| Affected_by_vulnerabilities |
| 0 |
| url |
VCID-1fs3-2msx-9kev |
| vulnerability_id |
VCID-1fs3-2msx-9kev |
| summary |
django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-14574 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.07477 |
| scoring_system |
epss |
| scoring_elements |
0.91782 |
| published_at |
2026-04-09T12:55:00Z |
|
| 1 |
| value |
0.07477 |
| scoring_system |
epss |
| scoring_elements |
0.91775 |
| published_at |
2026-04-08T12:55:00Z |
|
| 2 |
| value |
0.07477 |
| scoring_system |
epss |
| scoring_elements |
0.91763 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.07477 |
| scoring_system |
epss |
| scoring_elements |
0.9175 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.07477 |
| scoring_system |
epss |
| scoring_elements |
0.91755 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.07477 |
| scoring_system |
epss |
| scoring_elements |
0.91783 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.07477 |
| scoring_system |
epss |
| scoring_elements |
0.91788 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.07477 |
| scoring_system |
epss |
| scoring_elements |
0.91785 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.07477 |
| scoring_system |
epss |
| scoring_elements |
0.91741 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-14574 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://github.com/advisories/GHSA-5hg3-6c2f-f3wr |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-5hg3-6c2f-f3wr |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
| reference_url |
https://usn.ubuntu.com/3726-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/3726-1 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.11.15 |
| purl |
pkg:pypi/django@1.11.15 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 2 |
| vulnerability |
VCID-56na-n4w5-8fak |
|
| 3 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 4 |
| vulnerability |
VCID-6xs7-fpvj-mbbw |
|
| 5 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 8 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 9 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 10 |
| vulnerability |
VCID-be38-bevp-y7ae |
|
| 11 |
| vulnerability |
VCID-c3ne-nkd9-pug8 |
|
| 12 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 13 |
| vulnerability |
VCID-f7dh-ahya-hfar |
|
| 14 |
| vulnerability |
VCID-hpg4-c6bk-s7c7 |
|
| 15 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 16 |
| vulnerability |
VCID-k114-8z8u-2qh1 |
|
| 17 |
| vulnerability |
VCID-mjsc-w5v5-t7cg |
|
| 18 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 19 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 20 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 21 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 22 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 23 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
| 24 |
| vulnerability |
VCID-x664-bfna-6qdv |
|
| 25 |
| vulnerability |
VCID-xaqg-mhqa-7keg |
|
| 26 |
| vulnerability |
VCID-xne6-9e55-uued |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.15 |
|
| 1 |
| url |
pkg:pypi/django@2.0.8 |
| purl |
pkg:pypi/django@2.0.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3s9f-prpy-hbcx |
|
| 1 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 4 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 5 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 6 |
| vulnerability |
VCID-c3ne-nkd9-pug8 |
|
| 7 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 8 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 9 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 10 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 11 |
| vulnerability |
VCID-x664-bfna-6qdv |
|
| 12 |
| vulnerability |
VCID-xaqg-mhqa-7keg |
|
| 13 |
| vulnerability |
VCID-xne6-9e55-uued |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.0.8 |
|
|
| aliases |
CVE-2018-14574, GHSA-5hg3-6c2f-f3wr, PYSEC-2018-2
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1fs3-2msx-9kev |
|
| 1 |
| url |
VCID-1v22-g646-wbay |
| vulnerability_id |
VCID-1v22-g646-wbay |
| summary |
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-14235 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89115 |
| published_at |
2026-04-07T12:55:00Z |
|
| 1 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89112 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89098 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89089 |
| published_at |
2026-04-01T12:55:00Z |
|
| 4 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89143 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89145 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89148 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89138 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89132 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-14235 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
| reference_url |
https://seclists.org/bugtraq/2019/Aug/15 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://seclists.org/bugtraq/2019/Aug/15 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.11.23 |
| purl |
pkg:pypi/django@1.11.23 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 1 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 2 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 3 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 6 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 7 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 8 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 9 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 10 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.23 |
|
| 1 |
| url |
pkg:pypi/django@2.1.11 |
| purl |
pkg:pypi/django@2.1.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 1 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 2 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 3 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-b2ds-36xh-zfhp |
|
| 6 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 7 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 8 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 9 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 10 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.11 |
|
| 2 |
| url |
pkg:pypi/django@2.2.4 |
| purl |
pkg:pypi/django@2.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 1 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 4 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 5 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 6 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 7 |
| vulnerability |
VCID-b2ds-36xh-zfhp |
|
| 8 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 9 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 10 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 11 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 12 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 13 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 14 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 15 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 16 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 17 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 18 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 19 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 20 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 21 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 22 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 23 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 24 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 25 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 26 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 27 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 28 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 29 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
| 30 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.4 |
|
|
| aliases |
CVE-2019-14235, GHSA-v9qg-3j8p-r63v, PYSEC-2019-14
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1v22-g646-wbay |
|
| 2 |
| url |
VCID-2zb9-27sm-3kgh |
| vulnerability_id |
VCID-2zb9-27sm-3kgh |
| summary |
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-14232 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.03026 |
| scoring_system |
epss |
| scoring_elements |
0.86583 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.03026 |
| scoring_system |
epss |
| scoring_elements |
0.86646 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.03026 |
| scoring_system |
epss |
| scoring_elements |
0.86655 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.03026 |
| scoring_system |
epss |
| scoring_elements |
0.86642 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.03026 |
| scoring_system |
epss |
| scoring_elements |
0.86632 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.03026 |
| scoring_system |
epss |
| scoring_elements |
0.86613 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.03026 |
| scoring_system |
epss |
| scoring_elements |
0.86594 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.03026 |
| scoring_system |
epss |
| scoring_elements |
0.86653 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-14232 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
| reference_url |
https://seclists.org/bugtraq/2019/Aug/15 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/ |
|
|
| url |
https://seclists.org/bugtraq/2019/Aug/15 |
|
| 46 |
| reference_url |
https://security.gentoo.org/glsa/202004-17 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/ |
|
|
| url |
https://security.gentoo.org/glsa/202004-17 |
|
| 47 |
|
| 48 |
|
| 49 |
| reference_url |
https://www.debian.org/security/2019/dsa-4498 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T18:04:48Z/ |
|
|
| url |
https://www.debian.org/security/2019/dsa-4498 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.11.23 |
| purl |
pkg:pypi/django@1.11.23 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 1 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 2 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 3 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 6 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 7 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 8 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 9 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 10 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.23 |
|
| 1 |
| url |
pkg:pypi/django@2.1.11 |
| purl |
pkg:pypi/django@2.1.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 1 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 2 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 3 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-b2ds-36xh-zfhp |
|
| 6 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 7 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 8 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 9 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 10 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.11 |
|
| 2 |
| url |
pkg:pypi/django@2.2.4 |
| purl |
pkg:pypi/django@2.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 1 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 4 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 5 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 6 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 7 |
| vulnerability |
VCID-b2ds-36xh-zfhp |
|
| 8 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 9 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 10 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 11 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 12 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 13 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 14 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 15 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 16 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 17 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 18 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 19 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 20 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 21 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 22 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 23 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 24 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 25 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 26 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 27 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 28 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 29 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
