p65h-xffy
31
vulnerability VCID-m1dr-sjmw-jfd2
32
vulnerability VCID-m33h-4p9q-63fb
33
vulnerability VCID-m4wa-xv9b-q7ce
34
vulnerability VCID-n2v7-jqjy-37bc
35
vulnerability VCID-n9vn-4uxr-hkau
36
vulnerability VCID-na9w-xkvx-cbhd
37
vulnerability VCID-nss9-1yrb-x7f2
38
vulnerability VCID-pa7y-gpwp-6qgj
39
vulnerability VCID-pgtx-cdua-kfb4
40
vulnerability VCID-q8r2-m9s6-rbek
41
vulnerability VCID-qgp1-4efd-6yg6
42
vulnerability VCID-qvfs-2v1h-p3h4
43
vulnerability VCID-qy1a-x3ff-4bc8
44
vulnerability VCID-s1rj-1xbw-fbg5
45
vulnerability VCID-shch-yusm-1uck
46
vulnerability VCID-shjc-2j68-2yfy
47
vulnerability VCID-u9q1-63gf-7feh
48
vulnerability VCID-ud73-4t2c-n3at
49
vulnerability VCID-vdpf-jddk-syda
50
vulnerability VCID-vgq9-s6th-yufg
51
vulnerability VCID-wa3g-27sx-mbcw
52
vulnerability VCID-whgc-pt2s-77ar
53
vulnerability VCID-wnxx-rc7w-cke4
54
vulnerability VCID-xcmd-18ck-gqae
55
vulnerability VCID-ynt9-h6ww-h7e9
56
vulnerability VCID-yreb-z7nz-jkbs
57
vulnerability VCID-yuda-1mur-8bbq
58
vulnerability VCID-z4x1-e7tp-rqhz
59
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
2
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-55xg-pw9n-zkdy
3
vulnerability VCID-9gq3-whr8-s7b8
4
vulnerability VCID-abpe-htm1-9ubp
5
vulnerability VCID-eqsc-axng-ckca
6
vulnerability VCID-fsz5-dkw2-hyap
7
vulnerability VCID-fxuu-kk52-r7ch
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-kxdd-yzp3-r7cb
11
vulnerability VCID-m4am-h2ea-3ffr
12
vulnerability VCID-phkp-9abp-f3dq
13
vulnerability VCID-rqqc-ta7c-ykgx
14
vulnerability VCID-tktt-vg92-6kae
15
vulnerability VCID-tuqc-c251-h7ds
16
vulnerability VCID-w777-44ns-cybg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
aliases BIT-django-2024-41989, CVE-2024-41989, GHSA-jh75-99hh-qvx9, PYSEC-2024-67
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jgv9-vdbm-sycd
20
url VCID-kbab-v2gz-dfe6
vulnerability_id VCID-kbab-v2gz-dfe6
summary An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provided as a URL query parameter payload, could result in an clickable JavaScript link.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12308.json
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12308.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12308
reference_id
reference_type
scores
0
value 0.02803
scoring_system epss
scoring_elements 0.86411
published_at 2026-06-07T12:55:00Z
1
value 0.02803
scoring_system epss
scoring_elements 0.86412
published_at 2026-06-09T12:55:00Z
2
value 0.02803
scoring_system epss
scoring_elements 0.86399
published_at 2026-06-08T12:55:00Z
3
value 0.02803
scoring_system epss
scoring_elements 0.86415
published_at 2026-06-06T12:55:00Z
4
value 0.02803
scoring_system epss
scoring_elements 0.86414
published_at 2026-06-05T12:55:00Z
5
value 0.02803
scoring_system epss
scoring_elements 0.86391
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12308
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12308
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12308
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12781
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12781
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6975
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6975
7
reference_url https://docs.djangoproject.com/en/dev/releases/1.11.21
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/1.11.21
8
reference_url https://docs.djangoproject.com/en/dev/releases/1.11.21/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/1.11.21/
9
reference_url https://docs.djangoproject.com/en/dev/releases/2.1.9
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/2.1.9
10
reference_url https://docs.djangoproject.com/en/dev/releases/2.1.9/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/2.1.9/
11
reference_url https://docs.djangoproject.com/en/dev/releases/2.2.2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/2.2.2
12
reference_url https://docs.djangoproject.com/en/dev/releases/2.2.2/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/2.2.2/
13
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
14
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
15
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
16
reference_url https://github.com/advisories/GHSA-7rp2-fm2h-wchj
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-7rp2-fm2h-wchj
17
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
18
reference_url https://github.com/django/django/commit/09186a13d975de6d049f8b3e05484f66b01ece62
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/09186a13d975de6d049f8b3e05484f66b01ece62
19
reference_url https://github.com/django/django/commit/afddabf8428ddc89a332f7a78d0d21eaf2b5a673
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/afddabf8428ddc89a332f7a78d0d21eaf2b5a673
20
reference_url https://github.com/django/django/commit/c238701859a52d584f349cce15d56c8e8137c52b
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/c238701859a52d584f349cce15d56c8e8137c52b
21
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-79.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-79.yaml
22
reference_url https://groups.google.com/forum/#!topic/django-announce/GEbHU7YoVz8
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/django-announce/GEbHU7YoVz8
23
reference_url https://lists.debian.org/debian-lts-announce/2019/06/msg00001.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/06/msg00001.html
24
reference_url https://lists.debian.org/debian-lts-announce/2019/07/msg00001.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/07/msg00001.html
25
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USYRARSYB7PE3S2ZQO7PZNWMH7RPGL5G
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USYRARSYB7PE3S2ZQO7PZNWMH7RPGL5G
26
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USYRARSYB7PE3S2ZQO7PZNWMH7RPGL5G/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USYRARSYB7PE3S2ZQO7PZNWMH7RPGL5G/
27
reference_url https://seclists.org/bugtraq/2019/Jul/10
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Jul/10
28
reference_url https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202004-17
29
reference_url https://usn.ubuntu.com/4043-1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4043-1
30
reference_url https://usn.ubuntu.com/4043-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4043-1/
31
reference_url https://www.debian.org/security/2019/dsa-4476
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4476
32
reference_url https://www.djangoproject.com/weblog/2019/jun/03/security-releases
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2019/jun/03/security-releases
33
reference_url https://www.djangoproject.com/weblog/2019/jun/03/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/jun/03/security-releases/
34
reference_url http://www.openwall.com/lists/oss-security/2019/06/03/2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2019/06/03/2
35
reference_url http://www.securityfocus.com/bid/108559
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/108559
36
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1715915
reference_id 1715915
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1715915
37
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929927
reference_id 929927
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929927
38
reference_url https://security.archlinux.org/ASA-201906-2
reference_id ASA-201906-2
reference_type
scores
url https://security.archlinux.org/ASA-201906-2
39
reference_url https://security.archlinux.org/AVG-969
reference_id AVG-969
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-969
40
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12308
reference_id CVE-2019-12308
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12308
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-322v-ntsv-7uge
3
vulnerability VCID-3mfy-uj9u-d7de
4
vulnerability VCID-4cp2-k4mn-8ffj
5
vulnerability VCID-4kcg-gx5y-cuaw
6
vulnerability VCID-4tyd-97z5-z3ar
7
vulnerability VCID-4z4e-8ttu-tyd6
8
vulnerability VCID-51tx-4tp9-kbcz
9
vulnerability VCID-5q58-pzt4-8uey
10
vulnerability VCID-5xtt-au84-zbb2
11
vulnerability VCID-6jpg-yrf8-cufy
12
vulnerability VCID-7c5n-nzwk-v7bz
13
vulnerability VCID-9end-mq19-rke5
14
vulnerability VCID-9kvc-1bdz-n3bd
15
vulnerability VCID-9mpt-zxaw-kkeg
16
vulnerability VCID-attf-6gj8-ebaj
17
vulnerability VCID-au8h-vj9k-pufv
18
vulnerability VCID-bb8b-hq41-s7a6
19
vulnerability VCID-c3m7-fu62-2qd9
20
vulnerability VCID-c58g-7jpv-t7hc
21
vulnerability VCID-drwp-htkk-bkfh
22
vulnerability VCID-e12b-tw2c-53c9
23
vulnerability VCID-e8j6-mybr-17fh
24
vulnerability VCID-f1br-hvnm-wfdg
25
vulnerability VCID-f4a7-tcz5-byfj
26
vulnerability VCID-fcg9-xypn-ykhf
27
vulnerability VCID-fhp8-tck4-mye4
28
vulnerability VCID-fksk-pr23-2yd8
29
vulnerability VCID-fsaw-3ta1-x3dw
30
vulnerability VCID-g44a-m54u-97cr
31
vulnerability VCID-gfar-wbzc-3ubr
32
vulnerability VCID-hh9b-52xn-z7a9
33
vulnerability VCID-hpj4-a9fa-4bca
34
vulnerability VCID-j81e-su1y-tqa6
35
vulnerability VCID-jgv9-vdbm-sycd
36
vulnerability VCID-jybd-p65h-xffy
37
vulnerability VCID-kbab-v2gz-dfe6
38
vulnerability VCID-m1dr-sjmw-jfd2
39
vulnerability VCID-m33h-4p9q-63fb
40
vulnerability VCID-m4wa-xv9b-q7ce
41
vulnerability VCID-n2v7-jqjy-37bc
42
vulnerability VCID-n9vn-4uxr-hkau
43
vulnerability VCID-na9w-xkvx-cbhd
44
vulnerability VCID-nss9-1yrb-x7f2
45
vulnerability VCID-pa7y-gpwp-6qgj
46
vulnerability VCID-pgtx-cdua-kfb4
47
vulnerability VCID-q8r2-m9s6-rbek
48
vulnerability VCID-qgp1-4efd-6yg6
49
vulnerability VCID-qvfs-2v1h-p3h4
50
vulnerability VCID-qy1a-x3ff-4bc8
51
vulnerability VCID-s1rj-1xbw-fbg5
52
vulnerability VCID-shch-yusm-1uck
53
vulnerability VCID-shjc-2j68-2yfy
54
vulnerability VCID-t952-ghnf-jkby
55
vulnerability VCID-u9q1-63gf-7feh
56
vulnerability VCID-ud73-4t2c-n3at
57
vulnerability VCID-vdpf-jddk-syda
58
vulnerability VCID-vgq9-s6th-yufg
59
vulnerability VCID-wa3g-27sx-mbcw
60
vulnerability VCID-wch3-d92x-sudf
61
vulnerability VCID-whgc-pt2s-77ar
62
vulnerability VCID-wnxx-rc7w-cke4
63
vulnerability VCID-x61x-6b6k-h3bn
64
vulnerability VCID-xcmd-18ck-gqae
65
vulnerability VCID-ynt9-h6ww-h7e9
66
vulnerability VCID-yreb-z7nz-jkbs
67
vulnerability VCID-yuda-1mur-8bbq
68
vulnerability VCID-z4x1-e7tp-rqhz
69
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4cp2-k4mn-8ffj
3
vulnerability VCID-4kcg-gx5y-cuaw
4
vulnerability VCID-4tyd-97z5-z3ar
5
vulnerability VCID-4z4e-8ttu-tyd6
6
vulnerability VCID-51tx-4tp9-kbcz
7
vulnerability VCID-5q58-pzt4-8uey
8
vulnerability VCID-5xtt-au84-zbb2
9
vulnerability VCID-6jpg-yrf8-cufy
10
vulnerability VCID-9end-mq19-rke5
11
vulnerability VCID-9kvc-1bdz-n3bd
12
vulnerability VCID-9mpt-zxaw-kkeg
13
vulnerability VCID-attf-6gj8-ebaj
14
vulnerability VCID-au8h-vj9k-pufv
15
vulnerability VCID-bb8b-hq41-s7a6
16
vulnerability VCID-c3m7-fu62-2qd9
17
vulnerability VCID-drwp-htkk-bkfh
18
vulnerability VCID-e12b-tw2c-53c9
19
vulnerability VCID-e8j6-mybr-17fh
20
vulnerability VCID-f4a7-tcz5-byfj
21
vulnerability VCID-fcg9-xypn-ykhf
22
vulnerability VCID-fhp8-tck4-mye4
23
vulnerability VCID-fksk-pr23-2yd8
24
vulnerability VCID-fsaw-3ta1-x3dw
25
vulnerability VCID-g44a-m54u-97cr
26
vulnerability VCID-gfar-wbzc-3ubr
27
vulnerability VCID-hh9b-52xn-z7a9
28
vulnerability VCID-j81e-su1y-tqa6
29
vulnerability VCID-jgv9-vdbm-sycd
30
vulnerability VCID-jybd-p65h-xffy
31
vulnerability VCID-m1dr-sjmw-jfd2
32
vulnerability VCID-m33h-4p9q-63fb
33
vulnerability VCID-m4wa-xv9b-q7ce
34
vulnerability VCID-n2v7-jqjy-37bc
35
vulnerability VCID-n9vn-4uxr-hkau
36
vulnerability VCID-na9w-xkvx-cbhd
37
vulnerability VCID-nss9-1yrb-x7f2
38
vulnerability VCID-pa7y-gpwp-6qgj
39
vulnerability VCID-pgtx-cdua-kfb4
40
vulnerability VCID-q8r2-m9s6-rbek
41
vulnerability VCID-qgp1-4efd-6yg6
42
vulnerability VCID-qvfs-2v1h-p3h4
43
vulnerability VCID-qy1a-x3ff-4bc8
44
vulnerability VCID-s1rj-1xbw-fbg5
45
vulnerability VCID-shch-yusm-1uck
46
vulnerability VCID-shjc-2j68-2yfy
47
vulnerability VCID-u9q1-63gf-7feh
48
vulnerability VCID-ud73-4t2c-n3at
49
vulnerability VCID-vdpf-jddk-syda
50
vulnerability VCID-vgq9-s6th-yufg
51
vulnerability VCID-wa3g-27sx-mbcw
52
vulnerability VCID-whgc-pt2s-77ar
53
vulnerability VCID-wnxx-rc7w-cke4
54
vulnerability VCID-xcmd-18ck-gqae
55
vulnerability VCID-ynt9-h6ww-h7e9
56
vulnerability VCID-yreb-z7nz-jkbs
57
vulnerability VCID-yuda-1mur-8bbq
58
vulnerability VCID-z4x1-e7tp-rqhz
59
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
aliases CVE-2019-12308, GHSA-7rp2-fm2h-wchj, PYSEC-2019-79
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kbab-v2gz-dfe6
21
url VCID-m33h-4p9q-63fb
vulnerability_id VCID-m33h-4p9q-63fb
summary In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43665.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43665.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-43665
reference_id
reference_type
scores
0
value 0.0279
scoring_system epss
scoring_elements 0.86379
published_at 2026-06-09T12:55:00Z
1
value 0.0279
scoring_system epss
scoring_elements 0.86366
published_at 2026-06-08T12:55:00Z
2
value 0.0279
scoring_system epss
scoring_elements 0.86378
published_at 2026-06-07T12:55:00Z
3
value 0.0279
scoring_system epss
scoring_elements 0.86382
published_at 2026-06-06T12:55:00Z
4
value 0.0279
scoring_system epss
scoring_elements 0.86381
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-43665
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/4.2/releases/security
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/4.2/releases/security
26
reference_url https://docs.djangoproject.com/en/4.2/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.2/releases/security/
27
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
28
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
29
reference_url https://github.com/django/django/commit/be9c27c4d18c2e6a5be8af4e53c0797440794473
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/be9c27c4d18c2e6a5be8af4e53c0797440794473
30
reference_url https://github.com/django/django/commit/c7b7024742250414e426ad49fb80db943e7ba4e8
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/c7b7024742250414e426ad49fb80db943e7ba4e8
31
reference_url https://github.com/django/django/commit/ccdade1a0262537868d7ca64374de3d957ca50c5
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/ccdade1a0262537868d7ca64374de3d957ca50c5
32
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-226.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-226.yaml
33
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#%21forum/django-announce
34
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!forum/django-announce
35
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
36
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
37
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
38
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
39
reference_url https://security.netapp.com/advisory/ntap-20231221-0001
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20231221-0001
40
reference_url https://www.djangoproject.com/weblog/2023/oct/04/security-releases
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2023/oct/04/security-releases
41
reference_url https://www.djangoproject.com/weblog/2023/oct/04/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/oct/04/security-releases/
42
reference_url http://www.openwall.com/lists/oss-security/2024/03/04/1
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2024/03/04/1
43
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053475
reference_id 1053475
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053475
44
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2241046
reference_id 2241046
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2241046
45
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-43665
reference_id CVE-2023-43665
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-43665
46
reference_url https://github.com/advisories/GHSA-h8gc-pgj2-vjm3
reference_id GHSA-h8gc-pgj2-vjm3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h8gc-pgj2-vjm3
47
reference_url https://access.redhat.com/errata/RHSA-2023:6158
reference_id RHSA-2023:6158
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6158
48
reference_url https://access.redhat.com/errata/RHSA-2024:1878
reference_id RHSA-2024:1878
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1878
49
reference_url https://usn.ubuntu.com/6414-1/
reference_id USN-6414-1
reference_type
scores
url https://usn.ubuntu.com/6414-1/
50
reference_url https://usn.ubuntu.com/6414-2/
reference_id USN-6414-2
reference_type
scores
url https://usn.ubuntu.com/6414-2/
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-322v-ntsv-7uge
3
vulnerability VCID-3mfy-uj9u-d7de
4
vulnerability VCID-4cp2-k4mn-8ffj
5
vulnerability VCID-4kcg-gx5y-cuaw
6
vulnerability VCID-4tyd-97z5-z3ar
7
vulnerability VCID-4z4e-8ttu-tyd6
8
vulnerability VCID-51tx-4tp9-kbcz
9
vulnerability VCID-5q58-pzt4-8uey
10
vulnerability VCID-5xtt-au84-zbb2
11
vulnerability VCID-6jpg-yrf8-cufy
12
vulnerability VCID-7c5n-nzwk-v7bz
13
vulnerability VCID-9end-mq19-rke5
14
vulnerability VCID-9kvc-1bdz-n3bd
15
vulnerability VCID-9mpt-zxaw-kkeg
16
vulnerability VCID-attf-6gj8-ebaj
17
vulnerability VCID-au8h-vj9k-pufv
18
vulnerability VCID-bb8b-hq41-s7a6
19
vulnerability VCID-c3m7-fu62-2qd9
20
vulnerability VCID-c58g-7jpv-t7hc
21
vulnerability VCID-drwp-htkk-bkfh
22
vulnerability VCID-e12b-tw2c-53c9
23
vulnerability VCID-e8j6-mybr-17fh
24
vulnerability VCID-f1br-hvnm-wfdg
25
vulnerability VCID-f4a7-tcz5-byfj
26
vulnerability VCID-fcg9-xypn-ykhf
27
vulnerability VCID-fhp8-tck4-mye4
28
vulnerability VCID-fksk-pr23-2yd8
29
vulnerability VCID-fsaw-3ta1-x3dw
30
vulnerability VCID-g44a-m54u-97cr
31
vulnerability VCID-gfar-wbzc-3ubr
32
vulnerability VCID-hh9b-52xn-z7a9
33
vulnerability VCID-hpj4-a9fa-4bca
34
vulnerability VCID-j81e-su1y-tqa6
35
vulnerability VCID-jgv9-vdbm-sycd
36
vulnerability VCID-jybd-p65h-xffy
37
vulnerability VCID-kbab-v2gz-dfe6
38
vulnerability VCID-m1dr-sjmw-jfd2
39
vulnerability VCID-m33h-4p9q-63fb
40
vulnerability VCID-m4wa-xv9b-q7ce
41
vulnerability VCID-n2v7-jqjy-37bc
42
vulnerability VCID-n9vn-4uxr-hkau
43
vulnerability VCID-na9w-xkvx-cbhd
44
vulnerability VCID-nss9-1yrb-x7f2
45
vulnerability VCID-pa7y-gpwp-6qgj
46
vulnerability VCID-pgtx-cdua-kfb4
47
vulnerability VCID-q8r2-m9s6-rbek
48
vulnerability VCID-qgp1-4efd-6yg6
49
vulnerability VCID-qvfs-2v1h-p3h4
50
vulnerability VCID-qy1a-x3ff-4bc8
51
vulnerability VCID-s1rj-1xbw-fbg5
52
vulnerability VCID-shch-yusm-1uck
53
vulnerability VCID-shjc-2j68-2yfy
54
vulnerability VCID-t952-ghnf-jkby
55
vulnerability VCID-u9q1-63gf-7feh
56
vulnerability VCID-ud73-4t2c-n3at
57
vulnerability VCID-vdpf-jddk-syda
58
vulnerability VCID-vgq9-s6th-yufg
59
vulnerability VCID-wa3g-27sx-mbcw
60
vulnerability VCID-wch3-d92x-sudf
61
vulnerability VCID-whgc-pt2s-77ar
62
vulnerability VCID-wnxx-rc7w-cke4
63
vulnerability VCID-x61x-6b6k-h3bn
64
vulnerability VCID-xcmd-18ck-gqae
65
vulnerability VCID-ynt9-h6ww-h7e9
66
vulnerability VCID-yreb-z7nz-jkbs
67
vulnerability VCID-yuda-1mur-8bbq
68
vulnerability VCID-z4x1-e7tp-rqhz
69
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4cp2-k4mn-8ffj
3
vulnerability VCID-4kcg-gx5y-cuaw
4
vulnerability VCID-4tyd-97z5-z3ar
5
vulnerability VCID-4z4e-8ttu-tyd6
6
vulnerability VCID-51tx-4tp9-kbcz
7
vulnerability VCID-5q58-pzt4-8uey
8
vulnerability VCID-5xtt-au84-zbb2
9
vulnerability VCID-6jpg-yrf8-cufy
10
vulnerability VCID-9end-mq19-rke5
11
vulnerability VCID-9kvc-1bdz-n3bd
12
vulnerability VCID-9mpt-zxaw-kkeg
13
vulnerability VCID-attf-6gj8-ebaj
14
vulnerability VCID-au8h-vj9k-pufv
15
vulnerability VCID-bb8b-hq41-s7a6
16
vulnerability VCID-c3m7-fu62-2qd9
17
vulnerability VCID-drwp-htkk-bkfh
18
vulnerability VCID-e12b-tw2c-53c9
19
vulnerability VCID-e8j6-mybr-17fh
20
vulnerability VCID-f4a7-tcz5-byfj
21
vulnerability VCID-fcg9-xypn-ykhf
22
vulnerability VCID-fhp8-tck4-mye4
23
vulnerability VCID-fksk-pr23-2yd8
24
vulnerability VCID-fsaw-3ta1-x3dw
25
vulnerability VCID-g44a-m54u-97cr
26
vulnerability VCID-gfar-wbzc-3ubr
27
vulnerability VCID-hh9b-52xn-z7a9
28
vulnerability VCID-j81e-su1y-tqa6
29
vulnerability VCID-jgv9-vdbm-sycd
30
vulnerability VCID-jybd-p65h-xffy
31
vulnerability VCID-m1dr-sjmw-jfd2
32
vulnerability VCID-m33h-4p9q-63fb
33
vulnerability VCID-m4wa-xv9b-q7ce
34
vulnerability VCID-n2v7-jqjy-37bc
35
vulnerability VCID-n9vn-4uxr-hkau
36
vulnerability VCID-na9w-xkvx-cbhd
37
vulnerability VCID-nss9-1yrb-x7f2
38
vulnerability VCID-pa7y-gpwp-6qgj
39
vulnerability VCID-pgtx-cdua-kfb4
40
vulnerability VCID-q8r2-m9s6-rbek
41
vulnerability VCID-qgp1-4efd-6yg6
42
vulnerability VCID-qvfs-2v1h-p3h4
43
vulnerability VCID-qy1a-x3ff-4bc8
44
vulnerability VCID-s1rj-1xbw-fbg5
45
vulnerability VCID-shch-yusm-1uck
46
vulnerability VCID-shjc-2j68-2yfy
47
vulnerability VCID-u9q1-63gf-7feh
48
vulnerability VCID-ud73-4t2c-n3at
49
vulnerability VCID-vdpf-jddk-syda
50
vulnerability VCID-vgq9-s6th-yufg
51
vulnerability VCID-wa3g-27sx-mbcw
52
vulnerability VCID-whgc-pt2s-77ar
53
vulnerability VCID-wnxx-rc7w-cke4
54
vulnerability VCID-xcmd-18ck-gqae
55
vulnerability VCID-ynt9-h6ww-h7e9
56
vulnerability VCID-yreb-z7nz-jkbs
57
vulnerability VCID-yuda-1mur-8bbq
58
vulnerability VCID-z4x1-e7tp-rqhz
59
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
2
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-55xg-pw9n-zkdy
3
vulnerability VCID-9gq3-whr8-s7b8
4
vulnerability VCID-abpe-htm1-9ubp
5
vulnerability VCID-eqsc-axng-ckca
6
vulnerability VCID-fsz5-dkw2-hyap
7
vulnerability VCID-fxuu-kk52-r7ch
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-kxdd-yzp3-r7cb
11
vulnerability VCID-m4am-h2ea-3ffr
12
vulnerability VCID-phkp-9abp-f3dq
13
vulnerability VCID-rqqc-ta7c-ykgx
14
vulnerability VCID-tktt-vg92-6kae
15
vulnerability VCID-tuqc-c251-h7ds
16
vulnerability VCID-w777-44ns-cybg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
aliases BIT-django-2023-43665, CVE-2023-43665, GHSA-h8gc-pgj2-vjm3, PYSEC-2023-226
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m33h-4p9q-63fb
22
url VCID-n2v7-jqjy-37bc
vulnerability_id VCID-n2v7-jqjy-37bc
summary 
Django vulnerable to partial directory traversal via archives
An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. The django.utils.archive.extract() function, used by the "startapp --template" and "startproject --template" commands, allows partial directory traversal via an archive with file paths sharing a common prefix with the target directory.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59682.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59682.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-59682
reference_id
reference_type
scores
0
value 0.00018
scoring_system epss
scoring_elements 0.04748
published_at 2026-06-05T12:55:00Z
1
value 0.00019
scoring_system epss
scoring_elements 0.05415
published_at 2026-06-09T12:55:00Z
2
value 0.00019
scoring_system epss
scoring_elements 0.05411
published_at 2026-06-07T12:55:00Z
3
value 0.00019
scoring_system epss
scoring_elements 0.05371
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-59682
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
26
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
27
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
28
reference_url https://github.com/django/django/commit/43d84aef04a9e71164c21a74885996981857e66e
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/43d84aef04a9e71164c21a74885996981857e66e
29
reference_url https://github.com/django/django/commit/924a0c092e65fa2d0953fd1855d2dc8786d94de2
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/924a0c092e65fa2d0953fd1855d2dc8786d94de2
30
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T19:10:29Z/
url https://groups.google.com/g/django-announce
31
reference_url https://www.djangoproject.com/weblog/2025/oct/01/security-releases
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2025/oct/01/security-releases
32
reference_url http://www.openwall.com/lists/oss-security/2025/10/01/3
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/10/01/3
33
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116979
reference_id 1116979
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116979
34
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2400450
reference_id 2400450
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2400450
35
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-59682
reference_id CVE-2025-59682
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-59682
36
reference_url https://github.com/advisories/GHSA-q95w-c7qg-hrff
reference_id GHSA-q95w-c7qg-hrff
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q95w-c7qg-hrff
37
reference_url https://access.redhat.com/errata/RHSA-2025:18979
reference_id RHSA-2025:18979
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:18979
38
reference_url https://access.redhat.com/errata/RHSA-2025:18984
reference_id RHSA-2025:18984
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:18984
39
reference_url https://access.redhat.com/errata/RHSA-2025:19201
reference_id RHSA-2025:19201
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19201
40
reference_url https://access.redhat.com/errata/RHSA-2025:19221
reference_id RHSA-2025:19221
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19221
41
reference_url https://access.redhat.com/errata/RHSA-2025:23196
reference_id RHSA-2025:23196
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23196
42
reference_url https://access.redhat.com/errata/RHSA-2026:0414
reference_id RHSA-2026:0414
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0414
43
reference_url https://usn.ubuntu.com/7794-1/
reference_id USN-7794-1
reference_type
scores
url https://usn.ubuntu.com/7794-1/
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-322v-ntsv-7uge
3
vulnerability VCID-3mfy-uj9u-d7de
4
vulnerability VCID-4cp2-k4mn-8ffj
5
vulnerability VCID-4kcg-gx5y-cuaw
6
vulnerability VCID-4tyd-97z5-z3ar
7
vulnerability VCID-4z4e-8ttu-tyd6
8
vulnerability VCID-51tx-4tp9-kbcz
9
vulnerability VCID-5q58-pzt4-8uey
10
vulnerability VCID-5xtt-au84-zbb2
11
vulnerability VCID-6jpg-yrf8-cufy
12
vulnerability VCID-7c5n-nzwk-v7bz
13
vulnerability VCID-9end-mq19-rke5
14
vulnerability VCID-9kvc-1bdz-n3bd
15
vulnerability VCID-9mpt-zxaw-kkeg
16
vulnerability VCID-attf-6gj8-ebaj
17
vulnerability VCID-au8h-vj9k-pufv
18
vulnerability VCID-bb8b-hq41-s7a6
19
vulnerability VCID-c3m7-fu62-2qd9
20
vulnerability VCID-c58g-7jpv-t7hc
21
vulnerability VCID-drwp-htkk-bkfh
22
vulnerability VCID-e12b-tw2c-53c9
23
vulnerability VCID-e8j6-mybr-17fh
24
vulnerability VCID-f1br-hvnm-wfdg
25
vulnerability VCID-f4a7-tcz5-byfj
26
vulnerability VCID-fcg9-xypn-ykhf
27
vulnerability VCID-fhp8-tck4-mye4
28
vulnerability VCID-fksk-pr23-2yd8
29
vulnerability VCID-fsaw-3ta1-x3dw
30
vulnerability VCID-g44a-m54u-97cr
31
vulnerability VCID-gfar-wbzc-3ubr
32
vulnerability VCID-hh9b-52xn-z7a9
33
vulnerability VCID-hpj4-a9fa-4bca
34
vulnerability VCID-j81e-su1y-tqa6
35
vulnerability VCID-jgv9-vdbm-sycd
36
vulnerability VCID-jybd-p65h-xffy
37
vulnerability VCID-kbab-v2gz-dfe6
38
vulnerability VCID-m1dr-sjmw-jfd2
39
vulnerability VCID-m33h-4p9q-63fb
40
vulnerability VCID-m4wa-xv9b-q7ce
41
vulnerability VCID-n2v7-jqjy-37bc
42
vulnerability VCID-n9vn-4uxr-hkau
43
vulnerability VCID-na9w-xkvx-cbhd
44
vulnerability VCID-nss9-1yrb-x7f2
45
vulnerability VCID-pa7y-gpwp-6qgj
46
vulnerability VCID-pgtx-cdua-kfb4
47
vulnerability VCID-q8r2-m9s6-rbek
48
vulnerability VCID-qgp1-4efd-6yg6
49
vulnerability VCID-qvfs-2v1h-p3h4
50
vulnerability VCID-qy1a-x3ff-4bc8
51
vulnerability VCID-s1rj-1xbw-fbg5
52
vulnerability VCID-shch-yusm-1uck
53
vulnerability VCID-shjc-2j68-2yfy
54
vulnerability VCID-t952-ghnf-jkby
55
vulnerability VCID-u9q1-63gf-7feh
56
vulnerability VCID-ud73-4t2c-n3at
57
vulnerability VCID-vdpf-jddk-syda
58
vulnerability VCID-vgq9-s6th-yufg
59
vulnerability VCID-wa3g-27sx-mbcw
60
vulnerability VCID-wch3-d92x-sudf
61
vulnerability VCID-whgc-pt2s-77ar
62
vulnerability VCID-wnxx-rc7w-cke4
63
vulnerability VCID-x61x-6b6k-h3bn
64
vulnerability VCID-xcmd-18ck-gqae
65
vulnerability VCID-ynt9-h6ww-h7e9
66
vulnerability VCID-yreb-z7nz-jkbs
67
vulnerability VCID-yuda-1mur-8bbq
68
vulnerability VCID-z4x1-e7tp-rqhz
69
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4cp2-k4mn-8ffj
3
vulnerability VCID-4kcg-gx5y-cuaw
4
vulnerability VCID-4tyd-97z5-z3ar
5
vulnerability VCID-4z4e-8ttu-tyd6
6
vulnerability VCID-51tx-4tp9-kbcz
7
vulnerability VCID-5q58-pzt4-8uey
8
vulnerability VCID-5xtt-au84-zbb2
9
vulnerability VCID-6jpg-yrf8-cufy
10
vulnerability VCID-9end-mq19-rke5
11
vulnerability VCID-9kvc-1bdz-n3bd
12
vulnerability VCID-9mpt-zxaw-kkeg
13
vulnerability VCID-attf-6gj8-ebaj
14
vulnerability VCID-au8h-vj9k-pufv
15
vulnerability VCID-bb8b-hq41-s7a6
16
vulnerability VCID-c3m7-fu62-2qd9
17
vulnerability VCID-drwp-htkk-bkfh
18
vulnerability VCID-e12b-tw2c-53c9
19
vulnerability VCID-e8j6-mybr-17fh
20
vulnerability VCID-f4a7-tcz5-byfj
21
vulnerability VCID-fcg9-xypn-ykhf
22
vulnerability VCID-fhp8-tck4-mye4
23
vulnerability VCID-fksk-pr23-2yd8
24
vulnerability VCID-fsaw-3ta1-x3dw
25
vulnerability VCID-g44a-m54u-97cr
26
vulnerability VCID-gfar-wbzc-3ubr
27
vulnerability VCID-hh9b-52xn-z7a9
28
vulnerability VCID-j81e-su1y-tqa6
29
vulnerability VCID-jgv9-vdbm-sycd
30
vulnerability VCID-jybd-p65h-xffy
31
vulnerability VCID-m1dr-sjmw-jfd2
32
vulnerability VCID-m33h-4p9q-63fb
33
vulnerability VCID-m4wa-xv9b-q7ce
34
vulnerability VCID-n2v7-jqjy-37bc
35
vulnerability VCID-n9vn-4uxr-hkau
36
vulnerability VCID-na9w-xkvx-cbhd
37
vulnerability VCID-nss9-1yrb-x7f2
38
vulnerability VCID-pa7y-gpwp-6qgj
39
vulnerability VCID-pgtx-cdua-kfb4
40
vulnerability VCID-q8r2-m9s6-rbek
41
vulnerability VCID-qgp1-4efd-6yg6
42
vulnerability VCID-qvfs-2v1h-p3h4
43
vulnerability VCID-qy1a-x3ff-4bc8
44
vulnerability VCID-s1rj-1xbw-fbg5
45
vulnerability VCID-shch-yusm-1uck
46
vulnerability VCID-shjc-2j68-2yfy
47
vulnerability VCID-u9q1-63gf-7feh
48
vulnerability VCID-ud73-4t2c-n3at
49
vulnerability VCID-vdpf-jddk-syda
50
vulnerability VCID-vgq9-s6th-yufg
51
vulnerability VCID-wa3g-27sx-mbcw
52
vulnerability VCID-whgc-pt2s-77ar
53
vulnerability VCID-wnxx-rc7w-cke4
54
vulnerability VCID-xcmd-18ck-gqae
55
vulnerability VCID-ynt9-h6ww-h7e9
56
vulnerability VCID-yreb-z7nz-jkbs
57
vulnerability VCID-yuda-1mur-8bbq
58
vulnerability VCID-z4x1-e7tp-rqhz
59
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
2
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-55xg-pw9n-zkdy
3
vulnerability VCID-9gq3-whr8-s7b8
4
vulnerability VCID-abpe-htm1-9ubp
5
vulnerability VCID-eqsc-axng-ckca
6
vulnerability VCID-fsz5-dkw2-hyap
7
vulnerability VCID-fxuu-kk52-r7ch
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-kxdd-yzp3-r7cb
11
vulnerability VCID-m4am-h2ea-3ffr
12
vulnerability VCID-phkp-9abp-f3dq
13
vulnerability VCID-rqqc-ta7c-ykgx
14
vulnerability VCID-tktt-vg92-6kae
15
vulnerability VCID-tuqc-c251-h7ds
16
vulnerability VCID-w777-44ns-cybg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
aliases CVE-2025-59682, GHSA-q95w-c7qg-hrff
risk_score 4.0
exploitability 0.5
weighted_severity 7.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n2v7-jqjy-37bc
23
url VCID-na9w-xkvx-cbhd
vulnerability_id VCID-na9w-xkvx-cbhd
summary An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13254.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13254.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13254
reference_id
reference_type
scores
0
value 0.04713
scoring_system epss
scoring_elements 0.89562
published_at 2026-06-04T12:55:00Z
1
value 0.04713
scoring_system epss
scoring_elements 0.89595
published_at 2026-06-09T12:55:00Z
2
value 0.04713
scoring_system epss
scoring_elements 0.89576
published_at 2026-06-07T12:55:00Z
3
value 0.04713
scoring_system epss
scoring_elements 0.89578
published_at 2026-06-08T12:55:00Z
4
value 0.04713
scoring_system epss
scoring_elements 0.89579
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13254
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13254
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13254
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13596
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13596
4
reference_url https://docs.djangoproject.com/en/3.0/releases/security
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/3.0/releases/security
5
reference_url https://docs.djangoproject.com/en/3.0/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/3.0/releases/security/
6
reference_url https://github.com/advisories/GHSA-wpjr-j57x-wxfw
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-wpjr-j57x-wxfw
7
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
8
reference_url https://github.com/django/django/commit/07e59caa02831c4569bbebb9eb773bdd9cb4b206
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/07e59caa02831c4569bbebb9eb773bdd9cb4b206
9
reference_url https://github.com/django/django/commit/84b2da5552e100ae3294f564f6c862fef8d0e693
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/84b2da5552e100ae3294f564f6c862fef8d0e693
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-31.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-31.yaml
11
reference_url https://groups.google.com/d/msg/django-announce/pPEmb2ot4Fo/X-SMalYSBAAJ
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/d/msg/django-announce/pPEmb2ot4Fo/X-SMalYSBAAJ
12
reference_url https://lists.debian.org/debian-lts-announce/2020/06/msg00016.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/06/msg00016.html
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/
15
reference_url https://security.netapp.com/advisory/ntap-20200611-0002
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200611-0002
16
reference_url https://security.netapp.com/advisory/ntap-20200611-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20200611-0002/
17
reference_url https://usn.ubuntu.com/4381-1
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4381-1
18
reference_url https://usn.ubuntu.com/4381-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4381-1/
19
reference_url https://usn.ubuntu.com/4381-2
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4381-2
20
reference_url https://usn.ubuntu.com/4381-2/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4381-2/
21
reference_url https://www.debian.org/security/2020/dsa-4705
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2020/dsa-4705
22
reference_url https://www.djangoproject.com/weblog/2020/jun/03/security-releases
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2020/jun/03/security-releases
23
reference_url https://www.djangoproject.com/weblog/2020/jun/03/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2020/jun/03/security-releases/
24
reference_url https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2021.html
25
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1843614
reference_id 1843614
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1843614
26
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962323
reference_id 962323
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962323
27
reference_url https://security.archlinux.org/ASA-202006-8
reference_id ASA-202006-8
reference_type
scores
url https://security.archlinux.org/ASA-202006-8
28
reference_url https://security.archlinux.org/AVG-1176
reference_id AVG-1176
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1176
29
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13254
reference_id CVE-2020-13254
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13254
30
reference_url https://access.redhat.com/errata/RHSA-2021:0915
reference_id RHSA-2021:0915
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0915
31
reference_url https://access.redhat.com/errata/RHSA-2021:0933
reference_id RHSA-2021:0933
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0933
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-322v-ntsv-7uge
3
vulnerability VCID-3mfy-uj9u-d7de
4
vulnerability VCID-4cp2-k4mn-8ffj
5
vulnerability VCID-4kcg-gx5y-cuaw
6
vulnerability VCID-4tyd-97z5-z3ar
7
vulnerability VCID-4z4e-8ttu-tyd6
8
vulnerability VCID-51tx-4tp9-kbcz
9
vulnerability VCID-5q58-pzt4-8uey
10
vulnerability VCID-5xtt-au84-zbb2
11
vulnerability VCID-6jpg-yrf8-cufy
12
vulnerability VCID-7c5n-nzwk-v7bz
13
vulnerability VCID-9end-mq19-rke5
14
vulnerability VCID-9kvc-1bdz-n3bd
15
vulnerability VCID-9mpt-zxaw-kkeg
16
vulnerability VCID-attf-6gj8-ebaj
17
vulnerability VCID-au8h-vj9k-pufv
18
vulnerability VCID-bb8b-hq41-s7a6
19
vulnerability VCID-c3m7-fu62-2qd9
20
vulnerability VCID-c58g-7jpv-t7hc
21
vulnerability VCID-drwp-htkk-bkfh
22
vulnerability VCID-e12b-tw2c-53c9
23
vulnerability VCID-e8j6-mybr-17fh
24
vulnerability VCID-f1br-hvnm-wfdg
25
vulnerability VCID-f4a7-tcz5-byfj
26
vulnerability VCID-fcg9-xypn-ykhf
27
vulnerability VCID-fhp8-tck4-mye4
28
vulnerability VCID-fksk-pr23-2yd8
29
vulnerability VCID-fsaw-3ta1-x3dw
30
vulnerability VCID-g44a-m54u-97cr
31
vulnerability VCID-gfar-wbzc-3ubr
32
vulnerability VCID-hh9b-52xn-z7a9
33
vulnerability VCID-hpj4-a9fa-4bca
34
vulnerability VCID-j81e-su1y-tqa6
35
vulnerability VCID-jgv9-vdbm-sycd
36
vulnerability VCID-jybd-p65h-xffy
37
vulnerability VCID-kbab-v2gz-dfe6
38
vulnerability VCID-m1dr-sjmw-jfd2
39
vulnerability VCID-m33h-4p9q-63fb
40
vulnerability VCID-m4wa-xv9b-q7ce
41
vulnerability VCID-n2v7-jqjy-37bc
42
vulnerability VCID-n9vn-4uxr-hkau
43
vulnerability VCID-na9w-xkvx-cbhd
44
vulnerability VCID-nss9-1yrb-x7f2
45
vulnerability VCID-pa7y-gpwp-6qgj
46
vulnerability VCID-pgtx-cdua-kfb4
47
vulnerability VCID-q8r2-m9s6-rbek
48
vulnerability VCID-qgp1-4efd-6yg6
49
vulnerability VCID-qvfs-2v1h-p3h4
50
vulnerability VCID-qy1a-x3ff-4bc8
51
vulnerability VCID-s1rj-1xbw-fbg5
52
vulnerability VCID-shch-yusm-1uck
53
vulnerability VCID-shjc-2j68-2yfy
54
vulnerability VCID-t952-ghnf-jkby
55
vulnerability VCID-u9q1-63gf-7feh
56
vulnerability VCID-ud73-4t2c-n3at
57
vulnerability VCID-vdpf-jddk-syda
58
vulnerability VCID-vgq9-s6th-yufg
59
vulnerability VCID-wa3g-27sx-mbcw
60
vulnerability VCID-wch3-d92x-sudf
61
vulnerability VCID-whgc-pt2s-77ar
62
vulnerability VCID-wnxx-rc7w-cke4
63
vulnerability VCID-x61x-6b6k-h3bn
64
vulnerability VCID-xcmd-18ck-gqae
65
vulnerability VCID-ynt9-h6ww-h7e9
66
vulnerability VCID-yreb-z7nz-jkbs
67
vulnerability VCID-yuda-1mur-8bbq
68
vulnerability VCID-z4x1-e7tp-rqhz
69
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4cp2-k4mn-8ffj
3
vulnerability VCID-4kcg-gx5y-cuaw
4
vulnerability VCID-4tyd-97z5-z3ar
5
vulnerability VCID-4z4e-8ttu-tyd6
6
vulnerability VCID-51tx-4tp9-kbcz
7
vulnerability VCID-5q58-pzt4-8uey
8
vulnerability VCID-5xtt-au84-zbb2
9
vulnerability VCID-6jpg-yrf8-cufy
10
vulnerability VCID-9end-mq19-rke5
11
vulnerability VCID-9kvc-1bdz-n3bd
12
vulnerability VCID-9mpt-zxaw-kkeg
13
vulnerability VCID-attf-6gj8-ebaj
14
vulnerability VCID-au8h-vj9k-pufv
15
vulnerability VCID-bb8b-hq41-s7a6
16
vulnerability VCID-c3m7-fu62-2qd9
17
vulnerability VCID-drwp-htkk-bkfh
18
vulnerability VCID-e12b-tw2c-53c9
19
vulnerability VCID-e8j6-mybr-17fh
20
vulnerability VCID-f4a7-tcz5-byfj
21
vulnerability VCID-fcg9-xypn-ykhf
22
vulnerability VCID-fhp8-tck4-mye4
23
vulnerability VCID-fksk-pr23-2yd8
24
vulnerability VCID-fsaw-3ta1-x3dw
25
vulnerability VCID-g44a-m54u-97cr
26
vulnerability VCID-gfar-wbzc-3ubr
27
vulnerability VCID-hh9b-52xn-z7a9
28
vulnerability VCID-j81e-su1y-tqa6
29
vulnerability VCID-jgv9-vdbm-sycd
30
vulnerability VCID-jybd-p65h-xffy
31
vulnerability VCID-m1dr-sjmw-jfd2
32
vulnerability VCID-m33h-4p9q-63fb
33
vulnerability VCID-m4wa-xv9b-q7ce
34
vulnerability VCID-n2v7-jqjy-37bc
35
vulnerability VCID-n9vn-4uxr-hkau
36
vulnerability VCID-na9w-xkvx-cbhd
37
vulnerability VCID-nss9-1yrb-x7f2
38
vulnerability VCID-pa7y-gpwp-6qgj
39
vulnerability VCID-pgtx-cdua-kfb4
40
vulnerability VCID-q8r2-m9s6-rbek
41
vulnerability VCID-qgp1-4efd-6yg6
42
vulnerability VCID-qvfs-2v1h-p3h4
43
vulnerability VCID-qy1a-x3ff-4bc8
44
vulnerability VCID-s1rj-1xbw-fbg5
45
vulnerability VCID-shch-yusm-1uck
46
vulnerability VCID-shjc-2j68-2yfy
47
vulnerability VCID-u9q1-63gf-7feh
48
vulnerability VCID-ud73-4t2c-n3at
49
vulnerability VCID-vdpf-jddk-syda
50
vulnerability VCID-vgq9-s6th-yufg
51
vulnerability VCID-wa3g-27sx-mbcw
52
vulnerability VCID-whgc-pt2s-77ar
53
vulnerability VCID-wnxx-rc7w-cke4
54
vulnerability VCID-xcmd-18ck-gqae
55
vulnerability VCID-ynt9-h6ww-h7e9
56
vulnerability VCID-yreb-z7nz-jkbs
57
vulnerability VCID-yuda-1mur-8bbq
58
vulnerability VCID-z4x1-e7tp-rqhz
59
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
2
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-4kcg-gx5y-cuaw
3
vulnerability VCID-4tyd-97z5-z3ar
4
vulnerability VCID-55xg-pw9n-zkdy
5
vulnerability VCID-5xtt-au84-zbb2
6
vulnerability VCID-9gq3-whr8-s7b8
7
vulnerability VCID-9kvc-1bdz-n3bd
8
vulnerability VCID-abpe-htm1-9ubp
9
vulnerability VCID-bb8b-hq41-s7a6
10
vulnerability VCID-e12b-tw2c-53c9
11
vulnerability VCID-e8j6-mybr-17fh
12
vulnerability VCID-eqsc-axng-ckca
13
vulnerability VCID-fcg9-xypn-ykhf
14
vulnerability VCID-fsaw-3ta1-x3dw
15
vulnerability VCID-fsz5-dkw2-hyap
16
vulnerability VCID-fxuu-kk52-r7ch
17
vulnerability VCID-ga7z-wj4j-63h1
18
vulnerability VCID-hsjn-xnpp-5yeh
19
vulnerability VCID-jgv9-vdbm-sycd
20
vulnerability VCID-jybd-p65h-xffy
21
vulnerability VCID-kxdd-yzp3-r7cb
22
vulnerability VCID-m33h-4p9q-63fb
23
vulnerability VCID-m4am-h2ea-3ffr
24
vulnerability VCID-n2v7-jqjy-37bc
25
vulnerability VCID-pa7y-gpwp-6qgj
26
vulnerability VCID-phkp-9abp-f3dq
27
vulnerability VCID-qgp1-4efd-6yg6
28
vulnerability VCID-qy1a-x3ff-4bc8
29
vulnerability VCID-rqqc-ta7c-ykgx
30
vulnerability VCID-s1rj-1xbw-fbg5
31
vulnerability VCID-shch-yusm-1uck
32
vulnerability VCID-shjc-2j68-2yfy
33
vulnerability VCID-tktt-vg92-6kae
34
vulnerability VCID-tuqc-c251-h7ds
35
vulnerability VCID-ud73-4t2c-n3at
36
vulnerability VCID-vgq9-s6th-yufg
37
vulnerability VCID-w777-44ns-cybg
38
vulnerability VCID-wa3g-27sx-mbcw
39
vulnerability VCID-whgc-pt2s-77ar
40
vulnerability VCID-xcmd-18ck-gqae
41
vulnerability VCID-ynt9-h6ww-h7e9
42
vulnerability VCID-yuda-1mur-8bbq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
aliases BIT-django-2020-13254, CVE-2020-13254, GHSA-wpjr-j57x-wxfw, PYSEC-2020-31
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-na9w-xkvx-cbhd
24
url VCID-pa7y-gpwp-6qgj
vulnerability_id VCID-pa7y-gpwp-6qgj
summary An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (The django.db.models.GenericIPAddressField model field is not affected.)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56374.json
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56374.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-56374
reference_id
reference_type
scores
0
value 0.00084
scoring_system epss
scoring_elements 0.24549
published_at 2026-06-09T12:55:00Z
1
value 0.00084
scoring_system epss
scoring_elements 0.24539
published_at 2026-06-08T12:55:00Z
2
value 0.00084
scoring_system epss
scoring_elements 0.24664
published_at 2026-06-05T12:55:00Z
3
value 0.00084
scoring_system epss
scoring_elements 0.24598
published_at 2026-06-07T12:55:00Z
4
value 0.00084
scoring_system epss
scoring_elements 0.24654
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-56374
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
26
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T19:40:35Z/
url https://docs.djangoproject.com/en/dev/releases/security/
27
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
28
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
29
reference_url https://github.com/django/django/commit/4806731e58f3e8700a3c802e77899d54ac6021fe
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/4806731e58f3e8700a3c802e77899d54ac6021fe
30
reference_url https://github.com/django/django/commit/ad866a1ca3e7d60da888d25d27e46a8adb2ed36e
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/ad866a1ca3e7d60da888d25d27e46a8adb2ed36e
31
reference_url https://github.com/django/django/commit/ca2be7724e1244a4cb723de40a070f873c6e94bf
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/ca2be7724e1244a4cb723de40a070f873c6e94bf
32
reference_url https://github.com/django/django/commit/e8d4a2005955dcf962193600b53bf461b190b455
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/e8d4a2005955dcf962193600b53bf461b190b455
33
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-1.yaml
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-1.yaml
34
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T19:40:35Z/
url https://groups.google.com/g/django-announce
35
reference_url https://lists.debian.org/debian-lts-announce/2025/01/msg00024.html
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/01/msg00024.html
36
reference_url https://www.djangoproject.com/weblog/2025/jan/14/security-releases
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2025/jan/14/security-releases
37
reference_url https://www.djangoproject.com/weblog/2025/jan/14/security-releases/
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T19:40:35Z/
url https://www.djangoproject.com/weblog/2025/jan/14/security-releases/
38
reference_url http://www.openwall.com/lists/oss-security/2025/01/14/2
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/01/14/2
39
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093049
reference_id 1093049
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093049
40
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2337996
reference_id 2337996
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2337996
41
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-56374
reference_id CVE-2024-56374
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-56374
42
reference_url https://github.com/advisories/GHSA-qcgg-j2x8-h9g8
reference_id GHSA-qcgg-j2x8-h9g8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qcgg-j2x8-h9g8
43
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
44
reference_url https://access.redhat.com/errata/RHSA-2025:0722
reference_id RHSA-2025:0722
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0722
45
reference_url https://access.redhat.com/errata/RHSA-2025:0777
reference_id RHSA-2025:0777
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0777
46
reference_url https://access.redhat.com/errata/RHSA-2025:0782
reference_id RHSA-2025:0782
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0782
47
reference_url https://access.redhat.com/errata/RHSA-2025:2399
reference_id RHSA-2025:2399
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2399
48
reference_url https://access.redhat.com/errata/RHSA-2025:4576
reference_id RHSA-2025:4576
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4576
49
reference_url https://usn.ubuntu.com/7205-1/
reference_id USN-7205-1
reference_type
scores
url https://usn.ubuntu.com/7205-1/
50
reference_url https://usn.ubuntu.com/7205-2/
reference_id USN-7205-2
reference_type
scores
url https://usn.ubuntu.com/7205-2/
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-322v-ntsv-7uge
3
vulnerability VCID-3mfy-uj9u-d7de
4
vulnerability VCID-4cp2-k4mn-8ffj
5
vulnerability VCID-4kcg-gx5y-cuaw
6
vulnerability VCID-4tyd-97z5-z3ar
7
vulnerability VCID-4z4e-8ttu-tyd6
8
vulnerability VCID-51tx-4tp9-kbcz
9
vulnerability VCID-5q58-pzt4-8uey
10
vulnerability VCID-5xtt-au84-zbb2
11
vulnerability VCID-6jpg-yrf8-cufy
12
vulnerability VCID-7c5n-nzwk-v7bz
13
vulnerability VCID-9end-mq19-rke5
14
vulnerability VCID-9kvc-1bdz-n3bd
15
vulnerability VCID-9mpt-zxaw-kkeg
16
vulnerability VCID-attf-6gj8-ebaj
17
vulnerability VCID-au8h-vj9k-pufv
18
vulnerability VCID-bb8b-hq41-s7a6
19
vulnerability VCID-c3m7-fu62-2qd9
20
vulnerability VCID-c58g-7jpv-t7hc
21
vulnerability VCID-drwp-htkk-bkfh
22
vulnerability VCID-e12b-tw2c-53c9
23
vulnerability VCID-e8j6-mybr-17fh
24
vulnerability VCID-f1br-hvnm-wfdg
25
vulnerability VCID-f4a7-tcz5-byfj
26
vulnerability VCID-fcg9-xypn-ykhf
27
vulnerability VCID-fhp8-tck4-mye4
28
vulnerability VCID-fksk-pr23-2yd8
29
vulnerability VCID-fsaw-3ta1-x3dw
30
vulnerability VCID-g44a-m54u-97cr
31
vulnerability VCID-gfar-wbzc-3ubr
32
vulnerability VCID-hh9b-52xn-z7a9
33
vulnerability VCID-hpj4-a9fa-4bca
34
vulnerability VCID-j81e-su1y-tqa6
35
vulnerability VCID-jgv9-vdbm-sycd
36
vulnerability VCID-jybd-p65h-xffy
37
vulnerability VCID-kbab-v2gz-dfe6
38
vulnerability VCID-m1dr-sjmw-jfd2
39
vulnerability VCID-m33h-4p9q-63fb
40
vulnerability VCID-m4wa-xv9b-q7ce
41
vulnerability VCID-n2v7-jqjy-37bc
42
vulnerability VCID-n9vn-4uxr-hkau
43
vulnerability VCID-na9w-xkvx-cbhd
44
vulnerability VCID-nss9-1yrb-x7f2
45
vulnerability VCID-pa7y-gpwp-6qgj
46
vulnerability VCID-pgtx-cdua-kfb4
47
vulnerability VCID-q8r2-m9s6-rbek
48
vulnerability VCID-qgp1-4efd-6yg6
49
vulnerability VCID-qvfs-2v1h-p3h4
50
vulnerability VCID-qy1a-x3ff-4bc8
51
vulnerability VCID-s1rj-1xbw-fbg5
52
vulnerability VCID-shch-yusm-1uck
53
vulnerability VCID-shjc-2j68-2yfy
54
vulnerability VCID-t952-ghnf-jkby
55
vulnerability VCID-u9q1-63gf-7feh
56
vulnerability VCID-ud73-4t2c-n3at
57
vulnerability VCID-vdpf-jddk-syda
58
vulnerability VCID-vgq9-s6th-yufg
59
vulnerability VCID-wa3g-27sx-mbcw
60
vulnerability VCID-wch3-d92x-sudf
61
vulnerability VCID-whgc-pt2s-77ar
62
vulnerability VCID-wnxx-rc7w-cke4
63
vulnerability VCID-x61x-6b6k-h3bn
64
vulnerability VCID-xcmd-18ck-gqae
65
vulnerability VCID-ynt9-h6ww-h7e9
66
vulnerability VCID-yreb-z7nz-jkbs
67
vulnerability VCID-yuda-1mur-8bbq
68