| 30 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.4 |
|
|
| aliases |
CVE-2019-14232, GHSA-c4qh-4vgv-qc6g, PYSEC-2019-11
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2zb9-27sm-3kgh |
|
| 3 |
| url |
VCID-56na-n4w5-8fak |
| vulnerability_id |
VCID-56na-n4w5-8fak |
| summary |
An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provided as a URL query parameter payload, could result in an clickable JavaScript link. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12308 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01454 |
| scoring_system |
epss |
| scoring_elements |
0.80773 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.01454 |
| scoring_system |
epss |
| scoring_elements |
0.80752 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.01454 |
| scoring_system |
epss |
| scoring_elements |
0.80743 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.01454 |
| scoring_system |
epss |
| scoring_elements |
0.808 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.01454 |
| scoring_system |
epss |
| scoring_elements |
0.80808 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.01454 |
| scoring_system |
epss |
| scoring_elements |
0.80822 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.01454 |
| scoring_system |
epss |
| scoring_elements |
0.80806 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.01454 |
| scoring_system |
epss |
| scoring_elements |
0.80798 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.01454 |
| scoring_system |
epss |
| scoring_elements |
0.8077 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12308 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
| reference_url |
https://github.com/advisories/GHSA-7rp2-fm2h-wchj |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-7rp2-fm2h-wchj |
|
| 17 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
| reference_url |
https://seclists.org/bugtraq/2019/Jul/10 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://seclists.org/bugtraq/2019/Jul/10 |
|
| 28 |
|
| 29 |
| reference_url |
https://usn.ubuntu.com/4043-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4043-1 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.11.21 |
| purl |
pkg:pypi/django@1.11.21 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 2 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 3 |
| vulnerability |
VCID-6xs7-fpvj-mbbw |
|
| 4 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 5 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 6 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 7 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 8 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 9 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 10 |
| vulnerability |
VCID-f7dh-ahya-hfar |
|
| 11 |
| vulnerability |
VCID-hpg4-c6bk-s7c7 |
|
| 12 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 13 |
| vulnerability |
VCID-k114-8z8u-2qh1 |
|
| 14 |
| vulnerability |
VCID-mjsc-w5v5-t7cg |
|
| 15 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 16 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 17 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 18 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 19 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 20 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.21 |
|
| 1 |
| url |
pkg:pypi/django@2.1.9 |
| purl |
pkg:pypi/django@2.1.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 2 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 3 |
| vulnerability |
VCID-6xs7-fpvj-mbbw |
|
| 4 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 5 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 6 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 7 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 8 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 9 |
| vulnerability |
VCID-b2ds-36xh-zfhp |
|
| 10 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 11 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 12 |
| vulnerability |
VCID-f7dh-ahya-hfar |
|
| 13 |
| vulnerability |
VCID-hpg4-c6bk-s7c7 |
|
| 14 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 15 |
| vulnerability |
VCID-k114-8z8u-2qh1 |
|
| 16 |
| vulnerability |
VCID-mjsc-w5v5-t7cg |
|
| 17 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 18 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 19 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 20 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.9 |
|
| 2 |
| url |
pkg:pypi/django@2.2.2 |
| purl |
pkg:pypi/django@2.2.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 2 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 3 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 4 |
| vulnerability |
VCID-6xs7-fpvj-mbbw |
|
| 5 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 8 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 9 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 10 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 11 |
| vulnerability |
VCID-b2ds-36xh-zfhp |
|
| 12 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 13 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 14 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 15 |
| vulnerability |
VCID-f7dh-ahya-hfar |
|
| 16 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 17 |
| vulnerability |
VCID-hpg4-c6bk-s7c7 |
|
| 18 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 19 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 20 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 21 |
| vulnerability |
VCID-k114-8z8u-2qh1 |
|
| 22 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 23 |
| vulnerability |
VCID-mjsc-w5v5-t7cg |
|
| 24 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 25 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 26 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 27 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 28 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 29 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 30 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 31 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 32 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 33 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 34 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 35 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 36 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 37 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 38 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 39 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
| 40 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.2 |
|
|
| aliases |
CVE-2019-12308, GHSA-7rp2-fm2h-wchj, PYSEC-2019-79
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-56na-n4w5-8fak |
|
| 4 |
| url |
VCID-6gss-ppm5-3yc9 |
| vulnerability_id |
VCID-6gss-ppm5-3yc9 |
| summary |
An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-36359 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00789 |
| scoring_system |
epss |
| scoring_elements |
0.73852 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.00789 |
| scoring_system |
epss |
| scoring_elements |
0.73865 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00789 |
| scoring_system |
epss |
| scoring_elements |
0.73873 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00789 |
| scoring_system |
epss |
| scoring_elements |
0.73828 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00789 |
| scoring_system |
epss |
| scoring_elements |
0.73892 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00789 |
| scoring_system |
epss |
| scoring_elements |
0.7387 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00789 |
| scoring_system |
epss |
| scoring_elements |
0.73857 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00789 |
| scoring_system |
epss |
| scoring_elements |
0.73823 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-36359 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@3.2.15 |
| purl |
pkg:pypi/django@3.2.15 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 1 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 2 |
| vulnerability |
VCID-78r4-85ms-63hm |
|
| 3 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 4 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 5 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 6 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 7 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 8 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 9 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 10 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 11 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 12 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 13 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 14 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.15 |
|
| 1 |
| url |
pkg:pypi/django@4.0.7 |
| purl |
pkg:pypi/django@4.0.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 1 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 6 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 7 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 8 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 9 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.7 |
|
|
| aliases |
BIT-django-2022-36359, CVE-2022-36359, GHSA-8x94-hmjh-97hq, PYSEC-2022-245
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6gss-ppm5-3yc9 |
|
| 5 |
| url |
VCID-6xs7-fpvj-mbbw |
| vulnerability_id |
VCID-6xs7-fpvj-mbbw |
| summary |
An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.11.22 |
| purl |
pkg:pypi/django@1.11.22 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 2 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 3 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 4 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 5 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 6 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 7 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 8 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 9 |
| vulnerability |
VCID-f7dh-ahya-hfar |
|
| 10 |
| vulnerability |
VCID-hpg4-c6bk-s7c7 |
|
| 11 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 12 |
| vulnerability |
VCID-k114-8z8u-2qh1 |
|
| 13 |
| vulnerability |
VCID-mjsc-w5v5-t7cg |
|
| 14 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 15 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 16 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 17 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 18 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.22 |
|
| 1 |
| url |
pkg:pypi/django@2.1.10 |
| purl |
pkg:pypi/django@2.1.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 2 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 3 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 4 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 5 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 6 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 7 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 8 |
| vulnerability |
VCID-b2ds-36xh-zfhp |
|
| 9 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 10 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 11 |
| vulnerability |
VCID-f7dh-ahya-hfar |
|
| 12 |
| vulnerability |
VCID-hpg4-c6bk-s7c7 |
|
| 13 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 14 |
| vulnerability |
VCID-k114-8z8u-2qh1 |
|
| 15 |