vulnerability VCID-z4x1-e7tp-rqhz
69
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4cp2-k4mn-8ffj
3
vulnerability VCID-4kcg-gx5y-cuaw
4
vulnerability VCID-4tyd-97z5-z3ar
5
vulnerability VCID-4z4e-8ttu-tyd6
6
vulnerability VCID-51tx-4tp9-kbcz
7
vulnerability VCID-5q58-pzt4-8uey
8
vulnerability VCID-5xtt-au84-zbb2
9
vulnerability VCID-6jpg-yrf8-cufy
10
vulnerability VCID-9end-mq19-rke5
11
vulnerability VCID-9kvc-1bdz-n3bd
12
vulnerability VCID-9mpt-zxaw-kkeg
13
vulnerability VCID-attf-6gj8-ebaj
14
vulnerability VCID-au8h-vj9k-pufv
15
vulnerability VCID-bb8b-hq41-s7a6
16
vulnerability VCID-c3m7-fu62-2qd9
17
vulnerability VCID-drwp-htkk-bkfh
18
vulnerability VCID-e12b-tw2c-53c9
19
vulnerability VCID-e8j6-mybr-17fh
20
vulnerability VCID-f4a7-tcz5-byfj
21
vulnerability VCID-fcg9-xypn-ykhf
22
vulnerability VCID-fhp8-tck4-mye4
23
vulnerability VCID-fksk-pr23-2yd8
24
vulnerability VCID-fsaw-3ta1-x3dw
25
vulnerability VCID-g44a-m54u-97cr
26
vulnerability VCID-gfar-wbzc-3ubr
27
vulnerability VCID-hh9b-52xn-z7a9
28
vulnerability VCID-j81e-su1y-tqa6
29
vulnerability VCID-jgv9-vdbm-sycd
30
vulnerability VCID-jybd-p65h-xffy
31
vulnerability VCID-m1dr-sjmw-jfd2
32
vulnerability VCID-m33h-4p9q-63fb
33
vulnerability VCID-m4wa-xv9b-q7ce
34
vulnerability VCID-n2v7-jqjy-37bc
35
vulnerability VCID-n9vn-4uxr-hkau
36
vulnerability VCID-na9w-xkvx-cbhd
37
vulnerability VCID-nss9-1yrb-x7f2
38
vulnerability VCID-pa7y-gpwp-6qgj
39
vulnerability VCID-pgtx-cdua-kfb4
40
vulnerability VCID-q8r2-m9s6-rbek
41
vulnerability VCID-qgp1-4efd-6yg6
42
vulnerability VCID-qvfs-2v1h-p3h4
43
vulnerability VCID-qy1a-x3ff-4bc8
44
vulnerability VCID-s1rj-1xbw-fbg5
45
vulnerability VCID-shch-yusm-1uck
46
vulnerability VCID-shjc-2j68-2yfy
47
vulnerability VCID-u9q1-63gf-7feh
48
vulnerability VCID-ud73-4t2c-n3at
49
vulnerability VCID-vdpf-jddk-syda
50
vulnerability VCID-vgq9-s6th-yufg
51
vulnerability VCID-wa3g-27sx-mbcw
52
vulnerability VCID-whgc-pt2s-77ar
53
vulnerability VCID-wnxx-rc7w-cke4
54
vulnerability VCID-xcmd-18ck-gqae
55
vulnerability VCID-ynt9-h6ww-h7e9
56
vulnerability VCID-yreb-z7nz-jkbs
57
vulnerability VCID-yuda-1mur-8bbq
58
vulnerability VCID-z4x1-e7tp-rqhz
59
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
2
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-55xg-pw9n-zkdy
3
vulnerability VCID-9gq3-whr8-s7b8
4
vulnerability VCID-abpe-htm1-9ubp
5
vulnerability VCID-eqsc-axng-ckca
6
vulnerability VCID-fsz5-dkw2-hyap
7
vulnerability VCID-fxuu-kk52-r7ch
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-kxdd-yzp3-r7cb
11
vulnerability VCID-m4am-h2ea-3ffr
12
vulnerability VCID-phkp-9abp-f3dq
13
vulnerability VCID-rqqc-ta7c-ykgx
14
vulnerability VCID-tktt-vg92-6kae
15
vulnerability VCID-tuqc-c251-h7ds
16
vulnerability VCID-w777-44ns-cybg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
aliases BIT-django-2024-56374, CVE-2024-56374, GHSA-qcgg-j2x8-h9g8, PYSEC-2025-1
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pa7y-gpwp-6qgj
25
url VCID-qgp1-4efd-6yg6
vulnerability_id VCID-qgp1-4efd-6yg6
summary In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41164.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41164.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-41164
reference_id
reference_type
scores
0
value 0.00406
scoring_system epss
scoring_elements 0.61451
published_at 2026-06-06T12:55:00Z
1
value 0.00406
scoring_system epss
scoring_elements 0.6144
published_at 2026-06-09T12:55:00Z
2
value 0.00406
scoring_system epss
scoring_elements 0.61444
published_at 2026-06-05T12:55:00Z
3
value 0.00406
scoring_system epss
scoring_elements 0.6142
published_at 2026-06-08T12:55:00Z
4
value 0.00406
scoring_system epss
scoring_elements 0.61437
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-41164
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/4.2/releases/security
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/4.2/releases/security
26
reference_url https://docs.djangoproject.com/en/4.2/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/4.2/releases/security/
27
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
28
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
29
reference_url https://github.com/django/django/commit/6f030b1149bd8fa4ba90452e77cb3edc095ce54e
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/6f030b1149bd8fa4ba90452e77cb3edc095ce54e
30
reference_url https://github.com/django/django/commit/9c51b4dcfa0cefcb48231f4d71cafa80821f87b9
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/9c51b4dcfa0cefcb48231f4d71cafa80821f87b9
31
reference_url https://github.com/django/django/commit/ba00bc5ec6a7eff5e08be438f7b5b0e9574e8ff0
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/ba00bc5ec6a7eff5e08be438f7b5b0e9574e8ff0
32
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-225.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-225.yaml
33
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#%21forum/django-announce
34
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!forum/django-announce
35
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
36
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
37
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU
38
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
39
reference_url https://security.netapp.com/advisory/ntap-20231214-0002
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20231214-0002
40
reference_url https://www.djangoproject.com/weblog/2023/sep/04/security-releases
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2023/sep/04/security-releases
41
reference_url https://www.djangoproject.com/weblog/2023/sep/04/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2023/sep/04/security-releases/
42
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051226
reference_id 1051226
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051226
43
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2237258
reference_id 2237258
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2237258
44
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-41164
reference_id CVE-2023-41164
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-41164
45
reference_url https://github.com/advisories/GHSA-7h4p-27mh-hmrw
reference_id GHSA-7h4p-27mh-hmrw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7h4p-27mh-hmrw
46
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
47
reference_url https://access.redhat.com/errata/RHSA-2023:5208
reference_id RHSA-2023:5208
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5208
48
reference_url https://access.redhat.com/errata/RHSA-2024:1878
reference_id RHSA-2024:1878
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1878
49
reference_url https://usn.ubuntu.com/6378-1/
reference_id USN-6378-1
reference_type
scores
url https://usn.ubuntu.com/6378-1/
50
reference_url https://usn.ubuntu.com/6414-2/
reference_id USN-6414-2
reference_type
scores
url https://usn.ubuntu.com/6414-2/
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-322v-ntsv-7uge
3
vulnerability VCID-3mfy-uj9u-d7de
4
vulnerability VCID-4cp2-k4mn-8ffj
5
vulnerability VCID-4kcg-gx5y-cuaw
6
vulnerability VCID-4tyd-97z5-z3ar
7
vulnerability VCID-4z4e-8ttu-tyd6
8
vulnerability VCID-51tx-4tp9-kbcz
9
vulnerability VCID-5q58-pzt4-8uey
10
vulnerability VCID-5xtt-au84-zbb2
11
vulnerability VCID-6jpg-yrf8-cufy
12
vulnerability VCID-7c5n-nzwk-v7bz
13
vulnerability VCID-9end-mq19-rke5
14
vulnerability VCID-9kvc-1bdz-n3bd
15
vulnerability VCID-9mpt-zxaw-kkeg
16
vulnerability VCID-attf-6gj8-ebaj
17
vulnerability VCID-au8h-vj9k-pufv
18
vulnerability VCID-bb8b-hq41-s7a6
19
vulnerability VCID-c3m7-fu62-2qd9
20
vulnerability VCID-c58g-7jpv-t7hc
21
vulnerability VCID-drwp-htkk-bkfh
22
vulnerability VCID-e12b-tw2c-53c9
23
vulnerability VCID-e8j6-mybr-17fh
24
vulnerability VCID-f1br-hvnm-wfdg
25
vulnerability VCID-f4a7-tcz5-byfj
26
vulnerability VCID-fcg9-xypn-ykhf
27
vulnerability VCID-fhp8-tck4-mye4
28
vulnerability VCID-fksk-pr23-2yd8
29
vulnerability VCID-fsaw-3ta1-x3dw
30
vulnerability VCID-g44a-m54u-97cr
31
vulnerability VCID-gfar-wbzc-3ubr
32
vulnerability VCID-hh9b-52xn-z7a9
33
vulnerability VCID-hpj4-a9fa-4bca
34
vulnerability VCID-j81e-su1y-tqa6
35
vulnerability VCID-jgv9-vdbm-sycd
36
vulnerability VCID-jybd-p65h-xffy
37
vulnerability VCID-kbab-v2gz-dfe6
38
vulnerability VCID-m1dr-sjmw-jfd2
39
vulnerability VCID-m33h-4p9q-63fb
40
vulnerability VCID-m4wa-xv9b-q7ce
41
vulnerability VCID-n2v7-jqjy-37bc
42
vulnerability VCID-n9vn-4uxr-hkau
43
vulnerability VCID-na9w-xkvx-cbhd
44
vulnerability VCID-nss9-1yrb-x7f2
45
vulnerability VCID-pa7y-gpwp-6qgj
46
vulnerability VCID-pgtx-cdua-kfb4
47
vulnerability VCID-q8r2-m9s6-rbek
48
vulnerability VCID-qgp1-4efd-6yg6
49
vulnerability VCID-qvfs-2v1h-p3h4
50
vulnerability VCID-qy1a-x3ff-4bc8
51
vulnerability VCID-s1rj-1xbw-fbg5
52
vulnerability VCID-shch-yusm-1uck
53
vulnerability VCID-shjc-2j68-2yfy
54
vulnerability VCID-t952-ghnf-jkby
55
vulnerability VCID-u9q1-63gf-7feh
56
vulnerability VCID-ud73-4t2c-n3at
57
vulnerability VCID-vdpf-jddk-syda
58
vulnerability VCID-vgq9-s6th-yufg
59
vulnerability VCID-wa3g-27sx-mbcw
60
vulnerability VCID-wch3-d92x-sudf
61
vulnerability VCID-whgc-pt2s-77ar
62
vulnerability VCID-wnxx-rc7w-cke4
63
vulnerability VCID-x61x-6b6k-h3bn
64
vulnerability VCID-xcmd-18ck-gqae
65
vulnerability VCID-ynt9-h6ww-h7e9
66
vulnerability VCID-yreb-z7nz-jkbs
67
vulnerability VCID-yuda-1mur-8bbq
68
vulnerability VCID-z4x1-e7tp-rqhz
69
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4cp2-k4mn-8ffj
3
vulnerability VCID-4kcg-gx5y-cuaw
4
vulnerability VCID-4tyd-97z5-z3ar
5
vulnerability VCID-4z4e-8ttu-tyd6
6
vulnerability VCID-51tx-4tp9-kbcz
7
vulnerability VCID-5q58-pzt4-8uey
8
vulnerability VCID-5xtt-au84-zbb2
9
vulnerability VCID-6jpg-yrf8-cufy
10
vulnerability VCID-9end-mq19-rke5
11
vulnerability VCID-9kvc-1bdz-n3bd
12
vulnerability VCID-9mpt-zxaw-kkeg
13
vulnerability VCID-attf-6gj8-ebaj
14
vulnerability VCID-au8h-vj9k-pufv
15
vulnerability VCID-bb8b-hq41-s7a6
16
vulnerability VCID-c3m7-fu62-2qd9
17
vulnerability VCID-drwp-htkk-bkfh
18
vulnerability VCID-e12b-tw2c-53c9
19
vulnerability VCID-e8j6-mybr-17fh
20
vulnerability VCID-f4a7-tcz5-byfj
21
vulnerability VCID-fcg9-xypn-ykhf
22
vulnerability VCID-fhp8-tck4-mye4
23
vulnerability VCID-fksk-pr23-2yd8
24
vulnerability VCID-fsaw-3ta1-x3dw
25
vulnerability VCID-g44a-m54u-97cr
26
vulnerability VCID-gfar-wbzc-3ubr
27
vulnerability VCID-hh9b-52xn-z7a9
28
vulnerability VCID-j81e-su1y-tqa6
29
vulnerability VCID-jgv9-vdbm-sycd
30
vulnerability VCID-jybd-p65h-xffy
31
vulnerability VCID-m1dr-sjmw-jfd2
32
vulnerability VCID-m33h-4p9q-63fb
33
vulnerability VCID-m4wa-xv9b-q7ce
34
vulnerability VCID-n2v7-jqjy-37bc
35
vulnerability VCID-n9vn-4uxr-hkau
36
vulnerability VCID-na9w-xkvx-cbhd
37
vulnerability VCID-nss9-1yrb-x7f2
38
vulnerability VCID-pa7y-gpwp-6qgj
39
vulnerability VCID-pgtx-cdua-kfb4
40
vulnerability VCID-q8r2-m9s6-rbek
41
vulnerability VCID-qgp1-4efd-6yg6
42
vulnerability VCID-qvfs-2v1h-p3h4
43
vulnerability VCID-qy1a-x3ff-4bc8
44
vulnerability VCID-s1rj-1xbw-fbg5
45
vulnerability VCID-shch-yusm-1uck
46
vulnerability VCID-shjc-2j68-2yfy
47
vulnerability VCID-u9q1-63gf-7feh
48
vulnerability VCID-ud73-4t2c-n3at
49
vulnerability VCID-vdpf-jddk-syda
50
vulnerability VCID-vgq9-s6th-yufg
51
vulnerability VCID-wa3g-27sx-mbcw
52
vulnerability VCID-whgc-pt2s-77ar
53
vulnerability VCID-wnxx-rc7w-cke4
54
vulnerability VCID-xcmd-18ck-gqae
55
vulnerability VCID-ynt9-h6ww-h7e9
56
vulnerability VCID-yreb-z7nz-jkbs
57
vulnerability VCID-yuda-1mur-8bbq
58
vulnerability VCID-z4x1-e7tp-rqhz
59
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
2
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-55xg-pw9n-zkdy
3
vulnerability VCID-9gq3-whr8-s7b8
4
vulnerability VCID-abpe-htm1-9ubp
5
vulnerability VCID-eqsc-axng-ckca
6
vulnerability VCID-fsz5-dkw2-hyap
7
vulnerability VCID-fxuu-kk52-r7ch
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-kxdd-yzp3-r7cb
11
vulnerability VCID-m4am-h2ea-3ffr
12
vulnerability VCID-phkp-9abp-f3dq
13
vulnerability VCID-rqqc-ta7c-ykgx
14
vulnerability VCID-tktt-vg92-6kae
15
vulnerability VCID-tuqc-c251-h7ds
16
vulnerability VCID-w777-44ns-cybg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
aliases BIT-django-2023-41164, CVE-2023-41164, GHSA-7h4p-27mh-hmrw, PYSEC-2023-225
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qgp1-4efd-6yg6
26
url VCID-qy1a-x3ff-4bc8
vulnerability_id VCID-qy1a-x3ff-4bc8
summary An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap() method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26699.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26699.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-26699
reference_id
reference_type
scores
0
value 0.00287
scoring_system epss
scoring_elements 0.52425
published_at 2026-06-09T12:55:00Z
1
value 0.00287
scoring_system epss
scoring_elements 0.52403
published_at 2026-06-08T12:55:00Z
2
value 0.00287
scoring_system epss
scoring_elements 0.52443
published_at 2026-06-05T12:55:00Z
3
value 0.00287
scoring_system epss
scoring_elements 0.52431
published_at 2026-06-07T12:55:00Z
4
value 0.00287
scoring_system epss
scoring_elements 0.52451
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-26699
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
26
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T20:30:28Z/
url https://docs.djangoproject.com/en/dev/releases/security/
27
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
28
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
29
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-13.yaml
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-13.yaml
30
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T20:30:28Z/
url https://groups.google.com/g/django-announce
31
reference_url https://lists.debian.org/debian-lts-announce/2025/03/msg00012.html
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/03/msg00012.html
32
reference_url https://www.djangoproject.com/weblog/2025/mar/06/security-releases
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2025/mar/06/security-releases
33
reference_url https://www.djangoproject.com/weblog/2025/mar/06/security-releases/
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T20:30:28Z/
url https://www.djangoproject.com/weblog/2025/mar/06/security-releases/
34
reference_url http://www.openwall.com/lists/oss-security/2025/03/06/12
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/03/06/12
35
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099682
reference_id 1099682
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099682
36
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2348993
reference_id 2348993
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2348993
37
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-26699
reference_id CVE-2025-26699
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-26699
38
reference_url https://github.com/advisories/GHSA-p3fp-8748-vqfq
reference_id GHSA-p3fp-8748-vqfq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p3fp-8748-vqfq
39
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
40
reference_url https://access.redhat.com/errata/RHSA-2025:3160
reference_id RHSA-2025:3160
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3160
41
reference_url https://access.redhat.com/errata/RHSA-2025:3162
reference_id RHSA-2025:3162
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3162
42
reference_url https://access.redhat.com/errata/RHSA-2025:3709
reference_id RHSA-2025:3709
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3709
43
reference_url https://access.redhat.com/errata/RHSA-2025:4553
reference_id RHSA-2025:4553
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4553
44
reference_url https://access.redhat.com/errata/RHSA-2025:8609
reference_id RHSA-2025:8609
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8609
45
reference_url https://usn.ubuntu.com/7335-1/
reference_id USN-7335-1
reference_type
scores
url https://usn.ubuntu.com/7335-1/
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-322v-ntsv-7uge
3
vulnerability VCID-3mfy-uj9u-d7de
4
vulnerability VCID-4cp2-k4mn-8ffj
5
vulnerability VCID-4kcg-gx5y-cuaw
6
vulnerability VCID-4tyd-97z5-z3ar
7
vulnerability VCID-4z4e-8ttu-tyd6
8
vulnerability VCID-51tx-4tp9-kbcz
9
vulnerability VCID-5q58-pzt4-8uey
10
vulnerability VCID-5xtt-au84-zbb2
11
vulnerability VCID-6jpg-yrf8-cufy
12
vulnerability VCID-7c5n-nzwk-v7bz
13
vulnerability VCID-9end-mq19-rke5
14
vulnerability VCID-9kvc-1bdz-n3bd
15
vulnerability VCID-9mpt-zxaw-kkeg
16
vulnerability VCID-attf-6gj8-ebaj
17
vulnerability VCID-au8h-vj9k-pufv
18
vulnerability VCID-bb8b-hq41-s7a6
19
vulnerability VCID-c3m7-fu62-2qd9
20
vulnerability VCID-c58g-7jpv-t7hc
21
vulnerability VCID-drwp-htkk-bkfh
22
vulnerability VCID-e12b-tw2c-53c9
23
vulnerability VCID-e8j6-mybr-17fh
24
vulnerability VCID-f1br-hvnm-wfdg
25
vulnerability VCID-f4a7-tcz5-byfj
26
vulnerability VCID-fcg9-xypn-ykhf
27
vulnerability VCID-fhp8-tck4-mye4
28
vulnerability VCID-fksk-pr23-2yd8
29
vulnerability VCID-fsaw-3ta1-x3dw
30
vulnerability VCID-g44a-m54u-97cr
31
vulnerability VCID-gfar-wbzc-3ubr
32
vulnerability VCID-hh9b-52xn-z7a9
33
vulnerability VCID-hpj4-a9fa-4bca
34
vulnerability VCID-j81e-su1y-tqa6
35
vulnerability VCID-jgv9-vdbm-sycd
36
vulnerability VCID-jybd-p65h-xffy
37
vulnerability VCID-kbab-v2gz-dfe6
38
vulnerability VCID-m1dr-sjmw-jfd2
39
vulnerability VCID-m33h-4p9q-63fb
40
vulnerability VCID-m4wa-xv9b-q7ce
41
vulnerability VCID-n2v7-jqjy-37bc
42
vulnerability VCID-n9vn-4uxr-hkau
43
vulnerability VCID-na9w-xkvx-cbhd
44
vulnerability VCID-nss9-1yrb-x7f2
45
vulnerability VCID-pa7y-gpwp-6qgj
46
vulnerability VCID-pgtx-cdua-kfb4
47
vulnerability VCID-q8r2-m9s6-rbek
48
vulnerability VCID-qgp1-4efd-6yg6
49
vulnerability VCID-qvfs-2v1h-p3h4
50
vulnerability VCID-qy1a-x3ff-4bc8
51
vulnerability VCID-s1rj-1xbw-fbg5
52
vulnerability VCID-shch-yusm-1uck
53
vulnerability VCID-shjc-2j68-2yfy
54
vulnerability VCID-t952-ghnf-jkby
55
vulnerability VCID-u9q1-63gf-7feh
56
vulnerability VCID-ud73-4t2c-n3at
57
vulnerability VCID-vdpf-jddk-syda
58
vulnerability VCID-vgq9-s6th-yufg
59
vulnerability VCID-wa3g-27sx-mbcw
60
vulnerability VCID-wch3-d92x-sudf
61
vulnerability VCID-whgc-pt2s-77ar
62
vulnerability VCID-wnxx-rc7w-cke4
63
vulnerability VCID-x61x-6b6k-h3bn
64
vulnerability VCID-xcmd-18ck-gqae
65
vulnerability VCID-ynt9-h6ww-h7e9
66
vulnerability VCID-yreb-z7nz-jkbs
67
vulnerability VCID-yuda-1mur-8bbq
68
vulnerability VCID-z4x1-e7tp-rqhz
69
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4cp2-k4mn-8ffj
3
vulnerability VCID-4kcg-gx5y-cuaw
4
vulnerability VCID-4tyd-97z5-z3ar
5
vulnerability VCID-4z4e-8ttu-tyd6
6
vulnerability VCID-51tx-4tp9-kbcz
7
vulnerability VCID-5q58-pzt4-8uey
8
vulnerability VCID-5xtt-au84-zbb2
9
vulnerability VCID-6jpg-yrf8-cufy
10
vulnerability VCID-9end-mq19-rke5
11
vulnerability VCID-9kvc-1bdz-n3bd
12
vulnerability VCID-9mpt-zxaw-kkeg
13
vulnerability VCID-attf-6gj8-ebaj
14
vulnerability VCID-au8h-vj9k-pufv
15
vulnerability VCID-bb8b-hq41-s7a6
16
vulnerability VCID-c3m7-fu62-2qd9
17
vulnerability VCID-drwp-htkk-bkfh
18
vulnerability VCID-e12b-tw2c-53c9
19
vulnerability VCID-e8j6-mybr-17fh
20
vulnerability VCID-f4a7-tcz5-byfj
21
vulnerability VCID-fcg9-xypn-ykhf
22
vulnerability VCID-fhp8-tck4-mye4
23
vulnerability VCID-fksk-pr23-2yd8
24
vulnerability VCID-fsaw-3ta1-x3dw
25
vulnerability VCID-g44a-m54u-97cr
26
vulnerability VCID-gfar-wbzc-3ubr
27
vulnerability VCID-hh9b-52xn-z7a9
28
vulnerability VCID-j81e-su1y-tqa6
29
vulnerability VCID-jgv9-vdbm-sycd
30
vulnerability VCID-jybd-p65h-xffy
31
vulnerability VCID-m1dr-sjmw-jfd2
32
vulnerability VCID-m33h-4p9q-63fb
33
vulnerability VCID-m4wa-xv9b-q7ce
34
vulnerability VCID-n2v7-jqjy-37bc
35
vulnerability VCID-n9vn-4uxr-hkau
36
vulnerability VCID-na9w-xkvx-cbhd
37
vulnerability VCID-nss9-1yrb-x7f2
38
vulnerability VCID-pa7y-gpwp-6qgj
39
vulnerability VCID-pgtx-cdua-kfb4
40
vulnerability VCID-q8r2-m9s6-rbek
41
vulnerability VCID-qgp1-4efd-6yg6
42
vulnerability VCID-qvfs-2v1h-p3h4
43
vulnerability VCID-qy1a-x3ff-4bc8
44
vulnerability VCID-s1rj-1xbw-fbg5
45
vulnerability VCID-shch-yusm-1uck
46
vulnerability VCID-shjc-2j68-2yfy
47
vulnerability VCID-u9q1-63gf-7feh
48
vulnerability VCID-ud73-4t2c-n3at
49
vulnerability VCID-vdpf-jddk-syda
50
vulnerability VCID-vgq9-s6th-yufg
51
vulnerability VCID-wa3g-27sx-mbcw
52
vulnerability VCID-whgc-pt2s-77ar
53
vulnerability VCID-wnxx-rc7w-cke4
54
vulnerability VCID-xcmd-18ck-gqae
55
vulnerability VCID-ynt9-h6ww-h7e9
56
vulnerability VCID-yreb-z7nz-jkbs
57
vulnerability VCID-yuda-1mur-8bbq
58
vulnerability VCID-z4x1-e7tp-rqhz
59
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
2
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-55xg-pw9n-zkdy
3
vulnerability VCID-9gq3-whr8-s7b8
4
vulnerability VCID-abpe-htm1-9ubp
5
vulnerability VCID-eqsc-axng-ckca
6
vulnerability VCID-fsz5-dkw2-hyap
7
vulnerability VCID-fxuu-kk52-r7ch
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-kxdd-yzp3-r7cb
11
vulnerability VCID-m4am-h2ea-3ffr
12
vulnerability VCID-phkp-9abp-f3dq
13
vulnerability VCID-rqqc-ta7c-ykgx
14
vulnerability VCID-tktt-vg92-6kae
15
vulnerability VCID-tuqc-c251-h7ds
16
vulnerability VCID-w777-44ns-cybg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
aliases BIT-django-2025-26699, CVE-2025-26699, GHSA-p3fp-8748-vqfq, PYSEC-2025-13
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qy1a-x3ff-4bc8
27
url VCID-s1rj-1xbw-fbg5
vulnerability_id VCID-s1rj-1xbw-fbg5
summary An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39614.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39614.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-39614
reference_id
reference_type
scores
0
value 0.06838
scoring_system epss
scoring_elements 0.9153
published_at 2026-06-09T12:55:00Z
1
value 0.06838
scoring_system epss
scoring_elements 0.91515
published_at 2026-06-08T12:55:00Z
2
value 0.06838
scoring_system epss
scoring_elements 0.91518
published_at 2026-06-07T12:55:00Z
3
value 0.06838
scoring_system epss
scoring_elements 0.91521
published_at 2026-06-06T12:55:00Z
4
value 0.06838
scoring_system epss
scoring_elements 0.91519
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-39614
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
26
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-10T13:29:40Z/
url https://docs.djangoproject.com/en/dev/releases/security/
27
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
28
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
29
reference_url https://github.com/django/django/commit/17358fb35fb7217423d4c4877ccb6d1a3a40b1c3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/17358fb35fb7217423d4c4877ccb6d1a3a40b1c3
30
reference_url https://github.com/django/django/commit/8e7a44e4bec0f11474699c3111a5e0a45afe7f49
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/8e7a44e4bec0f11474699c3111a5e0a45afe7f49
31
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-59.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-59.yaml
32
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-10T13:29:40Z/
url https://groups.google.com/forum/#%21forum/django-announce
33
reference_url https://security.netapp.com/advisory/ntap-20240808-0005
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240808-0005
34
reference_url https://www.djangoproject.com/weblog/2024/jul/09/security-releases
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2024/jul/09/security-releases
35
reference_url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-10T13:29:40Z/
url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
36
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076069
reference_id 1076069
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076069
37
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2295938
reference_id 2295938
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2295938
38
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-39614
reference_id CVE-2024-39614
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-39614
39
reference_url https://github.com/advisories/GHSA-f6f8-9mx6-9mx2
reference_id GHSA-f6f8-9mx6-9mx2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f6f8-9mx6-9mx2
40
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
41
reference_url https://access.redhat.com/errata/RHSA-2024:6428
reference_id RHSA-2024:6428
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6428
42
reference_url https://access.redhat.com/errata/RHSA-2024:8906
reference_id RHSA-2024:8906
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8906
43
reference_url https://access.redhat.com/errata/RHSA-2024:9481
reference_id RHSA-2024:9481