| vulnerability |
VCID-mjsc-w5v5-t7cg |
|
| 16 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 17 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 18 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.10 |
|
| 2 |
| url |
pkg:pypi/django@2.2.3 |
| purl |
pkg:pypi/django@2.2.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 2 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 3 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 4 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 5 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 6 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 7 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 8 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 9 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 10 |
| vulnerability |
VCID-b2ds-36xh-zfhp |
|
| 11 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 12 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 13 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 14 |
| vulnerability |
VCID-f7dh-ahya-hfar |
|
| 15 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 16 |
| vulnerability |
VCID-hpg4-c6bk-s7c7 |
|
| 17 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 18 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 19 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 20 |
| vulnerability |
VCID-k114-8z8u-2qh1 |
|
| 21 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 22 |
| vulnerability |
VCID-mjsc-w5v5-t7cg |
|
| 23 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 24 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 25 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 26 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 27 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 28 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 29 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 30 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 31 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 32 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 33 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 34 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 35 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 36 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 37 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
| 38 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.3 |
|
|
| aliases |
PYSEC-2019-80
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6xs7-fpvj-mbbw |
|
| 6 |
| url |
VCID-84mm-45p6-xkau |
| vulnerability_id |
VCID-84mm-45p6-xkau |
| summary |
Django has a denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on Windows
An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.
NFKC normalization in Python is slow on Windows. As a consequence, `django.http.HttpResponseRedirect`, `django.http.HttpResponsePermanentRedirect`, and the shortcut `django.shortcuts.redirect` were subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Seokchan Yoon for reporting this issue. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-64458 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05432 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05438 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05452 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.0548 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05424 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05417 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.0002 |
| scoring_system |
epss |
| scoring_elements |
0.05459 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00026 |
| scoring_system |
epss |
| scoring_elements |
0.07235 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-64458 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@5.2.8 |
| purl |
pkg:pypi/django@5.2.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 1 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 2 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 3 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 4 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 5 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 6 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 7 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 8 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 9 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.8 |
|
| 3 |
|
|
| aliases |
CVE-2025-64458, GHSA-qw25-v68c-qjf3
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-84mm-45p6-xkau |
|
| 7 |
| url |
VCID-896g-hqec-ryb9 |
| vulnerability_id |
VCID-896g-hqec-ryb9 |
| summary |
An issue was discovered in Django 5.2 before 5.2.2, 5.1 before 5.1.10, and 4.2 before 4.2.22. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-48432 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61428 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61446 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.6146 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61439 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61423 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61377 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61407 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.00411 |
| scoring_system |
epss |
| scoring_elements |
0.61378 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-48432 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
| reference_url |
https://groups.google.com/g/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N |
|
| 1 |
| value |
4.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/ |
|
|
| url |
https://groups.google.com/g/django-announce |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@4.2.22 |
| purl |
pkg:pypi/django@4.2.22 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 1 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 6 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 7 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 8 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 9 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 10 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 11 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 12 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 13 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 14 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.22 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@5.2.2 |
| purl |
pkg:pypi/django@5.2.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 1 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 6 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 7 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 8 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 9 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 10 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 11 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 12 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 13 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 14 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.2 |
|
|
| aliases |
BIT-django-2025-48432, CVE-2025-48432, GHSA-7xr5-9hcq-chf9, PYSEC-2025-47
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-896g-hqec-ryb9 |
|
| 8 |
| url |
VCID-8jaq-53td-wbeg |
| vulnerability_id |
VCID-8jaq-53td-wbeg |
| summary |
Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.) |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-19844 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.13973 |
| scoring_system |
epss |
| scoring_elements |
0.94298 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.13973 |
| scoring_system |
epss |
| scoring_elements |
0.9433 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.13973 |
| scoring_system |
epss |
| scoring_elements |
0.94329 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.13973 |
| scoring_system |
epss |
| scoring_elements |
0.94328 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.13973 |
| scoring_system |
epss |
| scoring_elements |
0.94289 |
| published_at |
2026-04-01T12:55:00Z |
|
| 5 |
| value |
0.13973 |
| scoring_system |
epss |
| scoring_elements |
0.94324 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.13973 |
| scoring_system |
epss |
| scoring_elements |
0.9432 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.13973 |
| scoring_system |
epss |
| scoring_elements |
0.9431 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.13973 |
| scoring_system |
epss |
| scoring_elements |
0.94309 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-19844 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/advisories/GHSA-vfq6-hq5r-27r6 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
CRITICAL |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-vfq6-hq5r-27r6 |
|
| 8 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
| reference_url |
https://seclists.org/bugtraq/2020/Jan/9 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://seclists.org/bugtraq/2020/Jan/9 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
| reference_url |
https://usn.ubuntu.com/4224-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4224-1 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:pypi/django@2.2.9 |
| purl |
pkg:pypi/django@2.2.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 1 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 4 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 5 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 6 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 7 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 8 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 9 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 10 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 11 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 12 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 13 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 14 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 15 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 16 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 17 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 18 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 19 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 20 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 21 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 22 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 23 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 24 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 25 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 26 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.9 |
|
| 2 |
| url |
pkg:pypi/django@3.0.1 |
| purl |
pkg:pypi/django@3.0.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 1 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 2 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 3 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 6 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 7 |
| vulnerability |
VCID-gan1-9gwu-63d2 |
|
| 8 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 9 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 10 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 11 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 12 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 13 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 14 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 15 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 16 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 17 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 18 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 19 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.1 |
|
|
| aliases |
CVE-2019-19844, GHSA-vfq6-hq5r-27r6, PYSEC-2019-16
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8jaq-53td-wbeg |
|
| 9 |
| url |
VCID-9uzd-mmyv-mfh4 |
| vulnerability_id |
VCID-9uzd-mmyv-mfh4 |
| summary |
Django vulnerable to SQL injection via _connector keyword argument in QuerySet and Q objects.