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9481
44
reference_url https://access.redhat.com/errata/RHSA-2025:1335
reference_id RHSA-2025:1335
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1335
45
reference_url https://usn.ubuntu.com/6888-1/
reference_id USN-6888-1
reference_type
scores
url https://usn.ubuntu.com/6888-1/
46
reference_url https://usn.ubuntu.com/6888-2/
reference_id USN-6888-2
reference_type
scores
url https://usn.ubuntu.com/6888-2/
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-322v-ntsv-7uge
3
vulnerability VCID-3mfy-uj9u-d7de
4
vulnerability VCID-4cp2-k4mn-8ffj
5
vulnerability VCID-4kcg-gx5y-cuaw
6
vulnerability VCID-4tyd-97z5-z3ar
7
vulnerability VCID-4z4e-8ttu-tyd6
8
vulnerability VCID-51tx-4tp9-kbcz
9
vulnerability VCID-5q58-pzt4-8uey
10
vulnerability VCID-5xtt-au84-zbb2
11
vulnerability VCID-6jpg-yrf8-cufy
12
vulnerability VCID-7c5n-nzwk-v7bz
13
vulnerability VCID-9end-mq19-rke5
14
vulnerability VCID-9kvc-1bdz-n3bd
15
vulnerability VCID-9mpt-zxaw-kkeg
16
vulnerability VCID-attf-6gj8-ebaj
17
vulnerability VCID-au8h-vj9k-pufv
18
vulnerability VCID-bb8b-hq41-s7a6
19
vulnerability VCID-c3m7-fu62-2qd9
20
vulnerability VCID-c58g-7jpv-t7hc
21
vulnerability VCID-drwp-htkk-bkfh
22
vulnerability VCID-e12b-tw2c-53c9
23
vulnerability VCID-e8j6-mybr-17fh
24
vulnerability VCID-f1br-hvnm-wfdg
25
vulnerability VCID-f4a7-tcz5-byfj
26
vulnerability VCID-fcg9-xypn-ykhf
27
vulnerability VCID-fhp8-tck4-mye4
28
vulnerability VCID-fksk-pr23-2yd8
29
vulnerability VCID-fsaw-3ta1-x3dw
30
vulnerability VCID-g44a-m54u-97cr
31
vulnerability VCID-gfar-wbzc-3ubr
32
vulnerability VCID-hh9b-52xn-z7a9
33
vulnerability VCID-hpj4-a9fa-4bca
34
vulnerability VCID-j81e-su1y-tqa6
35
vulnerability VCID-jgv9-vdbm-sycd
36
vulnerability VCID-jybd-p65h-xffy
37
vulnerability VCID-kbab-v2gz-dfe6
38
vulnerability VCID-m1dr-sjmw-jfd2
39
vulnerability VCID-m33h-4p9q-63fb
40
vulnerability VCID-m4wa-xv9b-q7ce
41
vulnerability VCID-n2v7-jqjy-37bc
42
vulnerability VCID-n9vn-4uxr-hkau
43
vulnerability VCID-na9w-xkvx-cbhd
44
vulnerability VCID-nss9-1yrb-x7f2
45
vulnerability VCID-pa7y-gpwp-6qgj
46
vulnerability VCID-pgtx-cdua-kfb4
47
vulnerability VCID-q8r2-m9s6-rbek
48
vulnerability VCID-qgp1-4efd-6yg6
49
vulnerability VCID-qvfs-2v1h-p3h4
50
vulnerability VCID-qy1a-x3ff-4bc8
51
vulnerability VCID-s1rj-1xbw-fbg5
52
vulnerability VCID-shch-yusm-1uck
53
vulnerability VCID-shjc-2j68-2yfy
54
vulnerability VCID-t952-ghnf-jkby
55
vulnerability VCID-u9q1-63gf-7feh
56
vulnerability VCID-ud73-4t2c-n3at
57
vulnerability VCID-vdpf-jddk-syda
58
vulnerability VCID-vgq9-s6th-yufg
59
vulnerability VCID-wa3g-27sx-mbcw
60
vulnerability VCID-wch3-d92x-sudf
61
vulnerability VCID-whgc-pt2s-77ar
62
vulnerability VCID-wnxx-rc7w-cke4
63
vulnerability VCID-x61x-6b6k-h3bn
64
vulnerability VCID-xcmd-18ck-gqae
65
vulnerability VCID-ynt9-h6ww-h7e9
66
vulnerability VCID-yreb-z7nz-jkbs
67
vulnerability VCID-yuda-1mur-8bbq
68
vulnerability VCID-z4x1-e7tp-rqhz
69
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4cp2-k4mn-8ffj
3
vulnerability VCID-4kcg-gx5y-cuaw
4
vulnerability VCID-4tyd-97z5-z3ar
5
vulnerability VCID-4z4e-8ttu-tyd6
6
vulnerability VCID-51tx-4tp9-kbcz
7
vulnerability VCID-5q58-pzt4-8uey
8
vulnerability VCID-5xtt-au84-zbb2
9
vulnerability VCID-6jpg-yrf8-cufy
10
vulnerability VCID-9end-mq19-rke5
11
vulnerability VCID-9kvc-1bdz-n3bd
12
vulnerability VCID-9mpt-zxaw-kkeg
13
vulnerability VCID-attf-6gj8-ebaj
14
vulnerability VCID-au8h-vj9k-pufv
15
vulnerability VCID-bb8b-hq41-s7a6
16
vulnerability VCID-c3m7-fu62-2qd9
17
vulnerability VCID-drwp-htkk-bkfh
18
vulnerability VCID-e12b-tw2c-53c9
19
vulnerability VCID-e8j6-mybr-17fh
20
vulnerability VCID-f4a7-tcz5-byfj
21
vulnerability VCID-fcg9-xypn-ykhf
22
vulnerability VCID-fhp8-tck4-mye4
23
vulnerability VCID-fksk-pr23-2yd8
24
vulnerability VCID-fsaw-3ta1-x3dw
25
vulnerability VCID-g44a-m54u-97cr
26
vulnerability VCID-gfar-wbzc-3ubr
27
vulnerability VCID-hh9b-52xn-z7a9
28
vulnerability VCID-j81e-su1y-tqa6
29
vulnerability VCID-jgv9-vdbm-sycd
30
vulnerability VCID-jybd-p65h-xffy
31
vulnerability VCID-m1dr-sjmw-jfd2
32
vulnerability VCID-m33h-4p9q-63fb
33
vulnerability VCID-m4wa-xv9b-q7ce
34
vulnerability VCID-n2v7-jqjy-37bc
35
vulnerability VCID-n9vn-4uxr-hkau
36
vulnerability VCID-na9w-xkvx-cbhd
37
vulnerability VCID-nss9-1yrb-x7f2
38
vulnerability VCID-pa7y-gpwp-6qgj
39
vulnerability VCID-pgtx-cdua-kfb4
40
vulnerability VCID-q8r2-m9s6-rbek
41
vulnerability VCID-qgp1-4efd-6yg6
42
vulnerability VCID-qvfs-2v1h-p3h4
43
vulnerability VCID-qy1a-x3ff-4bc8
44
vulnerability VCID-s1rj-1xbw-fbg5
45
vulnerability VCID-shch-yusm-1uck
46
vulnerability VCID-shjc-2j68-2yfy
47
vulnerability VCID-u9q1-63gf-7feh
48
vulnerability VCID-ud73-4t2c-n3at
49
vulnerability VCID-vdpf-jddk-syda
50
vulnerability VCID-vgq9-s6th-yufg
51
vulnerability VCID-wa3g-27sx-mbcw
52
vulnerability VCID-whgc-pt2s-77ar
53
vulnerability VCID-wnxx-rc7w-cke4
54
vulnerability VCID-xcmd-18ck-gqae
55
vulnerability VCID-ynt9-h6ww-h7e9
56
vulnerability VCID-yreb-z7nz-jkbs
57
vulnerability VCID-yuda-1mur-8bbq
58
vulnerability VCID-z4x1-e7tp-rqhz
59
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
2
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-55xg-pw9n-zkdy
3
vulnerability VCID-9gq3-whr8-s7b8
4
vulnerability VCID-abpe-htm1-9ubp
5
vulnerability VCID-eqsc-axng-ckca
6
vulnerability VCID-fsz5-dkw2-hyap
7
vulnerability VCID-fxuu-kk52-r7ch
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-kxdd-yzp3-r7cb
11
vulnerability VCID-m4am-h2ea-3ffr
12
vulnerability VCID-phkp-9abp-f3dq
13
vulnerability VCID-rqqc-ta7c-ykgx
14
vulnerability VCID-tktt-vg92-6kae
15
vulnerability VCID-tuqc-c251-h7ds
16
vulnerability VCID-w777-44ns-cybg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
aliases BIT-django-2024-39614, CVE-2024-39614, GHSA-f6f8-9mx6-9mx2, PYSEC-2024-59
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s1rj-1xbw-fbg5
28
url VCID-t952-ghnf-jkby
vulnerability_id VCID-t952-ghnf-jkby
summary Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6975.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6975.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-6975
reference_id
reference_type
scores
0
value 0.0646
scoring_system epss
scoring_elements 0.91259
published_at 2026-06-09T12:55:00Z
1
value 0.0646
scoring_system epss
scoring_elements 0.91244
published_at 2026-06-08T12:55:00Z
2
value 0.0646
scoring_system epss
scoring_elements 0.91248
published_at 2026-06-07T12:55:00Z
3
value 0.0646
scoring_system epss
scoring_elements 0.91251
published_at 2026-06-06T12:55:00Z
4
value 0.0646
scoring_system epss
scoring_elements 0.91238
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-6975
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12308
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12308
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12781
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12781
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6975
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6975
5
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
6
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/advisories/GHSA-wh4h-v3f2-r2pp
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-wh4h-v3f2-r2pp
9
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
10
reference_url https://github.com/django/django/commit/0bbb560183fabf0533289700845dafa94951f227
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/0bbb560183fabf0533289700845dafa94951f227
11
reference_url https://github.com/django/django/commit/1f42f82566c9d2d73aff1c42790d6b1b243f7676
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/1f42f82566c9d2d73aff1c42790d6b1b243f7676
12
reference_url https://github.com/django/django/commit/40cd19055773705301c3428ed5e08a036d2091f3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/40cd19055773705301c3428ed5e08a036d2091f3
13
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-18.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-18.yaml
14
reference_url https://groups.google.com/forum/#!topic/django-announce/WTwEAprR0IQ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/django-announce/WTwEAprR0IQ
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66WMXHGBXD7GSM3PEXVCMCAGLMQYHZCU
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66WMXHGBXD7GSM3PEXVCMCAGLMQYHZCU
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66WMXHGBXD7GSM3PEXVCMCAGLMQYHZCU/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66WMXHGBXD7GSM3PEXVCMCAGLMQYHZCU/
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/
19
reference_url https://seclists.org/bugtraq/2019/Jul/10
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Jul/10
20
reference_url https://usn.ubuntu.com/3890-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3890-1
21
reference_url https://usn.ubuntu.com/3890-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3890-1/
22
reference_url https://web.archive.org/web/20200227084713/http://www.securityfocus.com/bid/106964
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200227084713/http://www.securityfocus.com/bid/106964
23
reference_url https://www.debian.org/security/2019/dsa-4476
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4476
24
reference_url https://www.djangoproject.com/weblog/2019/feb/11/security-releases
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2019/feb/11/security-releases
25
reference_url https://www.djangoproject.com/weblog/2019/feb/11/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/feb/11/security-releases/
26
reference_url https://www.openwall.com/lists/oss-security/2019/02/11/1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2019/02/11/1
27
reference_url http://www.securityfocus.com/bid/106964
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/106964
28
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1673642
reference_id 1673642
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1673642
29
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922027
reference_id 922027
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922027
30
reference_url https://security.archlinux.org/ASA-201902-14
reference_id ASA-201902-14
reference_type
scores
url https://security.archlinux.org/ASA-201902-14
31
reference_url https://security.archlinux.org/AVG-881
reference_id AVG-881
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-881
32
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-6975
reference_id CVE-2019-6975
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-6975
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-322v-ntsv-7uge
3
vulnerability VCID-3mfy-uj9u-d7de
4
vulnerability VCID-4cp2-k4mn-8ffj
5
vulnerability VCID-4kcg-gx5y-cuaw
6
vulnerability VCID-4tyd-97z5-z3ar
7
vulnerability VCID-4z4e-8ttu-tyd6
8
vulnerability VCID-51tx-4tp9-kbcz
9
vulnerability VCID-5q58-pzt4-8uey
10
vulnerability VCID-5xtt-au84-zbb2
11
vulnerability VCID-6jpg-yrf8-cufy
12
vulnerability VCID-7c5n-nzwk-v7bz
13
vulnerability VCID-9end-mq19-rke5
14
vulnerability VCID-9kvc-1bdz-n3bd
15
vulnerability VCID-9mpt-zxaw-kkeg
16
vulnerability VCID-attf-6gj8-ebaj
17
vulnerability VCID-au8h-vj9k-pufv
18
vulnerability VCID-bb8b-hq41-s7a6
19
vulnerability VCID-c3m7-fu62-2qd9
20
vulnerability VCID-c58g-7jpv-t7hc
21
vulnerability VCID-drwp-htkk-bkfh
22
vulnerability VCID-e12b-tw2c-53c9
23
vulnerability VCID-e8j6-mybr-17fh
24
vulnerability VCID-f1br-hvnm-wfdg
25
vulnerability VCID-f4a7-tcz5-byfj
26
vulnerability VCID-fcg9-xypn-ykhf
27
vulnerability VCID-fhp8-tck4-mye4
28
vulnerability VCID-fksk-pr23-2yd8
29
vulnerability VCID-fsaw-3ta1-x3dw
30
vulnerability VCID-g44a-m54u-97cr
31
vulnerability VCID-gfar-wbzc-3ubr
32
vulnerability VCID-hh9b-52xn-z7a9
33
vulnerability VCID-hpj4-a9fa-4bca
34
vulnerability VCID-j81e-su1y-tqa6
35
vulnerability VCID-jgv9-vdbm-sycd
36
vulnerability VCID-jybd-p65h-xffy
37
vulnerability VCID-kbab-v2gz-dfe6
38
vulnerability VCID-m1dr-sjmw-jfd2
39
vulnerability VCID-m33h-4p9q-63fb
40
vulnerability VCID-m4wa-xv9b-q7ce
41
vulnerability VCID-n2v7-jqjy-37bc
42
vulnerability VCID-n9vn-4uxr-hkau
43
vulnerability VCID-na9w-xkvx-cbhd
44
vulnerability VCID-nss9-1yrb-x7f2
45
vulnerability VCID-pa7y-gpwp-6qgj
46
vulnerability VCID-pgtx-cdua-kfb4
47
vulnerability VCID-q8r2-m9s6-rbek
48
vulnerability VCID-qgp1-4efd-6yg6
49
vulnerability VCID-qvfs-2v1h-p3h4
50
vulnerability VCID-qy1a-x3ff-4bc8
51
vulnerability VCID-s1rj-1xbw-fbg5
52
vulnerability VCID-shch-yusm-1uck
53
vulnerability VCID-shjc-2j68-2yfy
54
vulnerability VCID-t952-ghnf-jkby
55
vulnerability VCID-u9q1-63gf-7feh
56
vulnerability VCID-ud73-4t2c-n3at
57
vulnerability VCID-vdpf-jddk-syda
58
vulnerability VCID-vgq9-s6th-yufg
59
vulnerability VCID-wa3g-27sx-mbcw
60
vulnerability VCID-wch3-d92x-sudf
61
vulnerability VCID-whgc-pt2s-77ar
62
vulnerability VCID-wnxx-rc7w-cke4
63
vulnerability VCID-x61x-6b6k-h3bn
64
vulnerability VCID-xcmd-18ck-gqae
65
vulnerability VCID-ynt9-h6ww-h7e9
66
vulnerability VCID-yreb-z7nz-jkbs
67
vulnerability VCID-yuda-1mur-8bbq
68
vulnerability VCID-z4x1-e7tp-rqhz
69
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4cp2-k4mn-8ffj
3
vulnerability VCID-4kcg-gx5y-cuaw
4
vulnerability VCID-4tyd-97z5-z3ar
5
vulnerability VCID-4z4e-8ttu-tyd6
6
vulnerability VCID-51tx-4tp9-kbcz
7
vulnerability VCID-5q58-pzt4-8uey
8
vulnerability VCID-5xtt-au84-zbb2
9
vulnerability VCID-6jpg-yrf8-cufy
10
vulnerability VCID-9end-mq19-rke5
11
vulnerability VCID-9kvc-1bdz-n3bd
12
vulnerability VCID-9mpt-zxaw-kkeg
13
vulnerability VCID-attf-6gj8-ebaj
14
vulnerability VCID-au8h-vj9k-pufv
15
vulnerability VCID-bb8b-hq41-s7a6
16
vulnerability VCID-c3m7-fu62-2qd9
17
vulnerability VCID-drwp-htkk-bkfh
18
vulnerability VCID-e12b-tw2c-53c9
19
vulnerability VCID-e8j6-mybr-17fh
20
vulnerability VCID-f4a7-tcz5-byfj
21
vulnerability VCID-fcg9-xypn-ykhf
22
vulnerability VCID-fhp8-tck4-mye4
23
vulnerability VCID-fksk-pr23-2yd8
24
vulnerability VCID-fsaw-3ta1-x3dw
25
vulnerability VCID-g44a-m54u-97cr
26
vulnerability VCID-gfar-wbzc-3ubr
27
vulnerability VCID-hh9b-52xn-z7a9
28
vulnerability VCID-j81e-su1y-tqa6
29
vulnerability VCID-jgv9-vdbm-sycd
30
vulnerability VCID-jybd-p65h-xffy
31
vulnerability VCID-m1dr-sjmw-jfd2
32
vulnerability VCID-m33h-4p9q-63fb
33
vulnerability VCID-m4wa-xv9b-q7ce
34
vulnerability VCID-n2v7-jqjy-37bc
35
vulnerability VCID-n9vn-4uxr-hkau
36
vulnerability VCID-na9w-xkvx-cbhd
37
vulnerability VCID-nss9-1yrb-x7f2
38
vulnerability VCID-pa7y-gpwp-6qgj
39
vulnerability VCID-pgtx-cdua-kfb4
40
vulnerability VCID-q8r2-m9s6-rbek
41
vulnerability VCID-qgp1-4efd-6yg6
42
vulnerability VCID-qvfs-2v1h-p3h4
43
vulnerability VCID-qy1a-x3ff-4bc8
44
vulnerability VCID-s1rj-1xbw-fbg5
45
vulnerability VCID-shch-yusm-1uck
46
vulnerability VCID-shjc-2j68-2yfy
47
vulnerability VCID-u9q1-63gf-7feh
48
vulnerability VCID-ud73-4t2c-n3at
49
vulnerability VCID-vdpf-jddk-syda
50
vulnerability VCID-vgq9-s6th-yufg
51
vulnerability VCID-wa3g-27sx-mbcw
52
vulnerability VCID-whgc-pt2s-77ar
53
vulnerability VCID-wnxx-rc7w-cke4
54
vulnerability VCID-xcmd-18ck-gqae
55
vulnerability VCID-ynt9-h6ww-h7e9
56
vulnerability VCID-yreb-z7nz-jkbs
57
vulnerability VCID-yuda-1mur-8bbq
58
vulnerability VCID-z4x1-e7tp-rqhz
59
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
aliases CVE-2019-6975, GHSA-wh4h-v3f2-r2pp, PYSEC-2019-18
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t952-ghnf-jkby
29
url VCID-ud73-4t2c-n3at
vulnerability_id VCID-ud73-4t2c-n3at
summary An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53907.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53907.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-53907
reference_id
reference_type
scores
0
value 0.01038
scoring_system epss
scoring_elements 0.77788
published_at 2026-06-09T12:55:00Z
1
value 0.01038
scoring_system epss
scoring_elements 0.77769
published_at 2026-06-08T12:55:00Z
2
value 0.01038
scoring_system epss
scoring_elements 0.77779
published_at 2026-06-07T12:55:00Z
3
value 0.01038
scoring_system epss
scoring_elements 0.77789
published_at 2026-06-06T12:55:00Z
4
value 0.01038
scoring_system epss
scoring_elements 0.77782
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-53907
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
26
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T16:22:53Z/
url https://docs.djangoproject.com/en/dev/releases/security/
27
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
28
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
29
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-156.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-156.yaml
30
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T16:22:53Z/
url https://groups.google.com/g/django-announce
31
reference_url https://lists.debian.org/debian-lts-announce/2024/12/msg00028.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/12/msg00028.html
32
reference_url https://www.djangoproject.com/weblog/2024/dec/04/security-releases
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2024/dec/04/security-releases
33
reference_url https://www.openwall.com/lists/oss-security/2024/12/04/3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T16:22:53Z/
url https://www.openwall.com/lists/oss-security/2024/12/04/3
34
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2329288
reference_id 2329288
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2329288
35
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-53907
reference_id CVE-2024-53907
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-53907
36
reference_url https://github.com/advisories/GHSA-8498-2h75-472j
reference_id GHSA-8498-2h75-472j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8498-2h75-472j
37
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
38
reference_url https://access.redhat.com/errata/RHSA-2024:11144
reference_id RHSA-2024:11144
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:11144
39
reference_url https://access.redhat.com/errata/RHSA-2024:11146
reference_id RHSA-2024:11146
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:11146
40
reference_url https://access.redhat.com/errata/RHSA-2025:0340
reference_id RHSA-2025:0340
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0340
41
reference_url https://access.redhat.com/errata/RHSA-2025:0777
reference_id RHSA-2025:0777
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0777
42
reference_url https://usn.ubuntu.com/7136-1/
reference_id USN-7136-1
reference_type
scores
url https://usn.ubuntu.com/7136-1/
43
reference_url https://usn.ubuntu.com/7136-2/
reference_id USN-7136-2
reference_type
scores
url https://usn.ubuntu.com/7136-2/
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-322v-ntsv-7uge
3
vulnerability VCID-3mfy-uj9u-d7de
4
vulnerability VCID-4cp2-k4mn-8ffj
5
vulnerability VCID-4kcg-gx5y-cuaw
6
vulnerability VCID-4tyd-97z5-z3ar
7
vulnerability VCID-4z4e-8ttu-tyd6
8
vulnerability VCID-51tx-4tp9-kbcz
9
vulnerability VCID-5q58-pzt4-8uey
10
vulnerability VCID-5xtt-au84-zbb2
11
vulnerability VCID-6jpg-yrf8-cufy
12
vulnerability VCID-7c5n-nzwk-v7bz
13
vulnerability VCID-9end-mq19-rke5
14
vulnerability VCID-9kvc-1bdz-n3bd
15
vulnerability VCID-9mpt-zxaw-kkeg
16
vulnerability VCID-attf-6gj8-ebaj
17
vulnerability VCID-au8h-vj9k-pufv
18
vulnerability VCID-bb8b-hq41-s7a6
19
vulnerability VCID-c3m7-fu62-2qd9
20
vulnerability VCID-c58g-7jpv-t7hc
21
vulnerability VCID-drwp-htkk-bkfh
22
vulnerability VCID-e12b-tw2c-53c9
23
vulnerability VCID-e8j6-mybr-17fh
24
vulnerability VCID-f1br-hvnm-wfdg
25
vulnerability VCID-f4a7-tcz5-byfj
26
vulnerability VCID-fcg9-xypn-ykhf
27
vulnerability VCID-fhp8-tck4-mye4
28
vulnerability VCID-fksk-pr23-2yd8
29
vulnerability VCID-fsaw-3ta1-x3dw
30
vulnerability VCID-g44a-m54u-97cr
31
vulnerability VCID-gfar-wbzc-3ubr
32
vulnerability VCID-hh9b-52xn-z7a9
33
vulnerability VCID-hpj4-a9fa-4bca
34
vulnerability VCID-j81e-su1y-tqa6
35
vulnerability VCID-jgv9-vdbm-sycd
36
vulnerability VCID-jybd-p65h-xffy
37
vulnerability VCID-kbab-v2gz-dfe6
38
vulnerability VCID-m1dr-sjmw-jfd2
39
vulnerability VCID-m33h-4p9q-63fb
40
vulnerability VCID-m4wa-xv9b-q7ce
41
vulnerability VCID-n2v7-jqjy-37bc
42
vulnerability VCID-n9vn-4uxr-hkau
43
vulnerability VCID-na9w-xkvx-cbhd
44
vulnerability VCID-nss9-1yrb-x7f2
45
vulnerability VCID-pa7y-gpwp-6qgj
46
vulnerability VCID-pgtx-cdua-kfb4
47
vulnerability VCID-q8r2-m9s6-rbek
48
vulnerability VCID-qgp1-4efd-6yg6
49
vulnerability VCID-qvfs-2v1h-p3h4
50
vulnerability VCID-qy1a-x3ff-4bc8
51
vulnerability VCID-s1rj-1xbw-fbg5
52
vulnerability VCID-shch-yusm-1uck
53
vulnerability VCID-shjc-2j68-2yfy
54
vulnerability VCID-t952-ghnf-jkby
55
vulnerability VCID-u9q1-63gf-7feh
56
vulnerability VCID-ud73-4t2c-n3at
57
vulnerability VCID-vdpf-jddk-syda
58
vulnerability VCID-vgq9-s6th-yufg
59
vulnerability VCID-wa3g-27sx-mbcw
60
vulnerability VCID-wch3-d92x-sudf
61
vulnerability VCID-whgc-pt2s-77ar
62
vulnerability VCID-wnxx-rc7w-cke4
63
vulnerability VCID-x61x-6b6k-h3bn
64
vulnerability VCID-xcmd-18ck-gqae
65
vulnerability VCID-ynt9-h6ww-h7e9
66
vulnerability VCID-yreb-z7nz-jkbs
67
vulnerability VCID-yuda-1mur-8bbq
68
vulnerability VCID-z4x1-e7tp-rqhz
69
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4cp2-k4mn-8ffj
3
vulnerability VCID-4kcg-gx5y-cuaw
4
vulnerability VCID-4tyd-97z5-z3ar
5
vulnerability VCID-4z4e-8ttu-tyd6
6
vulnerability VCID-51tx-4tp9-kbcz
7
vulnerability VCID-5q58-pzt4-8uey
8
vulnerability VCID-5xtt-au84-zbb2
9
vulnerability VCID-6jpg-yrf8-cufy
10
vulnerability VCID-9end-mq19-rke5
11
vulnerability VCID-9kvc-1bdz-n3bd
12
vulnerability VCID-9mpt-zxaw-kkeg
13
vulnerability VCID-attf-6gj8-ebaj
14
vulnerability VCID-au8h-vj9k-pufv
15
vulnerability VCID-bb8b-hq41-s7a6
16
vulnerability VCID-c3m7-fu62-2qd9
17
vulnerability VCID-drwp-htkk-bkfh
18
vulnerability VCID-e12b-tw2c-53c9
19
vulnerability VCID-e8j6-mybr-17fh
20
vulnerability VCID-f4a7-tcz5-byfj
21
vulnerability VCID-fcg9-xypn-ykhf
22
vulnerability VCID-fhp8-tck4-mye4
23
vulnerability VCID-fksk-pr23-2yd8
24
vulnerability VCID-fsaw-3ta1-x3dw
25
vulnerability VCID-g44a-m54u-97cr
26
vulnerability VCID-gfar-wbzc-3ubr
27
vulnerability VCID-hh9b-52xn-z7a9
28
vulnerability VCID-j81e-su1y-tqa6
29
vulnerability VCID-jgv9-vdbm-sycd
30
vulnerability VCID-jybd-p65h-xffy
31
vulnerability VCID-m1dr-sjmw-jfd2
32
vulnerability VCID-m33h-4p9q-63fb
33
vulnerability VCID-m4wa-xv9b-q7ce
34
vulnerability VCID-n2v7-jqjy-37bc
35
vulnerability VCID-n9vn-4uxr-hkau
36
vulnerability VCID-na9w-xkvx-cbhd
37
vulnerability VCID-nss9-1yrb-x7f2
38
vulnerability VCID-pa7y-gpwp-6qgj
39
vulnerability VCID-pgtx-cdua-kfb4
40
vulnerability VCID-q8r2-m9s6-rbek
41
vulnerability VCID-qgp1-4efd-6yg6
42
vulnerability VCID-qvfs-2v1h-p3h4
43
vulnerability VCID-qy1a-x3ff-4bc8
44
vulnerability VCID-s1rj-1xbw-fbg5
45
vulnerability VCID-shch-yusm-1uck
46
vulnerability VCID-shjc-2j68-2yfy
47
vulnerability VCID-u9q1-63gf-7feh
48
vulnerability VCID-ud73-4t2c-n3at
49
vulnerability VCID-vdpf-jddk-syda
50
vulnerability VCID-vgq9-s6th-yufg
51
vulnerability VCID-wa3g-27sx-mbcw
52
vulnerability VCID-whgc-pt2s-77ar
53
vulnerability VCID-wnxx-rc7w-cke4
54
vulnerability VCID-xcmd-18ck-gqae
55
vulnerability VCID-ynt9-h6ww-h7e9
56
vulnerability VCID-yreb-z7nz-jkbs
57
vulnerability VCID-yuda-1mur-8bbq
58
vulnerability VCID-z4x1-e7tp-rqhz
59
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
2
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-55xg-pw9n-zkdy
3
vulnerability VCID-9gq3-whr8-s7b8
4
vulnerability VCID-abpe-htm1-9ubp
5
vulnerability VCID-eqsc-axng-ckca
6
vulnerability VCID-fsz5-dkw2-hyap
7
vulnerability VCID-fxuu-kk52-r7ch
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-kxdd-yzp3-r7cb
11
vulnerability VCID-m4am-h2ea-3ffr
12
vulnerability VCID-phkp-9abp-f3dq
13
vulnerability VCID-rqqc-ta7c-ykgx
14
vulnerability VCID-tktt-vg92-6kae
15
vulnerability VCID-tuqc-c251-h7ds
16
vulnerability VCID-w777-44ns-cybg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
aliases BIT-django-2024-53907, CVE-2024-53907, GHSA-8498-2h75-472j, PYSEC-2024-156
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ud73-4t2c-n3at
30
url VCID-vdpf-jddk-syda
vulnerability_id VCID-vdpf-jddk-syda
summary insufficient validation
references
0
reference_url http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19844.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19844.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-19844
reference_id
reference_type
scores
0
value 0.15418
scoring_system epss
scoring_elements 0.94781
published_at 2026-06-08T12:55:00Z
1
value 0.15418
scoring_system epss
scoring_elements 0.94787
published_at 2026-06-09T12:55:00Z
2
value 0.15418
scoring_system epss
scoring_elements 0.94782
published_at 2026-06-07T12:55:00Z
3
value 0.15418
scoring_system epss