An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.
The methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank cyberstan for reporting this issue. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-64459 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00191 |
| scoring_system |
epss |
| scoring_elements |
0.41087 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00576 |
| scoring_system |
epss |
| scoring_elements |
0.68804 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.00576 |
| scoring_system |
epss |
| scoring_elements |
0.68818 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00576 |
| scoring_system |
epss |
| scoring_elements |
0.68795 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.00576 |
| scoring_system |
epss |
| scoring_elements |
0.68776 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00576 |
| scoring_system |
epss |
| scoring_elements |
0.68724 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00576 |
| scoring_system |
epss |
| scoring_elements |
0.68747 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.00576 |
| scoring_system |
epss |
| scoring_elements |
0.68774 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-64459 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@5.2.8 |
| purl |
pkg:pypi/django@5.2.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 1 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 2 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 3 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 4 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 5 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 6 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 7 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 8 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 9 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.8 |
|
| 3 |
|
|
| aliases |
CVE-2025-64459, GHSA-frmv-pr5f-9mcr
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9uzd-mmyv-mfh4 |
|
| 10 |
| url |
VCID-a8zx-jamf-cfcm |
| vulnerability_id |
VCID-a8zx-jamf-cfcm |
| summary |
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of "OR 1=1" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-14234 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.19114 |
| scoring_system |
epss |
| scoring_elements |
0.95344 |
| published_at |
2026-04-12T12:55:00Z |
|
| 1 |
| value |
0.19114 |
| scoring_system |
epss |
| scoring_elements |
0.95346 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.19114 |
| scoring_system |
epss |
| scoring_elements |
0.95339 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.19114 |
| scoring_system |
epss |
| scoring_elements |
0.95335 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.19114 |
| scoring_system |
epss |
| scoring_elements |
0.95328 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.1952 |
| scoring_system |
epss |
| scoring_elements |
0.95382 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.1952 |
| scoring_system |
epss |
| scoring_elements |
0.95376 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.1952 |
| scoring_system |
epss |
| scoring_elements |
0.95367 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-14234 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
| reference_url |
https://github.com/advisories/GHSA-6r97-cj55-9hrq |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
CRITICAL |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-6r97-cj55-9hrq |
|
| 11 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
| reference_url |
https://seclists.org/bugtraq/2019/Aug/15 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://seclists.org/bugtraq/2019/Aug/15 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.11.23 |
| purl |
pkg:pypi/django@1.11.23 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 1 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 2 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 3 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 6 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 7 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 8 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 9 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 10 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.23 |
|
| 1 |
| url |
pkg:pypi/django@2.1.11 |
| purl |
pkg:pypi/django@2.1.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 1 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 2 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 3 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-b2ds-36xh-zfhp |
|
| 6 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 7 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 8 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 9 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 10 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.11 |
|
| 2 |
| url |
pkg:pypi/django@2.2.4 |
| purl |
pkg:pypi/django@2.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 1 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 4 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 5 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 6 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 7 |
| vulnerability |
VCID-b2ds-36xh-zfhp |
|
| 8 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 9 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 10 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 11 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 12 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 13 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 14 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 15 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 16 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 17 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 18 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 19 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 20 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 21 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 22 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 23 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 24 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 25 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 26 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 27 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 28 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 29 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
| 30 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.4 |
|
|
| aliases |
CVE-2019-14234, GHSA-6r97-cj55-9hrq, PYSEC-2019-13
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-a8zx-jamf-cfcm |
|
| 11 |
| url |
VCID-be38-bevp-y7ae |
| vulnerability_id |
VCID-be38-bevp-y7ae |
| summary |
An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provided as a URL query parameter payload, could result in an clickable JavaScript link. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.11.21 |
| purl |
pkg:pypi/django@1.11.21 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 2 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 3 |
| vulnerability |
VCID-6xs7-fpvj-mbbw |
|
| 4 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 5 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 6 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 7 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 8 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 9 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 10 |
| vulnerability |
VCID-f7dh-ahya-hfar |
|
| 11 |
| vulnerability |
VCID-hpg4-c6bk-s7c7 |
|
| 12 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 13 |
| vulnerability |
VCID-k114-8z8u-2qh1 |
|
| 14 |
| vulnerability |
VCID-mjsc-w5v5-t7cg |
|
| 15 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 16 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 17 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 18 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 19 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 20 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.21 |
|
| 1 |
| url |
pkg:pypi/django@2.1.9 |
| purl |
pkg:pypi/django@2.1.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 2 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 3 |
| vulnerability |
VCID-6xs7-fpvj-mbbw |
|
| 4 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 5 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 6 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 7 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 8 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 9 |
| vulnerability |
VCID-b2ds-36xh-zfhp |
|
| 10 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 11 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 12 |
| vulnerability |
VCID-f7dh-ahya-hfar |
|
| 13 |
| vulnerability |
VCID-hpg4-c6bk-s7c7 |
|
| 14 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 15 |
| vulnerability |
VCID-k114-8z8u-2qh1 |
|
| 16 |
| vulnerability |
VCID-mjsc-w5v5-t7cg |
|
| 17 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 18 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 19 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 20 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.9 |
|
| 2 |
| url |
pkg:pypi/django@2.2.2 |
| purl |
pkg:pypi/django@2.2.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 2 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 3 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 4 |
| vulnerability |
VCID-6xs7-fpvj-mbbw |
|
| 5 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 8 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 9 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 10 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 11 |
| vulnerability |
VCID-b2ds-36xh-zfhp |
|
| 12 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 13 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 14 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 15 |
| vulnerability |
VCID-f7dh-ahya-hfar |
|
| 16 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 17 |
| vulnerability |
VCID-hpg4-c6bk-s7c7 |
|
| 18 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 19 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 20 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 21 |
| vulnerability |
VCID-k114-8z8u-2qh1 |
|
| 22 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 23 |
| vulnerability |
VCID-mjsc-w5v5-t7cg |
|
| 24 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 25 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 26 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 27 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 28 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 29 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 30 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 31 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 32 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 33 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 34 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 35 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 36 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 37 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 38 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 39 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
| 40 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.2 |
|
|
| aliases |
PYSEC-2019-9
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-be38-bevp-y7ae |
|
| 12 |
| url |
VCID-c3ne-nkd9-pug8 |
| vulnerability_id |
VCID-c3ne-nkd9-pug8 |
| summary |
Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function. |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@2.1.7 |
| purl |
pkg:pypi/django@2.1.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 2 |
| vulnerability |
VCID-3s9f-prpy-hbcx |
|
| 3 |
| vulnerability |
VCID-56na-n4w5-8fak |
|
| 4 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 5 |
| vulnerability |
VCID-6xs7-fpvj-mbbw |
|
| 6 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 7 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 8 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 9 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 10 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 11 |
| vulnerability |
VCID-b2ds-36xh-zfhp |
|
| 12 |
| vulnerability |
VCID-be38-bevp-y7ae |
|
| 13 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 14 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 15 |
| vulnerability |
VCID-f7dh-ahya-hfar |
|
| 16 |
| vulnerability |
VCID-hpg4-c6bk-s7c7 |
|
| 17 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 18 |
| vulnerability |
VCID-k114-8z8u-2qh1 |
|
| 19 |
| vulnerability |
VCID-mjsc-w5v5-t7cg |
|
| 20 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 21 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 22 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 23 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.7 |
|
|
| aliases |
PYSEC-2019-88
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-c3ne-nkd9-pug8 |
|
| 13 |
| url |
VCID-e2jd-yd4j-kqgt |
| vulnerability_id |
VCID-e2jd-yd4j-kqgt |
| summary |
Django allows enumeration of user e-mail addresses
An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing). |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-45231 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46361 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.4635 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46331 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46379 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46355 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46299 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46351 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-45231 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
| reference_url |
https://groups.google.com/forum/#%21forum/django-announce |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 2 |
| value |
6.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:35:34Z/ |
|
|
| url |
https://groups.google.com/forum/#%21forum/django-announce |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@4.2.16 |
| purl |
pkg:pypi/django@4.2.16 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 1 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 2 |
| vulnerability |
VCID-3sac-ah8j-pucd |
|
| 3 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 4 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 5 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 6 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 7 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 8 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 9 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 10 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 11 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 12 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 13 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 14 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 15 |
| vulnerability |
VCID-rmdp-bnjj-zuf2 |
|
| 16 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 17 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 18 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 19 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 20 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
| 21 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.16 |
|
| 1 |
| url |
pkg:pypi/django@5.0.9 |
| purl |
pkg:pypi/django@5.0.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3sac-ah8j-pucd |
|
| 1 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 2 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 3 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 4 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 5 |
| vulnerability |
VCID-p9fd-1qx2-8ubc |
|
| 6 |
| vulnerability |
VCID-rmdp-bnjj-zuf2 |
|
| 7 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 8 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 9 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.9 |
|
| 2 |
| url |
pkg:pypi/django@5.1.1 |
| purl |
pkg:pypi/django@5.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3sac-ah8j-pucd |
|
| 1 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 2 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 3 |
| vulnerability |
VCID-9abh-apwm-ebab |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 6 |
| vulnerability |
VCID-e87q-1j8h-93hh |
|
| 7 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 8 |
| vulnerability |
VCID-p9fd-1qx2-8ubc |
|
| 9 |
| vulnerability |
VCID-rmdp-bnjj-zuf2 |
|
| 10 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 11 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 12 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 13 |
| vulnerability |
VCID-wwa5-mhgu-9khz |
|
| 14 |
| vulnerability |
VCID-xgv1-s2ek-q3dp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.1 |
|
|
| aliases |
CVE-2024-45231, GHSA-rrqc-c2jx-6jgv
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-e2jd-yd4j-kqgt |
|
| 14 |
| url |
VCID-f7dh-ahya-hfar |
| vulnerability_id |
VCID-f7dh-ahya-hfar |
| summary |
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.11.23 |
| purl |
pkg:pypi/django@1.11.23 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 1 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 2 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 3 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 6 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 7 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 8 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 9 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 10 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.23 |
|
| 1 |
| url |
pkg:pypi/django@2.1.11 |
| purl |
pkg:pypi/django@2.1.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 1 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 2 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 3 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-b2ds-36xh-zfhp |
|
| 6 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 7 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 8 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 9 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 10 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.11 |
|
| 2 |
| url |
pkg:pypi/django@2.2.4 |
| purl |
pkg:pypi/django@2.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 1 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 4 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 5 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 6 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 7 |
| vulnerability |
VCID-b2ds-36xh-zfhp |
|
| 8 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 9 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 10 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 11 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 12 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 13 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 14 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 15 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 16 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 17 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 18 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 19 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 20 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 21 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 22 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 23 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 24 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 25 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 26 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 27 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 28 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 29 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
| 30 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.4 |
|
|
| aliases |
PYSEC-2019-84
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-f7dh-ahya-hfar |
|
| 15 |
| url |
VCID-hpg4-c6bk-s7c7 |
| vulnerability_id |
VCID-hpg4-c6bk-s7c7 |
| summary |
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.strip_tags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.11.23 |
| purl |
pkg:pypi/django@1.11.23 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 1 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 2 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 3 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 6 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 7 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 8 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 9 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 10 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.23 |