scoring_elements 0.94771
published_at 2026-06-04T12:55:00Z
4
value 0.15418
scoring_system epss
scoring_elements 0.94779
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-19844
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19844
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19844
4
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
5
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/advisories/GHSA-vfq6-hq5r-27r6
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-vfq6-hq5r-27r6
8
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
9
reference_url https://github.com/django/django/commit/302a4ff1e8b1c798aab97673909c7a3dfda42c26
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/302a4ff1e8b1c798aab97673909c7a3dfda42c26
10
reference_url https://github.com/django/django/commit/4d334bea06cac63dc1272abcec545b85136cca0e
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/4d334bea06cac63dc1272abcec545b85136cca0e
11
reference_url https://github.com/django/django/commit/5b1fbcef7a8bec991ebe7b2a18b5d5a95d72cb70
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/5b1fbcef7a8bec991ebe7b2a18b5d5a95d72cb70
12
reference_url https://github.com/django/django/commit/f4cff43bf921fcea6a29b726eb66767f67753fa2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/f4cff43bf921fcea6a29b726eb66767f67753fa2
13
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-16.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-16.yaml
14
reference_url https://groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/
17
reference_url https://seclists.org/bugtraq/2020/Jan/9
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2020/Jan/9
18
reference_url https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202004-17
19
reference_url https://security.netapp.com/advisory/ntap-20200110-0003
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200110-0003
20
reference_url https://security.netapp.com/advisory/ntap-20200110-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20200110-0003/
21
reference_url https://usn.ubuntu.com/4224-1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4224-1
22
reference_url https://usn.ubuntu.com/4224-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4224-1/
23
reference_url https://www.debian.org/security/2020/dsa-4598
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2020/dsa-4598
24
reference_url https://www.djangoproject.com/weblog/2019/dec/18/security-releases
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2019/dec/18/security-releases
25
reference_url https://www.djangoproject.com/weblog/2019/dec/18/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/dec/18/security-releases/
26
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1788425
reference_id 1788425
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1788425
27
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946937
reference_id 946937
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946937
28
reference_url https://security.archlinux.org/AVG-1080
reference_id AVG-1080
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1080
29
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/webapps/47879.md
reference_id CVE-2019-19844
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/webapps/47879.md
30
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-19844
reference_id CVE-2019-19844
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-19844
31
reference_url https://ryu22e.org/en/posts/2019/12/25/django-cve-2019-19844/
reference_id CVE-2019-19844
reference_type exploit
scores
url https://ryu22e.org/en/posts/2019/12/25/django-cve-2019-19844/
32
reference_url https://usn.ubuntu.com/6722-1/
reference_id USN-6722-1
reference_type
scores
url https://usn.ubuntu.com/6722-1/
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-322v-ntsv-7uge
3
vulnerability VCID-3mfy-uj9u-d7de
4
vulnerability VCID-4cp2-k4mn-8ffj
5
vulnerability VCID-4kcg-gx5y-cuaw
6
vulnerability VCID-4tyd-97z5-z3ar
7
vulnerability VCID-4z4e-8ttu-tyd6
8
vulnerability VCID-51tx-4tp9-kbcz
9
vulnerability VCID-5q58-pzt4-8uey
10
vulnerability VCID-5xtt-au84-zbb2
11
vulnerability VCID-6jpg-yrf8-cufy
12
vulnerability VCID-7c5n-nzwk-v7bz
13
vulnerability VCID-9end-mq19-rke5
14
vulnerability VCID-9kvc-1bdz-n3bd
15
vulnerability VCID-9mpt-zxaw-kkeg
16
vulnerability VCID-attf-6gj8-ebaj
17
vulnerability VCID-au8h-vj9k-pufv
18
vulnerability VCID-bb8b-hq41-s7a6
19
vulnerability VCID-c3m7-fu62-2qd9
20
vulnerability VCID-c58g-7jpv-t7hc
21
vulnerability VCID-drwp-htkk-bkfh
22
vulnerability VCID-e12b-tw2c-53c9
23
vulnerability VCID-e8j6-mybr-17fh
24
vulnerability VCID-f1br-hvnm-wfdg
25
vulnerability VCID-f4a7-tcz5-byfj
26
vulnerability VCID-fcg9-xypn-ykhf
27
vulnerability VCID-fhp8-tck4-mye4
28
vulnerability VCID-fksk-pr23-2yd8
29
vulnerability VCID-fsaw-3ta1-x3dw
30
vulnerability VCID-g44a-m54u-97cr
31
vulnerability VCID-gfar-wbzc-3ubr
32
vulnerability VCID-hh9b-52xn-z7a9
33
vulnerability VCID-hpj4-a9fa-4bca
34
vulnerability VCID-j81e-su1y-tqa6
35
vulnerability VCID-jgv9-vdbm-sycd
36
vulnerability VCID-jybd-p65h-xffy
37
vulnerability VCID-kbab-v2gz-dfe6
38
vulnerability VCID-m1dr-sjmw-jfd2
39
vulnerability VCID-m33h-4p9q-63fb
40
vulnerability VCID-m4wa-xv9b-q7ce
41
vulnerability VCID-n2v7-jqjy-37bc
42
vulnerability VCID-n9vn-4uxr-hkau
43
vulnerability VCID-na9w-xkvx-cbhd
44
vulnerability VCID-nss9-1yrb-x7f2
45
vulnerability VCID-pa7y-gpwp-6qgj
46
vulnerability VCID-pgtx-cdua-kfb4
47
vulnerability VCID-q8r2-m9s6-rbek
48
vulnerability VCID-qgp1-4efd-6yg6
49
vulnerability VCID-qvfs-2v1h-p3h4
50
vulnerability VCID-qy1a-x3ff-4bc8
51
vulnerability VCID-s1rj-1xbw-fbg5
52
vulnerability VCID-shch-yusm-1uck
53
vulnerability VCID-shjc-2j68-2yfy
54
vulnerability VCID-t952-ghnf-jkby
55
vulnerability VCID-u9q1-63gf-7feh
56
vulnerability VCID-ud73-4t2c-n3at
57
vulnerability VCID-vdpf-jddk-syda
58
vulnerability VCID-vgq9-s6th-yufg
59
vulnerability VCID-wa3g-27sx-mbcw
60
vulnerability VCID-wch3-d92x-sudf
61
vulnerability VCID-whgc-pt2s-77ar
62
vulnerability VCID-wnxx-rc7w-cke4
63
vulnerability VCID-x61x-6b6k-h3bn
64
vulnerability VCID-xcmd-18ck-gqae
65
vulnerability VCID-ynt9-h6ww-h7e9
66
vulnerability VCID-yreb-z7nz-jkbs
67
vulnerability VCID-yuda-1mur-8bbq
68
vulnerability VCID-z4x1-e7tp-rqhz
69
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4cp2-k4mn-8ffj
3
vulnerability VCID-4kcg-gx5y-cuaw
4
vulnerability VCID-4tyd-97z5-z3ar
5
vulnerability VCID-4z4e-8ttu-tyd6
6
vulnerability VCID-51tx-4tp9-kbcz
7
vulnerability VCID-5q58-pzt4-8uey
8
vulnerability VCID-5xtt-au84-zbb2
9
vulnerability VCID-6jpg-yrf8-cufy
10
vulnerability VCID-9end-mq19-rke5
11
vulnerability VCID-9kvc-1bdz-n3bd
12
vulnerability VCID-9mpt-zxaw-kkeg
13
vulnerability VCID-attf-6gj8-ebaj
14
vulnerability VCID-au8h-vj9k-pufv
15
vulnerability VCID-bb8b-hq41-s7a6
16
vulnerability VCID-c3m7-fu62-2qd9
17
vulnerability VCID-drwp-htkk-bkfh
18
vulnerability VCID-e12b-tw2c-53c9
19
vulnerability VCID-e8j6-mybr-17fh
20
vulnerability VCID-f4a7-tcz5-byfj
21
vulnerability VCID-fcg9-xypn-ykhf
22
vulnerability VCID-fhp8-tck4-mye4
23
vulnerability VCID-fksk-pr23-2yd8
24
vulnerability VCID-fsaw-3ta1-x3dw
25
vulnerability VCID-g44a-m54u-97cr
26
vulnerability VCID-gfar-wbzc-3ubr
27
vulnerability VCID-hh9b-52xn-z7a9
28
vulnerability VCID-j81e-su1y-tqa6
29
vulnerability VCID-jgv9-vdbm-sycd
30
vulnerability VCID-jybd-p65h-xffy
31
vulnerability VCID-m1dr-sjmw-jfd2
32
vulnerability VCID-m33h-4p9q-63fb
33
vulnerability VCID-m4wa-xv9b-q7ce
34
vulnerability VCID-n2v7-jqjy-37bc
35
vulnerability VCID-n9vn-4uxr-hkau
36
vulnerability VCID-na9w-xkvx-cbhd
37
vulnerability VCID-nss9-1yrb-x7f2
38
vulnerability VCID-pa7y-gpwp-6qgj
39
vulnerability VCID-pgtx-cdua-kfb4
40
vulnerability VCID-q8r2-m9s6-rbek
41
vulnerability VCID-qgp1-4efd-6yg6
42
vulnerability VCID-qvfs-2v1h-p3h4
43
vulnerability VCID-qy1a-x3ff-4bc8
44
vulnerability VCID-s1rj-1xbw-fbg5
45
vulnerability VCID-shch-yusm-1uck
46
vulnerability VCID-shjc-2j68-2yfy
47
vulnerability VCID-u9q1-63gf-7feh
48
vulnerability VCID-ud73-4t2c-n3at
49
vulnerability VCID-vdpf-jddk-syda
50
vulnerability VCID-vgq9-s6th-yufg
51
vulnerability VCID-wa3g-27sx-mbcw
52
vulnerability VCID-whgc-pt2s-77ar
53
vulnerability VCID-wnxx-rc7w-cke4
54
vulnerability VCID-xcmd-18ck-gqae
55
vulnerability VCID-ynt9-h6ww-h7e9
56
vulnerability VCID-yreb-z7nz-jkbs
57
vulnerability VCID-yuda-1mur-8bbq
58
vulnerability VCID-z4x1-e7tp-rqhz
59
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
2
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-4kcg-gx5y-cuaw
3
vulnerability VCID-4tyd-97z5-z3ar
4
vulnerability VCID-55xg-pw9n-zkdy
5
vulnerability VCID-5xtt-au84-zbb2
6
vulnerability VCID-9gq3-whr8-s7b8
7
vulnerability VCID-9kvc-1bdz-n3bd
8
vulnerability VCID-abpe-htm1-9ubp
9
vulnerability VCID-bb8b-hq41-s7a6
10
vulnerability VCID-e12b-tw2c-53c9
11
vulnerability VCID-e8j6-mybr-17fh
12
vulnerability VCID-eqsc-axng-ckca
13
vulnerability VCID-fcg9-xypn-ykhf
14
vulnerability VCID-fsaw-3ta1-x3dw
15
vulnerability VCID-fsz5-dkw2-hyap
16
vulnerability VCID-fxuu-kk52-r7ch
17
vulnerability VCID-ga7z-wj4j-63h1
18
vulnerability VCID-hsjn-xnpp-5yeh
19
vulnerability VCID-jgv9-vdbm-sycd
20
vulnerability VCID-jybd-p65h-xffy
21
vulnerability VCID-kxdd-yzp3-r7cb
22
vulnerability VCID-m33h-4p9q-63fb
23
vulnerability VCID-m4am-h2ea-3ffr
24
vulnerability VCID-n2v7-jqjy-37bc
25
vulnerability VCID-pa7y-gpwp-6qgj
26
vulnerability VCID-phkp-9abp-f3dq
27
vulnerability VCID-qgp1-4efd-6yg6
28
vulnerability VCID-qy1a-x3ff-4bc8
29
vulnerability VCID-rqqc-ta7c-ykgx
30
vulnerability VCID-s1rj-1xbw-fbg5
31
vulnerability VCID-shch-yusm-1uck
32
vulnerability VCID-shjc-2j68-2yfy
33
vulnerability VCID-tktt-vg92-6kae
34
vulnerability VCID-tuqc-c251-h7ds
35
vulnerability VCID-ud73-4t2c-n3at
36
vulnerability VCID-vgq9-s6th-yufg
37
vulnerability VCID-w777-44ns-cybg
38
vulnerability VCID-wa3g-27sx-mbcw
39
vulnerability VCID-whgc-pt2s-77ar
40
vulnerability VCID-xcmd-18ck-gqae
41
vulnerability VCID-ynt9-h6ww-h7e9
42
vulnerability VCID-yuda-1mur-8bbq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
aliases CVE-2019-19844, GHSA-vfq6-hq5r-27r6, PYSEC-2019-16
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vdpf-jddk-syda
31
url VCID-vgq9-s6th-yufg
vulnerability_id VCID-vgq9-s6th-yufg
summary An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate() method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39329.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39329.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-39329
reference_id
reference_type
scores
0
value 0.00165
scoring_system epss
scoring_elements 0.37358
published_at 2026-06-05T12:55:00Z
1
value 0.00165
scoring_system epss
scoring_elements 0.37308
published_at 2026-06-09T12:55:00Z
2
value 0.00165
scoring_system epss
scoring_elements 0.37293
published_at 2026-06-08T12:55:00Z
3
value 0.00165
scoring_system epss
scoring_elements 0.37331
published_at 2026-06-07T12:55:00Z
4
value 0.00165
scoring_system epss
scoring_elements 0.37363
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-39329
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
26
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-10T16:17:00Z/
url https://docs.djangoproject.com/en/dev/releases/security/
27
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
28
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
29
reference_url https://github.com/django/django/commit/07cefdee4a9d1fcd9a3a631cbd07c78defd1923b
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/07cefdee4a9d1fcd9a3a631cbd07c78defd1923b
30
reference_url https://github.com/django/django/commit/156d3186c96e3ec2ca73b8b25dc2ef366e38df14
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/156d3186c96e3ec2ca73b8b25dc2ef366e38df14
31
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-57.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-57.yaml
32
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-10T16:17:00Z/
url https://groups.google.com/forum/#%21forum/django-announce
33
reference_url https://security.netapp.com/advisory/ntap-20240808-0005
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240808-0005
34
reference_url https://www.djangoproject.com/weblog/2024/jul/09/security-releases
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2024/jul/09/security-releases
35
reference_url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-10T16:17:00Z/
url https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
36
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076069
reference_id 1076069
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076069
37
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2295936
reference_id 2295936
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2295936
38
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-39329
reference_id CVE-2024-39329
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-39329
39
reference_url https://github.com/advisories/GHSA-x7q2-wr7g-xqmf
reference_id GHSA-x7q2-wr7g-xqmf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x7q2-wr7g-xqmf
40
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
41
reference_url https://access.redhat.com/errata/RHSA-2024:6428
reference_id RHSA-2024:6428
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6428
42
reference_url https://access.redhat.com/errata/RHSA-2024:8906
reference_id RHSA-2024:8906
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8906
43
reference_url https://access.redhat.com/errata/RHSA-2024:9481
reference_id RHSA-2024:9481
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9481
44
reference_url https://usn.ubuntu.com/6888-1/
reference_id USN-6888-1
reference_type
scores
url https://usn.ubuntu.com/6888-1/
45
reference_url https://usn.ubuntu.com/6888-2/
reference_id USN-6888-2
reference_type
scores
url https://usn.ubuntu.com/6888-2/
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-322v-ntsv-7uge
3
vulnerability VCID-3mfy-uj9u-d7de
4
vulnerability VCID-4cp2-k4mn-8ffj
5
vulnerability VCID-4kcg-gx5y-cuaw
6
vulnerability VCID-4tyd-97z5-z3ar
7
vulnerability VCID-4z4e-8ttu-tyd6
8
vulnerability VCID-51tx-4tp9-kbcz
9
vulnerability VCID-5q58-pzt4-8uey
10
vulnerability VCID-5xtt-au84-zbb2
11
vulnerability VCID-6jpg-yrf8-cufy
12
vulnerability VCID-7c5n-nzwk-v7bz
13
vulnerability VCID-9end-mq19-rke5
14
vulnerability VCID-9kvc-1bdz-n3bd
15
vulnerability VCID-9mpt-zxaw-kkeg
16
vulnerability VCID-attf-6gj8-ebaj
17
vulnerability VCID-au8h-vj9k-pufv
18
vulnerability VCID-bb8b-hq41-s7a6
19
vulnerability VCID-c3m7-fu62-2qd9
20
vulnerability VCID-c58g-7jpv-t7hc
21
vulnerability VCID-drwp-htkk-bkfh
22
vulnerability VCID-e12b-tw2c-53c9
23
vulnerability VCID-e8j6-mybr-17fh
24
vulnerability VCID-f1br-hvnm-wfdg
25
vulnerability VCID-f4a7-tcz5-byfj
26
vulnerability VCID-fcg9-xypn-ykhf
27
vulnerability VCID-fhp8-tck4-mye4
28
vulnerability VCID-fksk-pr23-2yd8
29
vulnerability VCID-fsaw-3ta1-x3dw
30
vulnerability VCID-g44a-m54u-97cr
31
vulnerability VCID-gfar-wbzc-3ubr
32
vulnerability VCID-hh9b-52xn-z7a9
33
vulnerability VCID-hpj4-a9fa-4bca
34
vulnerability VCID-j81e-su1y-tqa6
35
vulnerability VCID-jgv9-vdbm-sycd
36
vulnerability VCID-jybd-p65h-xffy
37
vulnerability VCID-kbab-v2gz-dfe6
38
vulnerability VCID-m1dr-sjmw-jfd2
39
vulnerability VCID-m33h-4p9q-63fb
40
vulnerability VCID-m4wa-xv9b-q7ce
41
vulnerability VCID-n2v7-jqjy-37bc
42
vulnerability VCID-n9vn-4uxr-hkau
43
vulnerability VCID-na9w-xkvx-cbhd
44
vulnerability VCID-nss9-1yrb-x7f2
45
vulnerability VCID-pa7y-gpwp-6qgj
46
vulnerability VCID-pgtx-cdua-kfb4
47
vulnerability VCID-q8r2-m9s6-rbek
48
vulnerability VCID-qgp1-4efd-6yg6
49
vulnerability VCID-qvfs-2v1h-p3h4
50
vulnerability VCID-qy1a-x3ff-4bc8
51
vulnerability VCID-s1rj-1xbw-fbg5
52
vulnerability VCID-shch-yusm-1uck
53
vulnerability VCID-shjc-2j68-2yfy
54
vulnerability VCID-t952-ghnf-jkby
55
vulnerability VCID-u9q1-63gf-7feh
56
vulnerability VCID-ud73-4t2c-n3at
57
vulnerability VCID-vdpf-jddk-syda
58
vulnerability VCID-vgq9-s6th-yufg
59
vulnerability VCID-wa3g-27sx-mbcw
60
vulnerability VCID-wch3-d92x-sudf
61
vulnerability VCID-whgc-pt2s-77ar
62
vulnerability VCID-wnxx-rc7w-cke4
63
vulnerability VCID-x61x-6b6k-h3bn
64
vulnerability VCID-xcmd-18ck-gqae
65
vulnerability VCID-ynt9-h6ww-h7e9
66
vulnerability VCID-yreb-z7nz-jkbs
67
vulnerability VCID-yuda-1mur-8bbq
68
vulnerability VCID-z4x1-e7tp-rqhz
69
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4cp2-k4mn-8ffj
3
vulnerability VCID-4kcg-gx5y-cuaw
4
vulnerability VCID-4tyd-97z5-z3ar
5
vulnerability VCID-4z4e-8ttu-tyd6
6
vulnerability VCID-51tx-4tp9-kbcz
7
vulnerability VCID-5q58-pzt4-8uey
8
vulnerability VCID-5xtt-au84-zbb2
9
vulnerability VCID-6jpg-yrf8-cufy
10
vulnerability VCID-9end-mq19-rke5
11
vulnerability VCID-9kvc-1bdz-n3bd
12
vulnerability VCID-9mpt-zxaw-kkeg
13
vulnerability VCID-attf-6gj8-ebaj
14
vulnerability VCID-au8h-vj9k-pufv
15
vulnerability VCID-bb8b-hq41-s7a6
16
vulnerability VCID-c3m7-fu62-2qd9
17
vulnerability VCID-drwp-htkk-bkfh
18
vulnerability VCID-e12b-tw2c-53c9
19
vulnerability VCID-e8j6-mybr-17fh
20
vulnerability VCID-f4a7-tcz5-byfj
21
vulnerability VCID-fcg9-xypn-ykhf
22
vulnerability VCID-fhp8-tck4-mye4
23
vulnerability VCID-fksk-pr23-2yd8
24
vulnerability VCID-fsaw-3ta1-x3dw
25
vulnerability VCID-g44a-m54u-97cr
26
vulnerability VCID-gfar-wbzc-3ubr
27
vulnerability VCID-hh9b-52xn-z7a9
28
vulnerability VCID-j81e-su1y-tqa6
29
vulnerability VCID-jgv9-vdbm-sycd
30
vulnerability VCID-jybd-p65h-xffy
31
vulnerability VCID-m1dr-sjmw-jfd2
32
vulnerability VCID-m33h-4p9q-63fb
33
vulnerability VCID-m4wa-xv9b-q7ce
34
vulnerability VCID-n2v7-jqjy-37bc
35
vulnerability VCID-n9vn-4uxr-hkau
36
vulnerability VCID-na9w-xkvx-cbhd
37
vulnerability VCID-nss9-1yrb-x7f2
38
vulnerability VCID-pa7y-gpwp-6qgj
39
vulnerability VCID-pgtx-cdua-kfb4
40
vulnerability VCID-q8r2-m9s6-rbek
41
vulnerability VCID-qgp1-4efd-6yg6
42
vulnerability VCID-qvfs-2v1h-p3h4
43
vulnerability VCID-qy1a-x3ff-4bc8
44
vulnerability VCID-s1rj-1xbw-fbg5
45
vulnerability VCID-shch-yusm-1uck
46
vulnerability VCID-shjc-2j68-2yfy
47
vulnerability VCID-u9q1-63gf-7feh
48
vulnerability VCID-ud73-4t2c-n3at
49
vulnerability VCID-vdpf-jddk-syda
50
vulnerability VCID-vgq9-s6th-yufg
51
vulnerability VCID-wa3g-27sx-mbcw
52
vulnerability VCID-whgc-pt2s-77ar
53
vulnerability VCID-wnxx-rc7w-cke4
54
vulnerability VCID-xcmd-18ck-gqae
55
vulnerability VCID-ynt9-h6ww-h7e9
56
vulnerability VCID-yreb-z7nz-jkbs
57
vulnerability VCID-yuda-1mur-8bbq
58
vulnerability VCID-z4x1-e7tp-rqhz
59
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
2
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-55xg-pw9n-zkdy
3
vulnerability VCID-9gq3-whr8-s7b8
4
vulnerability VCID-abpe-htm1-9ubp
5
vulnerability VCID-eqsc-axng-ckca
6
vulnerability VCID-fsz5-dkw2-hyap
7
vulnerability VCID-fxuu-kk52-r7ch
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-kxdd-yzp3-r7cb
11
vulnerability VCID-m4am-h2ea-3ffr
12
vulnerability VCID-phkp-9abp-f3dq
13
vulnerability VCID-rqqc-ta7c-ykgx
14
vulnerability VCID-tktt-vg92-6kae
15
vulnerability VCID-tuqc-c251-h7ds
16
vulnerability VCID-w777-44ns-cybg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
aliases BIT-django-2024-39329, CVE-2024-39329, GHSA-x7q2-wr7g-xqmf, PYSEC-2024-57
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vgq9-s6th-yufg
32
url VCID-wch3-d92x-sudf
vulnerability_id VCID-wch3-d92x-sudf
summary django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6188.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6188.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-6188
reference_id
reference_type
scores
0
value 0.00438
scoring_system epss
scoring_elements 0.63493
published_at 2026-06-09T12:55:00Z
1
value 0.00438
scoring_system epss
scoring_elements 0.63474
published_at 2026-06-08T12:55:00Z
2
value 0.00438
scoring_system epss
scoring_elements 0.63486
published_at 2026-06-07T12:55:00Z
3
value 0.00438
scoring_system epss
scoring_elements 0.63495
published_at 2026-06-06T12:55:00Z
4
value 0.00438
scoring_system epss
scoring_elements 0.63488
published_at 2026-06-05T12:55:00Z
5
value 0.00438
scoring_system epss
scoring_elements 0.63445
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-6188
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6188
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6188
3
reference_url https://github.com/advisories/GHSA-rf4j-j272-fj86
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-rf4j-j272-fj86
4
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
5
reference_url https://github.com/django/django/commit/57b95fedad5e0b83fc9c81466b7d1751c6427aae
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/57b95fedad5e0b83fc9c81466b7d1751c6427aae
6
reference_url https://github.com/django/django/commit/c37bb28677295f6edda61d8ac461014ef0d3aeb2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/c37bb28677295f6edda61d8ac461014ef0d3aeb2
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-4.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-4.yaml
8
reference_url https://usn.ubuntu.com/3559-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3559-1
9
reference_url https://usn.ubuntu.com/3559-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3559-1/
10
reference_url https://web.archive.org/web/20200517143909/http://www.securitytracker.com/id/1040422
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200517143909/http://www.securitytracker.com/id/1040422
11
reference_url https://www.djangoproject.com/weblog/2018/feb/01/security-releases
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2018/feb/01/security-releases
12
reference_url https://www.djangoproject.com/weblog/2018/feb/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2018/feb/01/security-releases/
13
reference_url http://www.securitytracker.com/id/1040422
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1040422
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1538793
reference_id 1538793
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1538793
15
reference_url https://security.archlinux.org/AVG-624
reference_id AVG-624
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-624
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-6188
reference_id CVE-2018-6188
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-6188
fixed_packages
0
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4cp2-k4mn-8ffj
3
vulnerability VCID-4kcg-gx5y-cuaw
4
vulnerability VCID-4tyd-97z5-z3ar
5
vulnerability VCID-4z4e-8ttu-tyd6
6
vulnerability VCID-51tx-4tp9-kbcz
7
vulnerability VCID-5q58-pzt4-8uey
8
vulnerability VCID-5xtt-au84-zbb2
9
vulnerability VCID-6jpg-yrf8-cufy
10
vulnerability VCID-9end-mq19-rke5
11
vulnerability VCID-9kvc-1bdz-n3bd
12
vulnerability VCID-9mpt-zxaw-kkeg
13
vulnerability VCID-attf-6gj8-ebaj
14
vulnerability VCID-au8h-vj9k-pufv
15
vulnerability VCID-bb8b-hq41-s7a6
16
vulnerability VCID-c3m7-fu62-2qd9
17
vulnerability VCID-drwp-htkk-bkfh
18
vulnerability VCID-e12b-tw2c-53c9
19
vulnerability VCID-e8j6-mybr-17fh
20
vulnerability VCID-f4a7-tcz5-byfj
21
vulnerability VCID-fcg9-xypn-ykhf
22
vulnerability VCID-fhp8-tck4-mye4
23
vulnerability VCID-fksk-pr23-2yd8
24
vulnerability VCID-fsaw-3ta1-x3dw
25
vulnerability VCID-g44a-m54u-97cr
26
vulnerability VCID-gfar-wbzc-3ubr
27
vulnerability VCID-hh9b-52xn-z7a9
28
vulnerability VCID-j81e-su1y-tqa6
29
vulnerability VCID-jgv9-vdbm-sycd
30
vulnerability VCID-jybd-p65h-xffy
31
vulnerability VCID-m1dr-sjmw-jfd2
32
vulnerability VCID-m33h-4p9q-63fb
33
vulnerability VCID-m4wa-xv9b-q7ce
34
vulnerability VCID-n2v7-jqjy-37bc
35
vulnerability VCID-n9vn-4uxr-hkau
36
vulnerability VCID-na9w-xkvx-cbhd
37
vulnerability VCID-nss9-1yrb-x7f2
38
vulnerability VCID-pa7y-gpwp-6qgj
39
vulnerability VCID-pgtx-cdua-kfb4
40
vulnerability VCID-q8r2-m9s6-rbek
41
vulnerability VCID-qgp1-4efd-6yg6
42
vulnerability VCID-qvfs-2v1h-p3h4
43
vulnerability VCID-qy1a-x3ff-4bc8
44
vulnerability VCID-s1rj-1xbw-fbg5
45
vulnerability VCID-shch-yusm-1uck
46
vulnerability VCID-shjc-2j68-2yfy
47
vulnerability VCID-u9q1-63gf-7feh
48
vulnerability VCID-ud73-4t2c-n3at
49
vulnerability VCID-vdpf-jddk-syda
50
vulnerability VCID-vgq9-s6th-yufg
51
vulnerability VCID-wa3g-27sx-mbcw
52
vulnerability VCID-whgc-pt2s-77ar
53
vulnerability VCID-wnxx-rc7w-cke4
54
vulnerability VCID-xcmd-18ck-gqae
55
vulnerability VCID-ynt9-h6ww-h7e9
56
vulnerability VCID-yreb-z7nz-jkbs
57
vulnerability VCID-yuda-1mur-8bbq
58
vulnerability VCID-z4x1-e7tp-rqhz
59
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
aliases CVE-2018-6188, GHSA-rf4j-j272-fj86, PYSEC-2018-4
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wch3-d92x-sudf
33
url VCID-whgc-pt2s-77ar
vulnerability_id VCID-whgc-pt2s-77ar
summary 
An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.
The methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank cyberstan for reporting this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64459.json
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64459.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-64459
reference_id
reference_type
scores
0
value 0.00296
scoring_system epss
scoring_elements 0.53234
published_at 2026-06-09T12:55:00Z
1
value 0.00296
scoring_system epss
scoring_elements 0.5321
published_at 2026-06-08T12:55:00Z
2
value 0.00296
scoring_system epss
scoring_elements 0.53236
published_at 2026-06-07T12:55:00Z
3
value 0.00296
scoring_system epss
scoring_elements 0.53254
published_at 2026-06-06T12:55:00Z
4
value 0.00296
scoring_system epss
scoring_elements 0.53246
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-64459
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
26
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-11-06T04:55:36Z/
url https://docs.djangoproject.com/en/dev/releases/security/
27
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
28
reference_url https://github.com/django/django/commit/06dd38324ac3d60d83d9f3adabf0dcdf423d2a85
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/06dd38324ac3d60d83d9f3adabf0dcdf423d2a85
29
reference_url https://github.com/django/django/commit/59ae82e67053d281ff4562a24bbba21299f0a7d4
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/59ae82e67053d281ff4562a24bbba21299f0a7d4
30
reference_url https://github.com/django/django/commit/6703f364d767e949c5b0e4016433ef75063b4f9b
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/6703f364d767e949c5b0e4016433ef75063b4f9b
31
reference_url https://github.com/django/django/commit/72d2c87431f2ae0431d65d0ec792047f078c8241
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/72d2c87431f2ae0431d65d0ec792047f078c8241
32
reference_url https://github.com/omarkurt/django-connector-CVE-2025-64459-testbed
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/omarkurt/django-connector-CVE-2025-64459-testbed
33
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-108.yaml
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-108.yaml
34
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-11-06T04:55:36Z/
url https://groups.google.com/g/django-announce
35
reference_url https://shivasurya.me/security/django/2025/11/07/django-sql-injection-CVE-2025-64459.html
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://shivasurya.me/security/django/2025/11/07/django-sql-injection-CVE-2025-64459.html
36
reference_url https://www.djangoproject.com/weblog/2025/nov/05/security-releases
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2025/nov/05/security-releases
37
reference_url https://www.djangoproject.com/weblog/2025/nov/05/security-releases/
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-11-06T04:55:36Z/
url https://www.djangoproject.com/weblog/2025/nov/05/security-releases/
38
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120139
reference_id 1120139
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120139
39
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2412651
reference_id 2412651
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2412651
40
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52456.py
reference_id CVE-2025-64459
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52456.py
41
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-64459
reference_id CVE-2025-64459
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-64459
42
reference_url https://github.com/advisories/GHSA-frmv-pr5f-9mcr
reference_id GHSA-frmv-pr5f-9mcr
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-frmv-pr5f-9mcr
43
reference_url https://access.redhat.com/errata/RHSA-2025:23069
reference_id RHSA-2025:23069
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23069
44
reference_url https://access.redhat.com/errata/RHSA-2025:23070
reference_id RHSA-2025:23070
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23070
45
reference_url https://access.redhat.com/errata/RHSA-2025:23130
reference_id RHSA-2025:23130
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23130
46
reference_url https://access.redhat.com/errata/RHSA-2025:23131
reference_id RHSA-2025:23131
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23131
47
reference_url https://access.redhat.com/errata/RHSA-2025:23133
reference_id RHSA-2025:23133
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23133
48
reference_url https://access.redhat.com/errata/RHSA-2025:23196
reference_id RHSA-2025:23196
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23196
49
reference_url https://access.redhat.com/errata/RHSA-2026:1596
reference_id RHSA-2026:1596
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1596
50
reference_url https://usn.ubuntu.com/7859-1/
reference_id USN-7859-1
reference_type
scores
url https://usn.ubuntu.com/7859-1/
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-322v-ntsv-7uge
3
vulnerability VCID-3mfy-uj9u-d7de
4
vulnerability VCID-4cp2-k4mn-8ffj
5
vulnerability VCID-4kcg-gx5y-cuaw
6
vulnerability VCID-4tyd-97z5-z3ar
7
vulnerability VCID-4z4e-8ttu-tyd6
8
vulnerability VCID-51tx-4tp9-kbcz
9
vulnerability VCID-5q58-pzt4-8uey
10
vulnerability VCID-5xtt-au84-zbb2
11
vulnerability VCID-6jpg-yrf8-cufy
12
vulnerability VCID-7c5n-nzwk-v7bz
13
vulnerability VCID-9end-mq19-rke5
14
vulnerability VCID-9kvc-1bdz-n3bd
15
vulnerability VCID-9mpt-zxaw-kkeg
16
vulnerability VCID-attf-6gj8-ebaj
17
vulnerability VCID-au8h-vj9k-pufv
18
vulnerability VCID-bb8b-hq41-s7a6
19
vulnerability VCID-c3m7-fu62-2qd9
20
vulnerability VCID-c58g-7jpv-t7hc
21
vulnerability VCID-drwp-htkk-bkfh
22
vulnerability VCID-e12b-tw2c-53c9
23
vulnerability VCID-e8j6-mybr-17fh
24
vulnerability VCID-f1br-hvnm-wfdg
25
vulnerability VCID-f4a7-tcz5-byfj
26
vulnerability VCID-fcg9-xypn-ykhf
27
vulnerability VCID-fhp8-tck4-mye4
28
vulnerability VCID-fksk-pr23-2yd8
29
vulnerability VCID-fsaw-3ta1-x3dw
30
vulnerability VCID-g44a-m54u-97cr
31
vulnerability VCID-gfar-wbzc-3ubr
32
vulnerability VCID-hh9b-52xn-z7a9
33
vulnerability VCID-hpj4-a9fa-4bca
34
vulnerability VCID-j81e-su1y-tqa6
35
vulnerability VCID-jgv9-vdbm-sycd
36
vulnerability VCID-jybd-p65h-xffy
37
vulnerability VCID-kbab-v2gz-dfe6
38
vulnerability VCID-m1dr-sjmw-jfd2
39
vulnerability VCID-m33h-4p9q-63fb
40
vulnerability VCID-m4wa-xv9b-q7ce
41
vulnerability VCID-n2v7-jqjy-37bc
42
vulnerability VCID-n9vn-4uxr-hkau
43
vulnerability VCID-na9w-xkvx-cbhd
44
vulnerability VCID-nss9-1yrb-x7f2
45
vulnerability VCID-pa7y-gpwp-6qgj
46
vulnerability VCID-pgtx-cdua-kfb4
47
vulnerability VCID-q8r2-m9s6-rbek
48
vulnerability VCID-qgp1-4efd-6yg6
49
vulnerability VCID-qvfs-2v1h-p3h4
50
vulnerability VCID-qy1a-x3ff-4bc8
51
vulnerability VCID-s1rj-1xbw-fbg5
52
vulnerability VCID-shch-yusm-1uck
53
vulnerability VCID-shjc-2j68-2yfy
54
vulnerability VCID-t952-ghnf-jkby
55
vulnerability VCID-u9q1-63gf-7feh
56
vulnerability VCID-ud73-4t2c-n3at
57
vulnerability VCID-vdpf-jddk-syda
58
vulnerability VCID-vgq9-s6th-yufg
59
vulnerability VCID-wa3g-27sx-mbcw
60
vulnerability VCID-wch3-d92x-sudf
61
vulnerability VCID-whgc-pt2s-77ar
62
vulnerability VCID-wnxx-rc7w-cke4
63
vulnerability VCID-x61x-6b6k-h3bn
64
vulnerability VCID-xcmd-18ck-gqae
65
vulnerability VCID-ynt9-h6ww-h7e9
66
vulnerability VCID-yreb-z7nz-jkbs
67
vulnerability VCID-yuda-1mur-8bbq
68
vulnerability VCID-z4x1-e7tp-rqhz
69
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4cp2-k4mn-8ffj
3
vulnerability VCID-4kcg-gx5y-cuaw
4
vulnerability VCID-4tyd-97z5-z3ar
5
vulnerability VCID-4z4e-8ttu-tyd6
6
vulnerability VCID-51tx-4tp9-kbcz
7
vulnerability VCID-5q58-pzt4-8uey
8
vulnerability VCID-5xtt-au84-zbb2
9
vulnerability VCID-6jpg-yrf8-cufy
10
vulnerability VCID-9end-mq19-rke5
11
vulnerability VCID-9kvc-1bdz-n3bd
12
vulnerability VCID-9mpt-zxaw-kkeg
13
vulnerability VCID-attf-6gj8-ebaj
14
vulnerability VCID-au8h-vj9k-pufv
15
vulnerability VCID-bb8b-hq41-s7a6
16
vulnerability VCID-c3m7-fu62-2qd9
17
vulnerability VCID-drwp-htkk-bkfh
18
vulnerability VCID-e12b-tw2c-53c9
19
vulnerability VCID-e8j6-mybr-17fh
20
vulnerability VCID-f4a7-tcz5-byfj
21
vulnerability VCID-fcg9-xypn-ykhf
22
vulnerability VCID-fhp8-tck4-mye4
23
vulnerability VCID-fksk-pr23-2yd8
24
vulnerability VCID-fsaw-3ta1-x3dw
25
vulnerability VCID-g44a-m54u-97cr
26
vulnerability VCID-gfar-wbzc-3ubr
27
vulnerability VCID-hh9b-52xn-z7a9
28
vulnerability VCID-j81e-su1y-tqa6
29
vulnerability VCID-jgv9-vdbm-sycd
30
vulnerability VCID-jybd-p65h-xffy
31
vulnerability VCID-m1dr-sjmw-jfd2
32
vulnerability VCID-m33h-4p9q-63fb
33
vulnerability VCID-m4wa-xv9b-q7ce
34
vulnerability VCID-n2v7-jqjy-37bc
35
vulnerability VCID-n9vn-4uxr-hkau
36
vulnerability VCID-na9w-xkvx-cbhd
37
vulnerability VCID-nss9-1yrb-x7f2
38
vulnerability VCID-pa7y-gpwp-6qgj
39
vulnerability VCID-pgtx-cdua-kfb4
40
vulnerability VCID-q8r2-m9s6-rbek
41
vulnerability VCID-qgp1-4efd-6yg6
42
vulnerability VCID-qvfs-2v1h-p3h4
43
vulnerability VCID-qy1a-x3ff-4bc8
44
vulnerability VCID-s1rj-1xbw-fbg5
45
vulnerability VCID-shch-yusm-1uck
46
vulnerability VCID-shjc-2j68-2yfy
47
vulnerability VCID-u9q1-63gf-7feh
48
vulnerability VCID-ud73-4t2c-n3at
49
vulnerability VCID-vdpf-jddk-syda
50
vulnerability VCID-vgq9-s6th-yufg
51
vulnerability VCID-wa3g-27sx-mbcw
52
vulnerability VCID-whgc-pt2s-77ar
53
vulnerability VCID-wnxx-rc7w-cke4
54
vulnerability VCID-xcmd-18ck-gqae
55
vulnerability VCID-ynt9-h6ww-h7e9
56
vulnerability VCID-yreb-z7nz-jkbs
57
vulnerability VCID-yuda-1mur-8bbq
58
vulnerability VCID-z4x1-e7tp-rqhz
59
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
2
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-55xg-pw9n-zkdy
3
vulnerability VCID-9gq3-whr8-s7b8
4
vulnerability VCID-abpe-htm1-9ubp
5
vulnerability VCID-eqsc-axng-ckca
6
vulnerability VCID-fsz5-dkw2-hyap
7
vulnerability VCID-fxuu-kk52-r7ch
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-kxdd-yzp3-r7cb
11
vulnerability VCID-m4am-h2ea-3ffr
12
vulnerability VCID-phkp-9abp-f3dq
13
vulnerability VCID-rqqc-ta7c-ykgx
14
vulnerability VCID-tktt-vg92-6kae
15
vulnerability VCID-tuqc-c251-h7ds
16
vulnerability VCID-w777-44ns-cybg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
aliases BIT-django-2025-64459, CVE-2025-64459, GHSA-frmv-pr5f-9mcr, PYSEC-2025-108
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-whgc-pt2s-77ar
34
url VCID-x61x-6b6k-h3bn
vulnerability_id VCID-x61x-6b6k-h3bn
summary An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2927
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2927
1
reference_url https://access.redhat.com/errata/RHSA-2019:0265
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0265
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7537.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7537.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-7537
reference_id
reference_type
scores
0
value 0.03173
scoring_system epss
scoring_elements 0.872
published_at 2026-06-07T12:55:00Z
1
value 0.03173
scoring_system epss
scoring_elements 0.87208
published_at 2026-06-09T12:55:00Z
2
value 0.03173
scoring_system epss
scoring_elements 0.87196
published_at 2026-06-08T12:55:00Z
3
value 0.03173
scoring_system epss
scoring_elements 0.87182
published_at 2026-06-04T12:55:00Z
4
value 0.03173
scoring_system epss
scoring_elements 0.87203
published_at 2026-06-06T12:55:00Z
5
value 0.03173
scoring_system epss
scoring_elements 0.87205
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-7537
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7536
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7536
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7537
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7537
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/advisories/GHSA-2f9x-5v75-3qv4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
3
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-2f9x-5v75-3qv4
8
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
9
reference_url https://github.com/django/django/commit/94c5da1d17a6b0d378866c66b605102c19f7988c
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/94c5da1d17a6b0d378866c66b605102c19f7988c
10
reference_url https://github.com/django/django/commit/a91436360b79a6ff995c3e5018bcc666dfaf1539
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/a91436360b79a6ff995c3e5018bcc666dfaf1539
11
reference_url https://github.com/django/django/commit/d17974a287a6ea2e361daff88fcc004cbd6835fa
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/d17974a287a6ea2e361daff88fcc004cbd6835fa
12
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-6.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-6.yaml
13
reference_url https://lists.debian.org/debian-lts-announce/2018/03/msg00006.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/03/msg00006.html
14
reference_url https://usn.ubuntu.com/3591-1
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3591-1
15
reference_url https://usn.ubuntu.com/3591-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3591-1/
16
reference_url https://www.debian.org/security/2018/dsa-4161
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2018/dsa-4161
17
reference_url https://www.djangoproject.com/weblog/2018/mar/06/security-releases
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2018/mar/06/security-releases
18
reference_url https://www.djangoproject.com/weblog/2018/mar/06/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2018/mar/06/security-releases/
19
reference_url http://www.securityfocus.com/bid/103357
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/103357
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1549779
reference_id 1549779
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1549779
21
reference_url https://security.archlinux.org/ASA-201803-5
reference_id ASA-201803-5
reference_type
scores
url https://security.archlinux.org/ASA-201803-5
22
reference_url https://security.archlinux.org/AVG-649
reference_id AVG-649
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-649
23
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-7537
reference_id CVE-2018-7537
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-7537
fixed_packages
0
url pkg:deb/debian/python-django@1.7.11-1%2Bdeb8u3
purl pkg:deb/debian/python-django@1.7.11-1%2Bdeb8u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-2yaw-hhv6-fygg
3
vulnerability VCID-322v-ntsv-7uge
4
vulnerability VCID-3kza-a88p-kfg7
5
vulnerability VCID-3mfy-uj9u-d7de
6
vulnerability VCID-4cp2-k4mn-8ffj
7
vulnerability VCID-4kcg-gx5y-cuaw
8
vulnerability VCID-4tyd-97z5-z3ar
9
vulnerability VCID-4z4e-8ttu-tyd6
10
vulnerability VCID-51tx-4tp9-kbcz
11
vulnerability VCID-5q58-pzt4-8uey
12
vulnerability VCID-5xtt-au84-zbb2
13
vulnerability VCID-6jpg-yrf8-cufy
14
vulnerability VCID-6wah-r8vr-5qc4
15
vulnerability VCID-7c5n-nzwk-v7bz
16
vulnerability VCID-8gus-er59-1qak
17
vulnerability VCID-9end-mq19-rke5
18
vulnerability VCID-9kvc-1bdz-n3bd
19
vulnerability VCID-9mpt-zxaw-kkeg
20
vulnerability VCID-attf-6gj8-ebaj
21
vulnerability VCID-au8h-vj9k-pufv
22
vulnerability VCID-bb8b-hq41-s7a6
23
vulnerability VCID-c3m7-fu62-2qd9
24
vulnerability VCID-c58g-7jpv-t7hc
25
vulnerability VCID-drwp-htkk-bkfh
26
vulnerability VCID-e12b-tw2c-53c9
27
vulnerability VCID-e8j6-mybr-17fh
28
vulnerability VCID-f1br-hvnm-wfdg
29
vulnerability VCID-f4a7-tcz5-byfj
30
vulnerability VCID-fcg9-xypn-ykhf
31
vulnerability VCID-fhp8-tck4-mye4
32
vulnerability VCID-fksk-pr23-2yd8
33
vulnerability VCID-fsaw-3ta1-x3dw
34
vulnerability VCID-g44a-m54u-97cr
35
vulnerability VCID-gfar-wbzc-3ubr
36
vulnerability VCID-hh9b-52xn-z7a9
37
vulnerability VCID-hpj4-a9fa-4bca
38
vulnerability VCID-j81e-su1y-tqa6
39
vulnerability VCID-jgv9-vdbm-sycd
40
vulnerability VCID-jybd-p65h-xffy
41
vulnerability VCID-kbab-v2gz-dfe6
42
vulnerability VCID-ksh8-pazn-dbca
43
vulnerability VCID-m1dr-sjmw-jfd2
44
vulnerability VCID-m33h-4p9q-63fb
45
vulnerability VCID-m4wa-xv9b-q7ce
46
vulnerability VCID-n2v7-jqjy-37bc
47
vulnerability VCID-n9vn-4uxr-hkau
48
vulnerability VCID-na9w-xkvx-cbhd
49
vulnerability VCID-nss9-1yrb-x7f2
50
vulnerability VCID-pa7y-gpwp-6qgj
51
vulnerability VCID-pgtx-cdua-kfb4
52
vulnerability VCID-q8r2-m9s6-rbek
53
vulnerability VCID-qgp1-4efd-6yg6
54
vulnerability VCID-qvfs-2v1h-p3h4
55
vulnerability VCID-qy1a-x3ff-4bc8
56
vulnerability VCID-qy2a-mvpz-q7eh
57
vulnerability VCID-rruq-9scz-vbg8
58
vulnerability VCID-rxxr-sseq-k7a9
59
vulnerability VCID-s1rj-1xbw-fbg5
60
vulnerability VCID-shch-yusm-1uck
61
vulnerability VCID-shjc-2j68-2yfy
62
vulnerability VCID-t952-ghnf-jkby
63
vulnerability VCID-u9q1-63gf-7feh
64
vulnerability VCID-ud73-4t2c-n3at
65
vulnerability VCID-upbz-vg19-rugv
66
vulnerability VCID-vdpf-jddk-syda
67
vulnerability VCID-vgq9-s6th-yufg
68
vulnerability VCID-wa3g-27sx-mbcw
69
vulnerability VCID-wch3-d92x-sudf
70
vulnerability VCID-weqb-fxu4-17e7
71
vulnerability VCID-whgc-pt2s-77ar
72
vulnerability VCID-wnxx-rc7w-cke4
73
vulnerability VCID-x61x-6b6k-h3bn
74
vulnerability VCID-xcmd-18ck-gqae
75
vulnerability VCID-ynt9-h6ww-h7e9
76
vulnerability VCID-yreb-z7nz-jkbs
77
vulnerability VCID-yuda-1mur-8bbq
78
vulnerability VCID-z4x1-e7tp-rqhz
79
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1.7.11-1%252Bdeb8u3
1
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-322v-ntsv-7uge
3
vulnerability VCID-3mfy-uj9u-d7de
4
vulnerability VCID-4cp2-k4mn-8ffj
5
vulnerability VCID-4kcg-gx5y-cuaw
6
vulnerability VCID-4tyd-97z5-z3ar
7
vulnerability VCID-4z4e-8ttu-tyd6
8
vulnerability VCID-51tx-4tp9-kbcz
9
vulnerability VCID-5q58-pzt4-8uey
10
vulnerability VCID-5xtt-au84-zbb2
11
vulnerability VCID-6jpg-yrf8-cufy
12
vulnerability VCID-7c5n-nzwk-v7bz
13
vulnerability VCID-9end-mq19-rke5
14
vulnerability VCID-9kvc-1bdz-n3bd
15
vulnerability VCID-9mpt-zxaw-kkeg
16
vulnerability VCID-attf-6gj8-ebaj
17
vulnerability VCID-au8h-vj9k-pufv
18
vulnerability VCID-bb8b-hq41-s7a6
19
vulnerability VCID-c3m7-fu62-2qd9
20
vulnerability VCID-c58g-7jpv-t7hc
21
vulnerability VCID-drwp-htkk-bkfh
22
vulnerability VCID-e12b-tw2c-53c9
23
vulnerability VCID-e8j6-mybr-17fh
24
vulnerability VCID-f1br-hvnm-wfdg
25
vulnerability VCID-f4a7-tcz5-byfj
26
vulnerability VCID-fcg9-xypn-ykhf
27
vulnerability VCID-fhp8-tck4-mye4
28
vulnerability VCID-fksk-pr23-2yd8
29
vulnerability VCID-fsaw-3ta1-x3dw
30
vulnerability VCID-g44a-m54u-97cr
31
vulnerability VCID-gfar-wbzc-3ubr
32
vulnerability VCID-hh9b-52xn-z7a9
33
vulnerability VCID-hpj4-a9fa-4bca
34
vulnerability VCID-j81e-su1y-tqa6
35
vulnerability VCID-jgv9-vdbm-sycd
36
vulnerability VCID-jybd-p65h-xffy
37
vulnerability VCID-kbab-v2gz-dfe6
38
vulnerability VCID-m1dr-sjmw-jfd2
39
vulnerability VCID-m33h-4p9q-63fb
40
vulnerability VCID-m4wa-xv9b-q7ce
41
vulnerability VCID-n2v7-jqjy-37bc
42
vulnerability VCID-n9vn-4uxr-hkau
43
vulnerability VCID-na9w-xkvx-cbhd
44
vulnerability VCID-nss9-1yrb-x7f2
45
vulnerability VCID-pa7y-gpwp-6qgj
46
vulnerability VCID-pgtx-cdua-kfb4
47
vulnerability VCID-q8r2-m9s6-rbek
48
vulnerability VCID-qgp1-4efd-6yg6
49
vulnerability VCID-qvfs-2v1h-p3h4
50
vulnerability VCID-qy1a-x3ff-4bc8
51
vulnerability VCID-s1rj-1xbw-fbg5
52
vulnerability VCID-shch-yusm-1uck
53
vulnerability VCID-shjc-2j68-2yfy
54
vulnerability VCID-t952-ghnf-jkby
55
vulnerability VCID-u9q1-63gf-7feh
56
vulnerability VCID-ud73-4t2c-n3at
57
vulnerability VCID-vdpf-jddk-syda
58
vulnerability VCID-vgq9-s6th-yufg
59
vulnerability VCID-wa3g-27sx-mbcw
60
vulnerability VCID-wch3-d92x-sudf
61
vulnerability VCID-whgc-pt2s-77ar
62
vulnerability VCID-wnxx-rc7w-cke4
63
vulnerability VCID-x61x-6b6k-h3bn
64
vulnerability VCID-xcmd-18ck-gqae
65
vulnerability VCID-ynt9-h6ww-h7e9
66
vulnerability VCID-yreb-z7nz-jkbs
67
vulnerability VCID-yuda-1mur-8bbq
68
vulnerability VCID-z4x1-e7tp-rqhz
69
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
2
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4cp2-k4mn-8ffj
3
vulnerability VCID-4kcg-gx5y-cuaw
4
vulnerability VCID-4tyd-97z5-z3ar
5
vulnerability VCID-4z4e-8ttu-tyd6
6
vulnerability VCID-51tx-4tp9-kbcz
7
vulnerability VCID-5q58-pzt4-8uey
8
vulnerability VCID-5xtt-au84-zbb2
9
vulnerability VCID-6jpg-yrf8-cufy
10
vulnerability VCID-9end-mq19-rke5
11
vulnerability VCID-9kvc-1bdz-n3bd
12
vulnerability VCID-9mpt-zxaw-kkeg
13
vulnerability VCID-attf-6gj8-ebaj
14
vulnerability VCID-au8h-vj9k-pufv
15
vulnerability VCID-bb8b-hq41-s7a6
16
vulnerability VCID-c3m7-fu62-2qd9
17
vulnerability VCID-drwp-htkk-bkfh
18
vulnerability VCID-e12b-tw2c-53c9
19
vulnerability VCID-e8j6-mybr-17fh
20
vulnerability VCID-f4a7-tcz5-byfj
21
vulnerability VCID-fcg9-xypn-ykhf
22
vulnerability VCID-fhp8-tck4-mye4
23
vulnerability VCID-fksk-pr23-2yd8
24
vulnerability VCID-fsaw-3ta1-x3dw
25
vulnerability VCID-g44a-m54u-97cr
26
vulnerability VCID-gfar-wbzc-3ubr
27
vulnerability VCID-hh9b-52xn-z7a9
28
vulnerability VCID-j81e-su1y-tqa6
29
vulnerability VCID-jgv9-vdbm-sycd
30
vulnerability VCID-jybd-p65h-xffy
31
vulnerability VCID-m1dr-sjmw-jfd2
32
vulnerability VCID-m33h-4p9q-63fb
33
vulnerability VCID-m4wa-xv9b-q7ce
34
vulnerability VCID-n2v7-jqjy-37bc
35
vulnerability VCID-n9vn-4uxr-hkau
36
vulnerability VCID-na9w-xkvx-cbhd
37
vulnerability VCID-nss9-1yrb-x7f2
38
vulnerability VCID-pa7y-gpwp-6qgj