|
| 1 |
| url |
pkg:pypi/django@2.1.11 |
| purl |
pkg:pypi/django@2.1.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 1 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 2 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 3 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-b2ds-36xh-zfhp |
|
| 6 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 7 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 8 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 9 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 10 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.11 |
|
| 2 |
| url |
pkg:pypi/django@2.2.4 |
| purl |
pkg:pypi/django@2.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 1 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 4 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 5 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 6 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 7 |
| vulnerability |
VCID-b2ds-36xh-zfhp |
|
| 8 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 9 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 10 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 11 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 12 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 13 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 14 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 15 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 16 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 17 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 18 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 19 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 20 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 21 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 22 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 23 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 24 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 25 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 26 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 27 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 28 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 29 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
| 30 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.4 |
|
|
| aliases |
PYSEC-2019-82
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hpg4-c6bk-s7c7 |
|
| 16 |
| url |
VCID-jae8-w85w-cyfu |
| vulnerability_id |
VCID-jae8-w85w-cyfu |
| summary |
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-7537 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02064 |
| scoring_system |
epss |
| scoring_elements |
0.83885 |
| published_at |
2026-04-07T12:55:00Z |
|
| 1 |
| value |
0.02064 |
| scoring_system |
epss |
| scoring_elements |
0.83884 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.02064 |
| scoring_system |
epss |
| scoring_elements |
0.83915 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.02064 |
| scoring_system |
epss |
| scoring_elements |
0.83854 |
| published_at |
2026-04-01T12:55:00Z |
|
| 4 |
| value |
0.02064 |
| scoring_system |
epss |
| scoring_elements |
0.83922 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.02064 |
| scoring_system |
epss |
| scoring_elements |
0.83926 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.02064 |
| scoring_system |
epss |
| scoring_elements |
0.83932 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.02064 |
| scoring_system |
epss |
| scoring_elements |
0.83868 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.02064 |
| scoring_system |
epss |
| scoring_elements |
0.83909 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-7537 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
|
| 1 |
| value |
2.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
| reference_url |
https://usn.ubuntu.com/3591-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
|
| 1 |
| value |
2.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/3591-1 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.11.11 |
| purl |
pkg:pypi/django@1.11.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fs3-2msx-9kev |
|
| 1 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 2 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 3 |
| vulnerability |
VCID-56na-n4w5-8fak |
|
| 4 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 5 |
| vulnerability |
VCID-6xs7-fpvj-mbbw |
|
| 6 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 7 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 8 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 9 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 10 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 11 |
| vulnerability |
VCID-be38-bevp-y7ae |
|
| 12 |
| vulnerability |
VCID-c3ne-nkd9-pug8 |
|
| 13 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 14 |
| vulnerability |
VCID-f7dh-ahya-hfar |
|
| 15 |
| vulnerability |
VCID-hpg4-c6bk-s7c7 |
|
| 16 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 17 |
| vulnerability |
VCID-k114-8z8u-2qh1 |
|
| 18 |
| vulnerability |
VCID-mjsc-w5v5-t7cg |
|
| 19 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 20 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 21 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 22 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 23 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 24 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
| 25 |
| vulnerability |
VCID-x664-bfna-6qdv |
|
| 26 |
| vulnerability |
VCID-xaqg-mhqa-7keg |
|
| 27 |
| vulnerability |
VCID-xne6-9e55-uued |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.11 |
|
| 1 |
| url |
pkg:pypi/django@2.0.3 |
| purl |
pkg:pypi/django@2.0.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fs3-2msx-9kev |
|
| 1 |
| vulnerability |
VCID-3s9f-prpy-hbcx |
|
| 2 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 3 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 4 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 5 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 6 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 7 |
| vulnerability |
VCID-c3ne-nkd9-pug8 |
|
| 8 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 9 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 10 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 11 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 12 |
| vulnerability |
VCID-x664-bfna-6qdv |
|
| 13 |
| vulnerability |
VCID-xaqg-mhqa-7keg |
|
| 14 |
| vulnerability |
VCID-xne6-9e55-uued |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.0.3 |
|
|
| aliases |
CVE-2018-7537, GHSA-2f9x-5v75-3qv4, PYSEC-2018-6
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jae8-w85w-cyfu |
|
| 17 |
| url |
VCID-jtru-9jmz-kkek |
| vulnerability_id |
VCID-jtru-9jmz-kkek |
| summary |
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.strip_tags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-14233 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89115 |
| published_at |
2026-04-07T12:55:00Z |
|
| 1 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89112 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89098 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89089 |
| published_at |
2026-04-01T12:55:00Z |
|
| 4 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89143 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89145 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89148 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89138 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.04511 |
| scoring_system |
epss |
| scoring_elements |
0.89132 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-14233 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
| reference_url |
https://seclists.org/bugtraq/2019/Aug/15 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://seclists.org/bugtraq/2019/Aug/15 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.11.23 |
| purl |
pkg:pypi/django@1.11.23 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 1 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 2 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 3 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 6 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 7 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 8 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 9 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 10 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.23 |
|
| 1 |
| url |
pkg:pypi/django@2.1.11 |
| purl |
pkg:pypi/django@2.1.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 1 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 2 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 3 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-b2ds-36xh-zfhp |
|
| 6 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 7 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 8 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 9 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 10 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.11 |
|
| 2 |
| url |
pkg:pypi/django@2.2.4 |
| purl |
pkg:pypi/django@2.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 1 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 4 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 5 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 6 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 7 |
| vulnerability |
VCID-b2ds-36xh-zfhp |
|
| 8 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 9 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 10 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 11 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 12 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 13 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 14 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 15 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 16 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 17 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 18 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 19 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 20 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 21 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 22 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 23 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 24 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 25 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 26 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 27 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 28 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 29 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
| 30 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.4 |
|
|
| aliases |
CVE-2019-14233, GHSA-h5jv-4p7w-64jg, PYSEC-2019-12
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jtru-9jmz-kkek |
|
| 18 |
| url |
VCID-k114-8z8u-2qh1 |
| vulnerability_id |
VCID-k114-8z8u-2qh1 |
| summary |
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.11.23 |
| purl |
pkg:pypi/django@1.11.23 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 1 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 2 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 3 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 6 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 7 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 8 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 9 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 10 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.23 |
|
| 1 |
| url |
pkg:pypi/django@2.1.11 |
| purl |
pkg:pypi/django@2.1.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 1 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 2 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 3 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-b2ds-36xh-zfhp |
|
| 6 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 7 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 8 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 9 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 10 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.11 |
|
| 2 |
| url |
pkg:pypi/django@2.2.4 |
| purl |
pkg:pypi/django@2.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 1 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 4 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 5 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 6 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 7 |
| vulnerability |
VCID-b2ds-36xh-zfhp |
|
| 8 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 9 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 10 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 11 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 12 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 13 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 14 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 15 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 16 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 17 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 18 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 19 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 20 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 21 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 22 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 23 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 24 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 25 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 26 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 27 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 28 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 29 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
| 30 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.4 |
|
|
| aliases |
PYSEC-2019-81
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-k114-8z8u-2qh1 |
|
| 19 |
| url |
VCID-mjsc-w5v5-t7cg |
| vulnerability_id |
VCID-mjsc-w5v5-t7cg |
| summary |
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of "OR 1=1" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.11.23 |
| purl |
pkg:pypi/django@1.11.23 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 1 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 2 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 3 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 6 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 7 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 8 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 9 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 10 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.23 |
|
| 1 |
| url |
pkg:pypi/django@2.1.11 |
| purl |
pkg:pypi/django@2.1.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 1 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 2 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 3 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-b2ds-36xh-zfhp |
|
| 6 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 7 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 8 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 9 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 10 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.11 |
|
| 2 |
| url |
pkg:pypi/django@2.2.4 |
| purl |
pkg:pypi/django@2.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 1 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 4 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 5 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 6 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 7 |
| vulnerability |
VCID-b2ds-36xh-zfhp |
|
| 8 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 9 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 10 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 11 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 12 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 13 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 14 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 15 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 16 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 17 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 18 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 19 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 20 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 21 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 22 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 23 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 24 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 25 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 26 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 27 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 28 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 29 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
| 30 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.4 |
|
|
| aliases |
PYSEC-2019-83
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mjsc-w5v5-t7cg |
|
| 20 |
| url |
VCID-mv1p-yxvp-pbh6 |
| vulnerability_id |
VCID-mv1p-yxvp-pbh6 |
| summary |
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-7536 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01372 |
| scoring_system |
epss |
| scoring_elements |
0.80172 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.01372 |
| scoring_system |
epss |
| scoring_elements |
0.80188 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.01372 |
| scoring_system |
epss |
| scoring_elements |
0.80216 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.01372 |
| scoring_system |
epss |
| scoring_elements |
0.80226 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.01372 |
| scoring_system |
epss |
| scoring_elements |
0.80199 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.01372 |
| scoring_system |
epss |
| scoring_elements |
0.80179 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.01372 |
| scoring_system |
epss |
| scoring_elements |
0.80244 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.01372 |
| scoring_system |
epss |
| scoring_elements |
0.8023 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.01372 |
| scoring_system |
epss |
| scoring_elements |
0.80224 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-7536 |
|
| 6 |
|
| 7 |
|
| 8 |
| reference_url |
https://github.com/advisories/GHSA-r28v-mw67-m5p9 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-r28v-mw67-m5p9 |
|
| 9 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
| reference_url |
https://usn.ubuntu.com/3591-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/3591-1 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.11.11 |
| purl |
pkg:pypi/django@1.11.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fs3-2msx-9kev |
|
| 1 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 2 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 3 |
| vulnerability |
VCID-56na-n4w5-8fak |
|
| 4 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 5 |
| vulnerability |
VCID-6xs7-fpvj-mbbw |
|
| 6 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 7 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 8 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 9 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 10 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 11 |
| vulnerability |
VCID-be38-bevp-y7ae |
|
| 12 |
| vulnerability |
VCID-c3ne-nkd9-pug8 |
|
| 13 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 14 |
| vulnerability |
VCID-f7dh-ahya-hfar |
|
| 15 |
| vulnerability |
VCID-hpg4-c6bk-s7c7 |
|
| 16 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 17 |
| vulnerability |
VCID-k114-8z8u-2qh1 |
|
| 18 |
| vulnerability |
VCID-mjsc-w5v5-t7cg |
|
| 19 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 20 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 21 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 22 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 23 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 24 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
| 25 |
| vulnerability |
VCID-x664-bfna-6qdv |
|
| 26 |
| vulnerability |
VCID-xaqg-mhqa-7keg |
|
| 27 |
| vulnerability |
VCID-xne6-9e55-uued |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.11 |
|
| 1 |
| url |
pkg:pypi/django@2.0.3 |
| purl |
pkg:pypi/django@2.0.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fs3-2msx-9kev |
|
| 1 |
| vulnerability |
VCID-3s9f-prpy-hbcx |
|
| 2 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 3 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 4 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 5 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 6 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 7 |