39
vulnerability VCID-pgtx-cdua-kfb4
40
vulnerability VCID-q8r2-m9s6-rbek
41
vulnerability VCID-qgp1-4efd-6yg6
42
vulnerability VCID-qvfs-2v1h-p3h4
43
vulnerability VCID-qy1a-x3ff-4bc8
44
vulnerability VCID-s1rj-1xbw-fbg5
45
vulnerability VCID-shch-yusm-1uck
46
vulnerability VCID-shjc-2j68-2yfy
47
vulnerability VCID-u9q1-63gf-7feh
48
vulnerability VCID-ud73-4t2c-n3at
49
vulnerability VCID-vdpf-jddk-syda
50
vulnerability VCID-vgq9-s6th-yufg
51
vulnerability VCID-wa3g-27sx-mbcw
52
vulnerability VCID-whgc-pt2s-77ar
53
vulnerability VCID-wnxx-rc7w-cke4
54
vulnerability VCID-xcmd-18ck-gqae
55
vulnerability VCID-ynt9-h6ww-h7e9
56
vulnerability VCID-yreb-z7nz-jkbs
57
vulnerability VCID-yuda-1mur-8bbq
58
vulnerability VCID-z4x1-e7tp-rqhz
59
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
aliases CVE-2018-7537, GHSA-2f9x-5v75-3qv4, PYSEC-2018-6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x61x-6b6k-h3bn
35
url VCID-xcmd-18ck-gqae
vulnerability_id VCID-xcmd-18ck-gqae
summary An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42005.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42005.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-42005
reference_id
reference_type
scores
0
value 0.00328
scoring_system epss
scoring_elements 0.56128
published_at 2026-06-09T12:55:00Z
1
value 0.00328
scoring_system epss
scoring_elements 0.56109
published_at 2026-06-08T12:55:00Z
2
value 0.00328
scoring_system epss
scoring_elements 0.56126
published_at 2026-06-07T12:55:00Z
3
value 0.00328
scoring_system epss
scoring_elements 0.56132
published_at 2026-06-05T12:55:00Z
4
value 0.00328
scoring_system epss
scoring_elements 0.56138
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-42005
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
26
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-16T20:19:17Z/
url https://docs.djangoproject.com/en/dev/releases/security/
27
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
28
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
29
reference_url https://github.com/django/django/commit/32ebcbf2e1fe3e5ba79a6554a167efce81f7422d
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/32ebcbf2e1fe3e5ba79a6554a167efce81f7422d
30
reference_url https://github.com/django/django/commit/f4af67b9b41e0f4c117a8741da3abbd1c869ab28
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/f4af67b9b41e0f4c117a8741da3abbd1c869ab28
31
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-70.yaml
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-70.yaml
32
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-16T20:19:17Z/
url https://groups.google.com/forum/#%21forum/django-announce
33
reference_url https://security.netapp.com/advisory/ntap-20240905-0007
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240905-0007
34
reference_url https://www.djangoproject.com/weblog/2024/aug/06/security-releases
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2024/aug/06/security-releases
35
reference_url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-16T20:19:17Z/
url https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
36
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074
reference_id 1078074
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078074
37
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2302436
reference_id 2302436
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2302436
38
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-42005
reference_id CVE-2024-42005
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-42005
39
reference_url https://github.com/advisories/GHSA-pv4p-cwwg-4rph
reference_id GHSA-pv4p-cwwg-4rph
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pv4p-cwwg-4rph
40
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
41
reference_url https://access.redhat.com/errata/RHSA-2024:6428
reference_id RHSA-2024:6428
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6428
42
reference_url https://access.redhat.com/errata/RHSA-2024:8906
reference_id RHSA-2024:8906
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8906
43
reference_url https://access.redhat.com/errata/RHSA-2025:1335
reference_id RHSA-2025:1335
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1335
44
reference_url https://usn.ubuntu.com/6946-1/
reference_id USN-6946-1
reference_type
scores
url https://usn.ubuntu.com/6946-1/
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-322v-ntsv-7uge
3
vulnerability VCID-3mfy-uj9u-d7de
4
vulnerability VCID-4cp2-k4mn-8ffj
5
vulnerability VCID-4kcg-gx5y-cuaw
6
vulnerability VCID-4tyd-97z5-z3ar
7
vulnerability VCID-4z4e-8ttu-tyd6
8
vulnerability VCID-51tx-4tp9-kbcz
9
vulnerability VCID-5q58-pzt4-8uey
10
vulnerability VCID-5xtt-au84-zbb2
11
vulnerability VCID-6jpg-yrf8-cufy
12
vulnerability VCID-7c5n-nzwk-v7bz
13
vulnerability VCID-9end-mq19-rke5
14
vulnerability VCID-9kvc-1bdz-n3bd
15
vulnerability VCID-9mpt-zxaw-kkeg
16
vulnerability VCID-attf-6gj8-ebaj
17
vulnerability VCID-au8h-vj9k-pufv
18
vulnerability VCID-bb8b-hq41-s7a6
19
vulnerability VCID-c3m7-fu62-2qd9
20
vulnerability VCID-c58g-7jpv-t7hc
21
vulnerability VCID-drwp-htkk-bkfh
22
vulnerability VCID-e12b-tw2c-53c9
23
vulnerability VCID-e8j6-mybr-17fh
24
vulnerability VCID-f1br-hvnm-wfdg
25
vulnerability VCID-f4a7-tcz5-byfj
26
vulnerability VCID-fcg9-xypn-ykhf
27
vulnerability VCID-fhp8-tck4-mye4
28
vulnerability VCID-fksk-pr23-2yd8
29
vulnerability VCID-fsaw-3ta1-x3dw
30
vulnerability VCID-g44a-m54u-97cr
31
vulnerability VCID-gfar-wbzc-3ubr
32
vulnerability VCID-hh9b-52xn-z7a9
33
vulnerability VCID-hpj4-a9fa-4bca
34
vulnerability VCID-j81e-su1y-tqa6
35
vulnerability VCID-jgv9-vdbm-sycd
36
vulnerability VCID-jybd-p65h-xffy
37
vulnerability VCID-kbab-v2gz-dfe6
38
vulnerability VCID-m1dr-sjmw-jfd2
39
vulnerability VCID-m33h-4p9q-63fb
40
vulnerability VCID-m4wa-xv9b-q7ce
41
vulnerability VCID-n2v7-jqjy-37bc
42
vulnerability VCID-n9vn-4uxr-hkau
43
vulnerability VCID-na9w-xkvx-cbhd
44
vulnerability VCID-nss9-1yrb-x7f2
45
vulnerability VCID-pa7y-gpwp-6qgj
46
vulnerability VCID-pgtx-cdua-kfb4
47
vulnerability VCID-q8r2-m9s6-rbek
48
vulnerability VCID-qgp1-4efd-6yg6
49
vulnerability VCID-qvfs-2v1h-p3h4
50
vulnerability VCID-qy1a-x3ff-4bc8
51
vulnerability VCID-s1rj-1xbw-fbg5
52
vulnerability VCID-shch-yusm-1uck
53
vulnerability VCID-shjc-2j68-2yfy
54
vulnerability VCID-t952-ghnf-jkby
55
vulnerability VCID-u9q1-63gf-7feh
56
vulnerability VCID-ud73-4t2c-n3at
57
vulnerability VCID-vdpf-jddk-syda
58
vulnerability VCID-vgq9-s6th-yufg
59
vulnerability VCID-wa3g-27sx-mbcw
60
vulnerability VCID-wch3-d92x-sudf
61
vulnerability VCID-whgc-pt2s-77ar
62
vulnerability VCID-wnxx-rc7w-cke4
63
vulnerability VCID-x61x-6b6k-h3bn
64
vulnerability VCID-xcmd-18ck-gqae
65
vulnerability VCID-ynt9-h6ww-h7e9
66
vulnerability VCID-yreb-z7nz-jkbs
67
vulnerability VCID-yuda-1mur-8bbq
68
vulnerability VCID-z4x1-e7tp-rqhz
69
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4cp2-k4mn-8ffj
3
vulnerability VCID-4kcg-gx5y-cuaw
4
vulnerability VCID-4tyd-97z5-z3ar
5
vulnerability VCID-4z4e-8ttu-tyd6
6
vulnerability VCID-51tx-4tp9-kbcz
7
vulnerability VCID-5q58-pzt4-8uey
8
vulnerability VCID-5xtt-au84-zbb2
9
vulnerability VCID-6jpg-yrf8-cufy
10
vulnerability VCID-9end-mq19-rke5
11
vulnerability VCID-9kvc-1bdz-n3bd
12
vulnerability VCID-9mpt-zxaw-kkeg
13
vulnerability VCID-attf-6gj8-ebaj
14
vulnerability VCID-au8h-vj9k-pufv
15
vulnerability VCID-bb8b-hq41-s7a6
16
vulnerability VCID-c3m7-fu62-2qd9
17
vulnerability VCID-drwp-htkk-bkfh
18
vulnerability VCID-e12b-tw2c-53c9
19
vulnerability VCID-e8j6-mybr-17fh
20
vulnerability VCID-f4a7-tcz5-byfj
21
vulnerability VCID-fcg9-xypn-ykhf
22
vulnerability VCID-fhp8-tck4-mye4
23
vulnerability VCID-fksk-pr23-2yd8
24
vulnerability VCID-fsaw-3ta1-x3dw
25
vulnerability VCID-g44a-m54u-97cr
26
vulnerability VCID-gfar-wbzc-3ubr
27
vulnerability VCID-hh9b-52xn-z7a9
28
vulnerability VCID-j81e-su1y-tqa6
29
vulnerability VCID-jgv9-vdbm-sycd
30
vulnerability VCID-jybd-p65h-xffy
31
vulnerability VCID-m1dr-sjmw-jfd2
32
vulnerability VCID-m33h-4p9q-63fb
33
vulnerability VCID-m4wa-xv9b-q7ce
34
vulnerability VCID-n2v7-jqjy-37bc
35
vulnerability VCID-n9vn-4uxr-hkau
36
vulnerability VCID-na9w-xkvx-cbhd
37
vulnerability VCID-nss9-1yrb-x7f2
38
vulnerability VCID-pa7y-gpwp-6qgj
39
vulnerability VCID-pgtx-cdua-kfb4
40
vulnerability VCID-q8r2-m9s6-rbek
41
vulnerability VCID-qgp1-4efd-6yg6
42
vulnerability VCID-qvfs-2v1h-p3h4
43
vulnerability VCID-qy1a-x3ff-4bc8
44
vulnerability VCID-s1rj-1xbw-fbg5
45
vulnerability VCID-shch-yusm-1uck
46
vulnerability VCID-shjc-2j68-2yfy
47
vulnerability VCID-u9q1-63gf-7feh
48
vulnerability VCID-ud73-4t2c-n3at
49
vulnerability VCID-vdpf-jddk-syda
50
vulnerability VCID-vgq9-s6th-yufg
51
vulnerability VCID-wa3g-27sx-mbcw
52
vulnerability VCID-whgc-pt2s-77ar
53
vulnerability VCID-wnxx-rc7w-cke4
54
vulnerability VCID-xcmd-18ck-gqae
55
vulnerability VCID-ynt9-h6ww-h7e9
56
vulnerability VCID-yreb-z7nz-jkbs
57
vulnerability VCID-yuda-1mur-8bbq
58
vulnerability VCID-z4x1-e7tp-rqhz
59
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
2
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-55xg-pw9n-zkdy
3
vulnerability VCID-9gq3-whr8-s7b8
4
vulnerability VCID-abpe-htm1-9ubp
5
vulnerability VCID-eqsc-axng-ckca
6
vulnerability VCID-fsz5-dkw2-hyap
7
vulnerability VCID-fxuu-kk52-r7ch
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-kxdd-yzp3-r7cb
11
vulnerability VCID-m4am-h2ea-3ffr
12
vulnerability VCID-phkp-9abp-f3dq
13
vulnerability VCID-rqqc-ta7c-ykgx
14
vulnerability VCID-tktt-vg92-6kae
15
vulnerability VCID-tuqc-c251-h7ds
16
vulnerability VCID-w777-44ns-cybg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
aliases BIT-django-2024-42005, CVE-2024-42005, GHSA-pv4p-cwwg-4rph, PYSEC-2024-70
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xcmd-18ck-gqae
36
url VCID-ynt9-h6ww-h7e9
vulnerability_id VCID-ynt9-h6ww-h7e9
summary An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed QuerySet.annotate() or QuerySet.alias().
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-57833.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-57833.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-57833
reference_id
reference_type
scores
0
value 0.00074
scoring_system epss
scoring_elements 0.22415
published_at 2026-06-09T12:55:00Z
1
value 0.00074
scoring_system epss
scoring_elements 0.2251
published_at 2026-06-06T12:55:00Z
2
value 0.00074
scoring_system epss
scoring_elements 0.22411
published_at 2026-06-08T12:55:00Z
3
value 0.00074
scoring_system epss
scoring_elements 0.22461
published_at 2026-06-07T12:55:00Z
4
value 0.00074
scoring_system epss
scoring_elements 0.22523
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-57833
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
26
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-08T17:33:03Z/
url https://docs.djangoproject.com/en/dev/releases/security/
27
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
28
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
29
reference_url https://github.com/django/django/commit/102965ea93072fe3c39a30be437c683ec1106ef5
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/102965ea93072fe3c39a30be437c683ec1106ef5
30
reference_url https://github.com/django/django/commit/31334e6965ad136a5e369993b01721499c5d1a92
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/31334e6965ad136a5e369993b01721499c5d1a92
31
reference_url https://github.com/django/django/commit/4c044fcc866ec226f612c475950b690b0139d243
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/4c044fcc866ec226f612c475950b690b0139d243
32
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-105.yaml
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-105.yaml
33
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-08T17:33:03Z/
url https://groups.google.com/g/django-announce
34
reference_url https://lists.debian.org/debian-lts-announce/2025/09/msg00017.html
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/09/msg00017.html
35
reference_url https://medium.com/@EyalSec/django-unauthenticated-0-click-rce-and-sql-injection-using-default-configuration-059964f3f898
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-08T17:33:03Z/
url https://medium.com/@EyalSec/django-unauthenticated-0-click-rce-and-sql-injection-using-default-configuration-059964f3f898
36
reference_url https://www.djangoproject.com/weblog/2025/sep/03/security-releases
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2025/sep/03/security-releases
37
reference_url https://www.djangoproject.com/weblog/2025/sep/03/security-releases/
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-08T17:33:03Z/
url https://www.djangoproject.com/weblog/2025/sep/03/security-releases/
38
reference_url http://www.openwall.com/lists/oss-security/2025/09/03/3
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/09/03/3
39
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1113865
reference_id 1113865
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1113865
40
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2392990
reference_id 2392990
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2392990
41
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-57833
reference_id CVE-2025-57833
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-57833
42
reference_url https://github.com/advisories/GHSA-6w2r-r2m5-xq5w
reference_id GHSA-6w2r-r2m5-xq5w
reference_type
scores
url https://github.com/advisories/GHSA-6w2r-r2m5-xq5w
43
reference_url https://access.redhat.com/errata/RHSA-2025:16403
reference_id RHSA-2025:16403
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:16403
44
reference_url https://access.redhat.com/errata/RHSA-2025:16404
reference_id RHSA-2025:16404
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:16404
45
reference_url https://access.redhat.com/errata/RHSA-2025:16487
reference_id RHSA-2025:16487
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:16487
46
reference_url https://access.redhat.com/errata/RHSA-2025:16514
reference_id RHSA-2025:16514
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:16514
47
reference_url https://access.redhat.com/errata/RHSA-2025:17498
reference_id RHSA-2025:17498
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:17498
48
reference_url https://access.redhat.com/errata/RHSA-2025:17499
reference_id RHSA-2025:17499
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:17499
49
reference_url https://access.redhat.com/errata/RHSA-2025:17500
reference_id RHSA-2025:17500
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:17500
50
reference_url https://access.redhat.com/errata/RHSA-2025:17606
reference_id RHSA-2025:17606
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:17606
51
reference_url https://access.redhat.com/errata/RHSA-2025:17613
reference_id RHSA-2025:17613
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:17613
52
reference_url https://access.redhat.com/errata/RHSA-2025:17614
reference_id RHSA-2025:17614
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:17614
53
reference_url https://usn.ubuntu.com/7736-1/
reference_id USN-7736-1
reference_type
scores
url https://usn.ubuntu.com/7736-1/
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-322v-ntsv-7uge
3
vulnerability VCID-3mfy-uj9u-d7de
4
vulnerability VCID-4cp2-k4mn-8ffj
5
vulnerability VCID-4kcg-gx5y-cuaw
6
vulnerability VCID-4tyd-97z5-z3ar
7
vulnerability VCID-4z4e-8ttu-tyd6
8
vulnerability VCID-51tx-4tp9-kbcz
9
vulnerability VCID-5q58-pzt4-8uey
10
vulnerability VCID-5xtt-au84-zbb2
11
vulnerability VCID-6jpg-yrf8-cufy
12
vulnerability VCID-7c5n-nzwk-v7bz
13
vulnerability VCID-9end-mq19-rke5
14
vulnerability VCID-9kvc-1bdz-n3bd
15
vulnerability VCID-9mpt-zxaw-kkeg
16
vulnerability VCID-attf-6gj8-ebaj
17
vulnerability VCID-au8h-vj9k-pufv
18
vulnerability VCID-bb8b-hq41-s7a6
19
vulnerability VCID-c3m7-fu62-2qd9
20
vulnerability VCID-c58g-7jpv-t7hc
21
vulnerability VCID-drwp-htkk-bkfh
22
vulnerability VCID-e12b-tw2c-53c9
23
vulnerability VCID-e8j6-mybr-17fh
24
vulnerability VCID-f1br-hvnm-wfdg
25
vulnerability VCID-f4a7-tcz5-byfj
26
vulnerability VCID-fcg9-xypn-ykhf
27
vulnerability VCID-fhp8-tck4-mye4
28
vulnerability VCID-fksk-pr23-2yd8
29
vulnerability VCID-fsaw-3ta1-x3dw
30
vulnerability VCID-g44a-m54u-97cr
31
vulnerability VCID-gfar-wbzc-3ubr
32
vulnerability VCID-hh9b-52xn-z7a9
33
vulnerability VCID-hpj4-a9fa-4bca
34
vulnerability VCID-j81e-su1y-tqa6
35
vulnerability VCID-jgv9-vdbm-sycd
36
vulnerability VCID-jybd-p65h-xffy
37
vulnerability VCID-kbab-v2gz-dfe6
38
vulnerability VCID-m1dr-sjmw-jfd2
39
vulnerability VCID-m33h-4p9q-63fb
40
vulnerability VCID-m4wa-xv9b-q7ce
41
vulnerability VCID-n2v7-jqjy-37bc
42
vulnerability VCID-n9vn-4uxr-hkau
43
vulnerability VCID-na9w-xkvx-cbhd
44
vulnerability VCID-nss9-1yrb-x7f2
45
vulnerability VCID-pa7y-gpwp-6qgj
46
vulnerability VCID-pgtx-cdua-kfb4
47
vulnerability VCID-q8r2-m9s6-rbek
48
vulnerability VCID-qgp1-4efd-6yg6
49
vulnerability VCID-qvfs-2v1h-p3h4
50
vulnerability VCID-qy1a-x3ff-4bc8
51
vulnerability VCID-s1rj-1xbw-fbg5
52
vulnerability VCID-shch-yusm-1uck
53
vulnerability VCID-shjc-2j68-2yfy
54
vulnerability VCID-t952-ghnf-jkby
55
vulnerability VCID-u9q1-63gf-7feh
56
vulnerability VCID-ud73-4t2c-n3at
57
vulnerability VCID-vdpf-jddk-syda
58
vulnerability VCID-vgq9-s6th-yufg
59
vulnerability VCID-wa3g-27sx-mbcw
60
vulnerability VCID-wch3-d92x-sudf
61
vulnerability VCID-whgc-pt2s-77ar
62
vulnerability VCID-wnxx-rc7w-cke4
63
vulnerability VCID-x61x-6b6k-h3bn
64
vulnerability VCID-xcmd-18ck-gqae
65
vulnerability VCID-ynt9-h6ww-h7e9
66
vulnerability VCID-yreb-z7nz-jkbs
67
vulnerability VCID-yuda-1mur-8bbq
68
vulnerability VCID-z4x1-e7tp-rqhz
69
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4cp2-k4mn-8ffj
3
vulnerability VCID-4kcg-gx5y-cuaw
4
vulnerability VCID-4tyd-97z5-z3ar
5
vulnerability VCID-4z4e-8ttu-tyd6
6
vulnerability VCID-51tx-4tp9-kbcz
7
vulnerability VCID-5q58-pzt4-8uey
8
vulnerability VCID-5xtt-au84-zbb2
9
vulnerability VCID-6jpg-yrf8-cufy
10
vulnerability VCID-9end-mq19-rke5
11
vulnerability VCID-9kvc-1bdz-n3bd
12
vulnerability VCID-9mpt-zxaw-kkeg
13
vulnerability VCID-attf-6gj8-ebaj
14
vulnerability VCID-au8h-vj9k-pufv
15
vulnerability VCID-bb8b-hq41-s7a6
16
vulnerability VCID-c3m7-fu62-2qd9
17
vulnerability VCID-drwp-htkk-bkfh
18
vulnerability VCID-e12b-tw2c-53c9
19
vulnerability VCID-e8j6-mybr-17fh
20
vulnerability VCID-f4a7-tcz5-byfj
21
vulnerability VCID-fcg9-xypn-ykhf
22
vulnerability VCID-fhp8-tck4-mye4
23
vulnerability VCID-fksk-pr23-2yd8
24
vulnerability VCID-fsaw-3ta1-x3dw
25
vulnerability VCID-g44a-m54u-97cr
26
vulnerability VCID-gfar-wbzc-3ubr
27
vulnerability VCID-hh9b-52xn-z7a9
28
vulnerability VCID-j81e-su1y-tqa6
29
vulnerability VCID-jgv9-vdbm-sycd
30
vulnerability VCID-jybd-p65h-xffy
31
vulnerability VCID-m1dr-sjmw-jfd2
32
vulnerability VCID-m33h-4p9q-63fb
33
vulnerability VCID-m4wa-xv9b-q7ce
34
vulnerability VCID-n2v7-jqjy-37bc
35
vulnerability VCID-n9vn-4uxr-hkau
36
vulnerability VCID-na9w-xkvx-cbhd
37
vulnerability VCID-nss9-1yrb-x7f2
38
vulnerability VCID-pa7y-gpwp-6qgj
39
vulnerability VCID-pgtx-cdua-kfb4
40
vulnerability VCID-q8r2-m9s6-rbek
41
vulnerability VCID-qgp1-4efd-6yg6
42
vulnerability VCID-qvfs-2v1h-p3h4
43
vulnerability VCID-qy1a-x3ff-4bc8
44
vulnerability VCID-s1rj-1xbw-fbg5
45
vulnerability VCID-shch-yusm-1uck
46
vulnerability VCID-shjc-2j68-2yfy
47
vulnerability VCID-u9q1-63gf-7feh
48
vulnerability VCID-ud73-4t2c-n3at
49
vulnerability VCID-vdpf-jddk-syda
50
vulnerability VCID-vgq9-s6th-yufg
51
vulnerability VCID-wa3g-27sx-mbcw
52
vulnerability VCID-whgc-pt2s-77ar
53
vulnerability VCID-wnxx-rc7w-cke4
54
vulnerability VCID-xcmd-18ck-gqae
55
vulnerability VCID-ynt9-h6ww-h7e9
56
vulnerability VCID-yreb-z7nz-jkbs
57
vulnerability VCID-yuda-1mur-8bbq
58
vulnerability VCID-z4x1-e7tp-rqhz
59
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
2
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-55xg-pw9n-zkdy
3
vulnerability VCID-9gq3-whr8-s7b8
4
vulnerability VCID-abpe-htm1-9ubp
5
vulnerability VCID-eqsc-axng-ckca
6
vulnerability VCID-fsz5-dkw2-hyap
7
vulnerability VCID-fxuu-kk52-r7ch
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-kxdd-yzp3-r7cb
11
vulnerability VCID-m4am-h2ea-3ffr
12
vulnerability VCID-phkp-9abp-f3dq
13
vulnerability VCID-rqqc-ta7c-ykgx
14
vulnerability VCID-tktt-vg92-6kae
15
vulnerability VCID-tuqc-c251-h7ds
16
vulnerability VCID-w777-44ns-cybg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
aliases BIT-django-2025-57833, CVE-2025-57833, GHSA-6w2r-r2m5-xq5w, PYSEC-2025-105
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ynt9-h6ww-h7e9
37
url VCID-yreb-z7nz-jkbs
vulnerability_id VCID-yreb-z7nz-jkbs
summary An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of "OR 1=1" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14234.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14234.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14234
reference_id
reference_type
scores
0
value 0.29723
scoring_system epss
scoring_elements 0.96729
published_at 2026-06-08T12:55:00Z
1
value 0.29723
scoring_system epss
scoring_elements 0.9673
published_at 2026-06-07T12:55:00Z
2
value 0.29723
scoring_system epss
scoring_elements 0.96725
published_at 2026-06-05T12:55:00Z
3
value 0.29723
scoring_system epss
scoring_elements 0.96721
published_at 2026-06-04T12:55:00Z
4
value 0.29723
scoring_system epss
scoring_elements 0.96734
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14234
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14233
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14233
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14234
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14234
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14235
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14235
7
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
8
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
9
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
10
reference_url https://github.com/advisories/GHSA-6r97-cj55-9hrq
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-6r97-cj55-9hrq
11
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
12
reference_url https://github.com/django/django/commit/4f5b58f5cd3c57fee9972ab074f8dc6895d8f387
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/4f5b58f5cd3c57fee9972ab074f8dc6895d8f387
13
reference_url https://github.com/django/django/commit/ed682a24fca774818542757651bfba576c3fc3ef
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/ed682a24fca774818542757651bfba576c3fc3ef
14
reference_url https://github.com/django/django/commit/f74b3ae3628c26e1b4f8db3d13a91d52a833a975
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/f74b3ae3628c26e1b4f8db3d13a91d52a833a975
15
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-13.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-13.yaml
16
reference_url https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/
19
reference_url https://seclists.org/bugtraq/2019/Aug/15
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Aug/15
20
reference_url https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202004-17
21
reference_url https://security.netapp.com/advisory/ntap-20190828-0002
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190828-0002
22
reference_url https://security.netapp.com/advisory/ntap-20190828-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190828-0002/
23
reference_url https://www.debian.org/security/2019/dsa-4498
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4498
24
reference_url https://www.djangoproject.com/weblog/2019/aug/01/security-releases
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2019/aug/01/security-releases
25
reference_url https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
26
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1734417
reference_id 1734417
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1734417
27
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934026
reference_id 934026
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934026
28
reference_url https://security.archlinux.org/ASA-201908-2
reference_id ASA-201908-2
reference_type
scores
url https://security.archlinux.org/ASA-201908-2
29
reference_url https://security.archlinux.org/AVG-1015
reference_id AVG-1015
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1015
30
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14234
reference_id CVE-2019-14234
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-14234
31
reference_url https://access.redhat.com/errata/RHSA-2020:1324
reference_id RHSA-2020:1324
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1324
32
reference_url https://access.redhat.com/errata/RHSA-2020:4390
reference_id RHSA-2020:4390
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4390
33
reference_url https://usn.ubuntu.com/4084-1/
reference_id USN-4084-1
reference_type
scores
url https://usn.ubuntu.com/4084-1/
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-322v-ntsv-7uge
3
vulnerability VCID-3mfy-uj9u-d7de
4
vulnerability VCID-4cp2-k4mn-8ffj
5
vulnerability VCID-4kcg-gx5y-cuaw
6
vulnerability VCID-4tyd-97z5-z3ar
7
vulnerability VCID-4z4e-8ttu-tyd6
8
vulnerability VCID-51tx-4tp9-kbcz
9
vulnerability VCID-5q58-pzt4-8uey
10
vulnerability VCID-5xtt-au84-zbb2
11
vulnerability VCID-6jpg-yrf8-cufy
12
vulnerability VCID-7c5n-nzwk-v7bz
13
vulnerability VCID-9end-mq19-rke5
14
vulnerability VCID-9kvc-1bdz-n3bd
15
vulnerability VCID-9mpt-zxaw-kkeg
16
vulnerability VCID-attf-6gj8-ebaj
17
vulnerability VCID-au8h-vj9k-pufv
18
vulnerability VCID-bb8b-hq41-s7a6
19
vulnerability VCID-c3m7-fu62-2qd9
20
vulnerability VCID-c58g-7jpv-t7hc
21
vulnerability VCID-drwp-htkk-bkfh
22
vulnerability VCID-e12b-tw2c-53c9
23
vulnerability VCID-e8j6-mybr-17fh
24
vulnerability VCID-f1br-hvnm-wfdg
25
vulnerability VCID-f4a7-tcz5-byfj
26
vulnerability VCID-fcg9-xypn-ykhf
27
vulnerability VCID-fhp8-tck4-mye4
28
vulnerability VCID-fksk-pr23-2yd8
29
vulnerability VCID-fsaw-3ta1-x3dw
30
vulnerability VCID-g44a-m54u-97cr
31
vulnerability VCID-gfar-wbzc-3ubr
32
vulnerability VCID-hh9b-52xn-z7a9
33
vulnerability VCID-hpj4-a9fa-4bca
34
vulnerability VCID-j81e-su1y-tqa6
35
vulnerability VCID-jgv9-vdbm-sycd
36
vulnerability VCID-jybd-p65h-xffy
37
vulnerability VCID-kbab-v2gz-dfe6
38
vulnerability VCID-m1dr-sjmw-jfd2
39
vulnerability VCID-m33h-4p9q-63fb
40
vulnerability VCID-m4wa-xv9b-q7ce
41
vulnerability VCID-n2v7-jqjy-37bc
42
vulnerability VCID-n9vn-4uxr-hkau
43
vulnerability VCID-na9w-xkvx-cbhd
44
vulnerability VCID-nss9-1yrb-x7f2
45
vulnerability VCID-pa7y-gpwp-6qgj
46
vulnerability VCID-pgtx-cdua-kfb4
47
vulnerability VCID-q8r2-m9s6-rbek
48
vulnerability VCID-qgp1-4efd-6yg6
49
vulnerability VCID-qvfs-2v1h-p3h4
50
vulnerability VCID-qy1a-x3ff-4bc8
51
vulnerability VCID-s1rj-1xbw-fbg5
52
vulnerability VCID-shch-yusm-1uck
53
vulnerability VCID-shjc-2j68-2yfy
54
vulnerability VCID-t952-ghnf-jkby
55
vulnerability VCID-u9q1-63gf-7feh
56
vulnerability VCID-ud73-4t2c-n3at
57
vulnerability VCID-vdpf-jddk-syda
58
vulnerability VCID-vgq9-s6th-yufg
59
vulnerability VCID-wa3g-27sx-mbcw
60
vulnerability VCID-wch3-d92x-sudf
61
vulnerability VCID-whgc-pt2s-77ar
62
vulnerability VCID-wnxx-rc7w-cke4
63
vulnerability VCID-x61x-6b6k-h3bn
64
vulnerability VCID-xcmd-18ck-gqae
65
vulnerability VCID-ynt9-h6ww-h7e9
66
vulnerability VCID-yreb-z7nz-jkbs
67
vulnerability VCID-yuda-1mur-8bbq
68
vulnerability VCID-z4x1-e7tp-rqhz
69
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4cp2-k4mn-8ffj
3
vulnerability VCID-4kcg-gx5y-cuaw
4
vulnerability VCID-4tyd-97z5-z3ar
5
vulnerability VCID-4z4e-8ttu-tyd6
6
vulnerability VCID-51tx-4tp9-kbcz
7
vulnerability VCID-5q58-pzt4-8uey
8
vulnerability VCID-5xtt-au84-zbb2
9
vulnerability VCID-6jpg-yrf8-cufy
10
vulnerability VCID-9end-mq19-rke5
11
vulnerability VCID-9kvc-1bdz-n3bd
12
vulnerability VCID-9mpt-zxaw-kkeg
13
vulnerability VCID-attf-6gj8-ebaj
14
vulnerability VCID-au8h-vj9k-pufv
15
vulnerability VCID-bb8b-hq41-s7a6
16
vulnerability VCID-c3m7-fu62-2qd9
17
vulnerability VCID-drwp-htkk-bkfh
18
vulnerability VCID-e12b-tw2c-53c9
19
vulnerability VCID-e8j6-mybr-17fh
20
vulnerability VCID-f4a7-tcz5-byfj
21
vulnerability VCID-fcg9-xypn-ykhf
22
vulnerability VCID-fhp8-tck4-mye4
23
vulnerability VCID-fksk-pr23-2yd8
24
vulnerability VCID-fsaw-3ta1-x3dw
25
vulnerability VCID-g44a-m54u-97cr
26
vulnerability VCID-gfar-wbzc-3ubr
27
vulnerability VCID-hh9b-52xn-z7a9
28
vulnerability VCID-j81e-su1y-tqa6
29
vulnerability VCID-jgv9-vdbm-sycd
30
vulnerability VCID-jybd-p65h-xffy
31
vulnerability VCID-m1dr-sjmw-jfd2
32
vulnerability VCID-m33h-4p9q-63fb
33
vulnerability VCID-m4wa-xv9b-q7ce
34
vulnerability VCID-n2v7-jqjy-37bc
35
vulnerability VCID-n9vn-4uxr-hkau
36
vulnerability VCID-na9w-xkvx-cbhd
37
vulnerability VCID-nss9-1yrb-x7f2
38
vulnerability VCID-pa7y-gpwp-6qgj
39
vulnerability VCID-pgtx-cdua-kfb4
40
vulnerability VCID-q8r2-m9s6-rbek
41
vulnerability VCID-qgp1-4efd-6yg6
42
vulnerability VCID-qvfs-2v1h-p3h4
43
vulnerability VCID-qy1a-x3ff-4bc8
44
vulnerability VCID-s1rj-1xbw-fbg5
45
vulnerability VCID-shch-yusm-1uck
46
vulnerability VCID-shjc-2j68-2yfy
47
vulnerability VCID-u9q1-63gf-7feh
48
vulnerability VCID-ud73-4t2c-n3at
49
vulnerability VCID-vdpf-jddk-syda
50
vulnerability VCID-vgq9-s6th-yufg
51
vulnerability VCID-wa3g-27sx-mbcw
52
vulnerability VCID-whgc-pt2s-77ar
53
vulnerability VCID-wnxx-rc7w-cke4
54
vulnerability VCID-xcmd-18ck-gqae
55
vulnerability VCID-ynt9-h6ww-h7e9
56
vulnerability VCID-yreb-z7nz-jkbs
57
vulnerability VCID-yuda-1mur-8bbq
58
vulnerability VCID-z4x1-e7tp-rqhz
59
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
2
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-4kcg-gx5y-cuaw
3
vulnerability VCID-4tyd-97z5-z3ar
4
vulnerability VCID-55xg-pw9n-zkdy
5
vulnerability VCID-5xtt-au84-zbb2
6
vulnerability VCID-9gq3-whr8-s7b8
7
vulnerability VCID-9kvc-1bdz-n3bd
8
vulnerability VCID-abpe-htm1-9ubp
9
vulnerability VCID-bb8b-hq41-s7a6
10
vulnerability VCID-e12b-tw2c-53c9
11
vulnerability VCID-e8j6-mybr-17fh
12
vulnerability VCID-eqsc-axng-ckca
13
vulnerability VCID-fcg9-xypn-ykhf
14
vulnerability VCID-fsaw-3ta1-x3dw
15
vulnerability VCID-fsz5-dkw2-hyap
16
vulnerability VCID-fxuu-kk52-r7ch
17
vulnerability VCID-ga7z-wj4j-63h1
18
vulnerability VCID-hsjn-xnpp-5yeh
19
vulnerability VCID-jgv9-vdbm-sycd
20
vulnerability VCID-jybd-p65h-xffy
21
vulnerability VCID-kxdd-yzp3-r7cb
22
vulnerability VCID-m33h-4p9q-63fb
23
vulnerability VCID-m4am-h2ea-3ffr
24
vulnerability VCID-n2v7-jqjy-37bc
25
vulnerability VCID-pa7y-gpwp-6qgj
26
vulnerability VCID-phkp-9abp-f3dq
27
vulnerability VCID-qgp1-4efd-6yg6
28
vulnerability VCID-qy1a-x3ff-4bc8
29
vulnerability VCID-rqqc-ta7c-ykgx
30
vulnerability VCID-s1rj-1xbw-fbg5
31
vulnerability VCID-shch-yusm-1uck
32
vulnerability VCID-shjc-2j68-2yfy
33
vulnerability VCID-tktt-vg92-6kae
34
vulnerability VCID-tuqc-c251-h7ds
35
vulnerability VCID-ud73-4t2c-n3at
36
vulnerability VCID-vgq9-s6th-yufg
37
vulnerability VCID-w777-44ns-cybg
38
vulnerability VCID-wa3g-27sx-mbcw
39
vulnerability VCID-whgc-pt2s-77ar
40
vulnerability VCID-xcmd-18ck-gqae
41
vulnerability VCID-ynt9-h6ww-h7e9
42
vulnerability VCID-yuda-1mur-8bbq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2
aliases CVE-2019-14234, GHSA-6r97-cj55-9hrq, PYSEC-2019-13
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yreb-z7nz-jkbs
38
url VCID-yuda-1mur-8bbq
vulnerability_id VCID-yuda-1mur-8bbq
summary An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24680.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24680.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-24680
reference_id
reference_type
scores
0
value 0.01394
scoring_system epss
scoring_elements 0.8076
published_at 2026-06-09T12:55:00Z
1
value 0.01394
scoring_system epss
scoring_elements 0.80741
published_at 2026-06-08T12:55:00Z
2
value 0.01394
scoring_system epss
scoring_elements 0.80744
published_at 2026-06-07T12:55:00Z
3
value 0.01394
scoring_system epss
scoring_elements 0.80748
published_at 2026-06-06T12:55:00Z
4
value 0.01394
scoring_system epss
scoring_elements 0.80746
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-24680
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
25
reference_url https://docs.djangoproject.com/en/5.0/releases/security
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/5.0/releases/security
26
reference_url https://docs.djangoproject.com/en/5.0/releases/security/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:36Z/
url https://docs.djangoproject.com/en/5.0/releases/security/
27
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
28
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
29
reference_url https://github.com/django/django/commit/16a8fe18a3b81250f4fa57e3f93f0599dc4895bc
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/16a8fe18a3b81250f4fa57e3f93f0599dc4895bc
30
reference_url https://github.com/django/django/commit/55519d6cf8998fe4c8f5c8abffc2b10a7c3d14e9
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/55519d6cf8998fe4c8f5c8abffc2b10a7c3d14e9
31
reference_url https://github.com/django/django/commit/572ea07e84b38ea8de0551f4b4eda685d91d09d2
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/572ea07e84b38ea8de0551f4b4eda685d91d09d2
32
reference_url https://github.com/django/django/commit/c1171ffbd570db90ca206c30f8e2b9f691243820
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/c1171ffbd570db90ca206c30f8e2b9f691243820
33
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-28.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-28.yaml
34
reference_url https://groups.google.com/forum/#%21forum/django-announce
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:36Z/
url https://groups.google.com/forum/#%21forum/django-announce
35
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
36
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
37
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
38
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
39
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
40
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
41
reference_url https://www.djangoproject.com/weblog/2024/feb/06/security-releases
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2024/feb/06/security-releases
42
reference_url https://www.djangoproject.com/weblog/2024/feb/06/security-releases/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:36Z/
url https://www.djangoproject.com/weblog/2024/feb/06/security-releases/
43
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2261856
reference_id 2261856
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2261856
44
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-24680
reference_id CVE-2024-24680
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-24680
45
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX/
reference_id D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:36Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2JIRXEDP4ZET5KFMAPPYSK663Q52NEX/
46
reference_url https://github.com/advisories/GHSA-xxj9-f6rv-m3x4
reference_id GHSA-xxj9-f6rv-m3x4
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xxj9-f6rv-m3x4
47
reference_url https://security.gentoo.org/glsa/202509-03
reference_id GLSA-202509-03
reference_type
scores
url https://security.gentoo.org/glsa/202509-03
48
reference_url https://access.redhat.com/errata/RHSA-2024:1057
reference_id RHSA-2024:1057
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1057
49
reference_url https://access.redhat.com/errata/RHSA-2024:1878
reference_id RHSA-2024:1878
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1878
50
reference_url https://access.redhat.com/errata/RHSA-2024:2731
reference_id RHSA-2024:2731
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2731
51
reference_url https://access.redhat.com/errata/RHSA-2024:5662
reference_id RHSA-2024:5662
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5662
52
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6/
reference_id SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:36Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN2PLJGYSAAG5KUVIUFJYKD3BLQ4OSN6/
53
reference_url https://usn.ubuntu.com/6623-1/
reference_id USN-6623-1
reference_type
scores
url https://usn.ubuntu.com/6623-1/
54
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/
reference_id ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:36Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D/
fixed_packages
0
url pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
purl pkg:deb/debian/python-django@1:1.10.7-2%2Bdeb9u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-322v-ntsv-7uge
3
vulnerability VCID-3mfy-uj9u-d7de
4
vulnerability VCID-4cp2-k4mn-8ffj
5
vulnerability VCID-4kcg-gx5y-cuaw
6
vulnerability VCID-4tyd-97z5-z3ar
7
vulnerability VCID-4z4e-8ttu-tyd6
8
vulnerability VCID-51tx-4tp9-kbcz
9
vulnerability VCID-5q58-pzt4-8uey
10
vulnerability VCID-5xtt-au84-zbb2
11
vulnerability VCID-6jpg-yrf8-cufy
12
vulnerability VCID-7c5n-nzwk-v7bz
13
vulnerability VCID-9end-mq19-rke5
14
vulnerability VCID-9kvc-1bdz-n3bd
15
vulnerability VCID-9mpt-zxaw-kkeg
16
vulnerability VCID-attf-6gj8-ebaj
17
vulnerability VCID-au8h-vj9k-pufv
18
vulnerability VCID-bb8b-hq41-s7a6
19
vulnerability VCID-c3m7-fu62-2qd9
20
vulnerability VCID-c58g-7jpv-t7hc
21
vulnerability VCID-drwp-htkk-bkfh
22
vulnerability VCID-e12b-tw2c-53c9
23
vulnerability VCID-e8j6-mybr-17fh
24
vulnerability VCID-f1br-hvnm-wfdg
25
vulnerability VCID-f4a7-tcz5-byfj
26
vulnerability VCID-fcg9-xypn-ykhf
27
vulnerability VCID-fhp8-tck4-mye4
28
vulnerability VCID-fksk-pr23-2yd8
29
vulnerability VCID-fsaw-3ta1-x3dw
30
vulnerability VCID-g44a-m54u-97cr
31
vulnerability VCID-gfar-wbzc-3ubr
32
vulnerability VCID-hh9b-52xn-z7a9
33
vulnerability VCID-hpj4-a9fa-4bca
34
vulnerability VCID-j81e-su1y-tqa6
35
vulnerability VCID-jgv9-vdbm-sycd
36
vulnerability VCID-jybd-p65h-xffy
37
vulnerability VCID-kbab-v2gz-dfe6
38
vulnerability VCID-m1dr-sjmw-jfd2
39
vulnerability VCID-m33h-4p9q-63fb
40
vulnerability VCID-m4wa-xv9b-q7ce
41
vulnerability VCID-n2v7-jqjy-37bc
42
vulnerability VCID-n9vn-4uxr-hkau
43
vulnerability VCID-na9w-xkvx-cbhd
44
vulnerability VCID-nss9-1yrb-x7f2
45
vulnerability VCID-pa7y-gpwp-6qgj
46
vulnerability VCID-pgtx-cdua-kfb4
47
vulnerability VCID-q8r2-m9s6-rbek
48
vulnerability VCID-qgp1-4efd-6yg6
49
vulnerability VCID-qvfs-2v1h-p3h4
50
vulnerability VCID-qy1a-x3ff-4bc8
51
vulnerability VCID-s1rj-1xbw-fbg5
52
vulnerability VCID-shch-yusm-1uck
53
vulnerability VCID-shjc-2j68-2yfy
54
vulnerability VCID-t952-ghnf-jkby
55
vulnerability VCID-u9q1-63gf-7feh
56
vulnerability VCID-ud73-4t2c-n3at
57
vulnerability VCID-vdpf-jddk-syda
58
vulnerability VCID-vgq9-s6th-yufg
59
vulnerability VCID-wa3g-27sx-mbcw
60
vulnerability VCID-wch3-d92x-sudf
61
vulnerability VCID-whgc-pt2s-77ar
62
vulnerability VCID-wnxx-rc7w-cke4
63
vulnerability VCID-x61x-6b6k-h3bn
64
vulnerability VCID-xcmd-18ck-gqae
65
vulnerability VCID-ynt9-h6ww-h7e9
66
vulnerability VCID-yreb-z7nz-jkbs
67
vulnerability VCID-yuda-1mur-8bbq
68
vulnerability VCID-z4x1-e7tp-rqhz
69
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.10.7-2%252Bdeb9u9
1
url pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
purl pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4cp2-k4mn-8ffj
3
vulnerability VCID-4kcg-gx5y-cuaw
4
vulnerability VCID-4tyd-97z5-z3ar
5
vulnerability VCID-4z4e-8ttu-tyd6
6
vulnerability VCID-51tx-4tp9-kbcz
7
vulnerability VCID-5q58-pzt4-8uey
8
vulnerability VCID-5xtt-au84-zbb2
9
vulnerability VCID-6jpg-yrf8-cufy
10
vulnerability VCID-9end-mq19-rke5
11
vulnerability VCID-9kvc-1bdz-n3bd
12
vulnerability VCID-9mpt-zxaw-kkeg
13
vulnerability VCID-attf-6gj8-ebaj
14
vulnerability VCID-au8h-vj9k-pufv
15
vulnerability VCID-bb8b-hq41-s7a6
16
vulnerability VCID-c3m7-fu62-2qd9
17
vulnerability VCID-drwp-htkk-bkfh
18
vulnerability VCID-e12b-tw2c-53c9
19
vulnerability VCID-e8j6-mybr-17fh
20
vulnerability VCID-f4a7-tcz5-byfj
21
vulnerability VCID-fcg9-xypn-ykhf
22
vulnerability VCID-fhp8-tck4-mye4
23
vulnerability VCID-fksk-pr23-2yd8
24
vulnerability VCID-fsaw-3ta1-x3dw
25
vulnerability VCID-g44a-m54u-97cr
26
vulnerability VCID-gfar-wbzc-3ubr
27
vulnerability VCID-hh9b-52xn-z7a9
28
vulnerability VCID-j81e-su1y-tqa6
29
vulnerability VCID-jgv9-vdbm-sycd
30
vulnerability VCID-jybd-p65h-xffy
31
vulnerability VCID-m1dr-sjmw-jfd2
32
vulnerability VCID-m33h-4p9q-63fb
33
vulnerability VCID-m4wa-xv9b-q7ce
34
vulnerability VCID-n2v7-jqjy-37bc
35
vulnerability VCID-n9vn-4uxr-hkau
36
vulnerability VCID-na9w-xkvx-cbhd
37
vulnerability VCID-nss9-1yrb-x7f2
38
vulnerability VCID-pa7y-gpwp-6qgj
39
vulnerability VCID-pgtx-cdua-kfb4
40
vulnerability VCID-q8r2-m9s6-rbek
41
vulnerability VCID-qgp1-4efd-6yg6
42
vulnerability VCID-qvfs-2v1h-p3h4
43
vulnerability VCID-qy1a-x3ff-4bc8
44
vulnerability VCID-s1rj-1xbw-fbg5
45
vulnerability VCID-shch-yusm-1uck
46
vulnerability VCID-shjc-2j68-2yfy
47
vulnerability VCID-u9q1-63gf-7feh
48
vulnerability VCID-ud73-4t2c-n3at
49
vulnerability VCID-vdpf-jddk-syda
50
vulnerability VCID-vgq9-s6th-yufg
51
vulnerability VCID-wa3g-27sx-mbcw
52
vulnerability VCID-whgc-pt2s-77ar
53
vulnerability VCID-wnxx-rc7w-cke4
54
vulnerability VCID-xcmd-18ck-gqae
55
vulnerability VCID-ynt9-h6ww-h7e9
56
vulnerability VCID-yreb-z7nz-jkbs
57
vulnerability VCID-yuda-1mur-8bbq
58
vulnerability VCID-z4x1-e7tp-rqhz
59
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1
2
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2as8-7qx6-2kba
1
vulnerability VCID-4gpn-bf2d-ybfb
2
vulnerability VCID-55xg-pw9n-zkdy
3
vulnerability VCID-9gq3-whr8-s7b8
4
vulnerability VCID-abpe-htm1-9ubp
5
vulnerability VCID-eqsc-axng-ckca
6
vulnerability VCID-fsz5-dkw2-hyap
7
vulnerability VCID-fxuu-kk52-r7ch
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-hsjn-xnpp-5yeh
10
vulnerability VCID-kxdd-yzp3-r7cb
11
vulnerability VCID-m4am-h2ea-3ffr
12
vulnerability VCID-phkp-9abp-f3dq
13
vulnerability VCID-rqqc-ta7c-ykgx
14
vulnerability VCID-tktt-vg92-6kae
15
vulnerability VCID-tuqc-c251-h7ds
16
vulnerability VCID-w777-44ns-cybg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2
aliases BIT-django-2024-24680, CVE-2024-24680, GHSA-xxj9-f6rv-m3x4, PYSEC-2024-28
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yuda-1mur-8bbq
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@1:1.11.29-1~deb10u1