| vulnerability |
VCID-c3ne-nkd9-pug8 |
|
| 8 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 9 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 10 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 11 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 12 |
| vulnerability |
VCID-x664-bfna-6qdv |
|
| 13 |
| vulnerability |
VCID-xaqg-mhqa-7keg |
|
| 14 |
| vulnerability |
VCID-xne6-9e55-uued |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.0.3 |
|
|
| aliases |
CVE-2018-7536, GHSA-r28v-mw67-m5p9, PYSEC-2018-5
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mv1p-yxvp-pbh6 |
|
| 21 |
| url |
VCID-qjez-qe32-e3b6 |
| vulnerability_id |
VCID-qjez-qe32-e3b6 |
| summary |
An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12781 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.03901 |
| scoring_system |
epss |
| scoring_elements |
0.88249 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.03901 |
| scoring_system |
epss |
| scoring_elements |
0.88282 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.03901 |
| scoring_system |
epss |
| scoring_elements |
0.88291 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.03901 |
| scoring_system |
epss |
| scoring_elements |
0.88279 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.03901 |
| scoring_system |
epss |
| scoring_elements |
0.88273 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.03901 |
| scoring_system |
epss |
| scoring_elements |
0.88254 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.03901 |
| scoring_system |
epss |
| scoring_elements |
0.88226 |
| published_at |
2026-04-01T12:55:00Z |
|
| 7 |
| value |
0.03901 |
| scoring_system |
epss |
| scoring_elements |
0.88234 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12781 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
| reference_url |
https://github.com/advisories/GHSA-6c7v-2f49-8h26 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-6c7v-2f49-8h26 |
|
| 11 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
| reference_url |
https://seclists.org/bugtraq/2019/Jul/10 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://seclists.org/bugtraq/2019/Jul/10 |
|
| 17 |
|
| 18 |
|
| 19 |
| reference_url |
https://usn.ubuntu.com/4043-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4043-1 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.11.22 |
| purl |
pkg:pypi/django@1.11.22 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 2 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 3 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 4 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 5 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 6 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 7 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 8 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 9 |
| vulnerability |
VCID-f7dh-ahya-hfar |
|
| 10 |
| vulnerability |
VCID-hpg4-c6bk-s7c7 |
|
| 11 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 12 |
| vulnerability |
VCID-k114-8z8u-2qh1 |
|
| 13 |
| vulnerability |
VCID-mjsc-w5v5-t7cg |
|
| 14 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 15 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 16 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 17 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 18 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.22 |
|
| 1 |
| url |
pkg:pypi/django@2.1.10 |
| purl |
pkg:pypi/django@2.1.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 2 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 3 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 4 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 5 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 6 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 7 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 8 |
| vulnerability |
VCID-b2ds-36xh-zfhp |
|
| 9 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 10 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 11 |
| vulnerability |
VCID-f7dh-ahya-hfar |
|
| 12 |
| vulnerability |
VCID-hpg4-c6bk-s7c7 |
|
| 13 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 14 |
| vulnerability |
VCID-k114-8z8u-2qh1 |
|
| 15 |
| vulnerability |
VCID-mjsc-w5v5-t7cg |
|
| 16 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 17 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 18 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.10 |
|
| 2 |
| url |
pkg:pypi/django@2.2.3 |
| purl |
pkg:pypi/django@2.2.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 2 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 3 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 4 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 5 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 6 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 7 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 8 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 9 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 10 |
| vulnerability |
VCID-b2ds-36xh-zfhp |
|
| 11 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 12 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 13 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 14 |
| vulnerability |
VCID-f7dh-ahya-hfar |
|
| 15 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 16 |
| vulnerability |
VCID-hpg4-c6bk-s7c7 |
|
| 17 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 18 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 19 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 20 |
| vulnerability |
VCID-k114-8z8u-2qh1 |
|
| 21 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 22 |
| vulnerability |
VCID-mjsc-w5v5-t7cg |
|
| 23 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 24 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 25 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 26 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 27 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 28 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 29 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 30 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 31 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 32 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 33 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 34 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 35 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 36 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 37 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
| 38 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.3 |
|
|
| aliases |
CVE-2019-12781, GHSA-6c7v-2f49-8h26, PYSEC-2019-10
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qjez-qe32-e3b6 |
|
| 22 |
| url |
VCID-qm34-ec8s-tfd7 |
| vulnerability_id |
VCID-qm34-ec8s-tfd7 |
| summary |
Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and only if) the default admindocs templates have been customized by application developers to also show file contents, then not only the existence but also the file contents would have been exposed. In other words, there is directory traversal outside of the template root directories. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-33203 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.55629 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.55646 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.55666 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.55657 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.55654 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.55489 |
| published_at |
2026-04-01T12:55:00Z |
|
| 6 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.55603 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.55625 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.556 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-33203 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/advisories/GHSA-68w8-qjq3-2gfm |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-68w8-qjq3-2gfm |
|
| 7 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@2.2.24 |
| purl |
pkg:pypi/django@2.2.24 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 1 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 6 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 7 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 8 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 9 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 10 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 11 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 12 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 13 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.24 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@3.2.4 |
| purl |
pkg:pypi/django@3.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-42x9-8c3c-bug1 |
|
| 1 |
| vulnerability |
VCID-4ztz-fq98-5fh1 |
|
| 2 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 3 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 4 |
| vulnerability |
VCID-78r4-85ms-63hm |
|
| 5 |
| vulnerability |
VCID-7tca-pgcs-cuhd |
|
| 6 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 7 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 8 |
| vulnerability |
VCID-8m4b-y4va-kqgm |
|
| 9 |
| vulnerability |
VCID-8xgs-8xjr-cber |
|
| 10 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 11 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 12 |
| vulnerability |
VCID-gan1-9gwu-63d2 |
|
| 13 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 14 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 15 |
| vulnerability |
VCID-jh1e-72hp-fuf4 |
|
| 16 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 17 |
| vulnerability |
VCID-nese-5485-hkbs |
|
| 18 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 19 |
| vulnerability |
VCID-t6uc-dfrd-jyfg |
|
| 20 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 21 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 22 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 23 |
| vulnerability |
VCID-wz1q-1tjp-4qhw |
|
| 24 |
| vulnerability |
VCID-ypub-ukuh-p3aw |
|
| 25 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.4 |
|
|
| aliases |
BIT-django-2021-33203, CVE-2021-33203, GHSA-68w8-qjq3-2gfm, PYSEC-2021-98
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qm34-ec8s-tfd7 |
|
| 23 |
| url |
VCID-w2dv-u8h6-sbgs |
| vulnerability_id |
VCID-w2dv-u8h6-sbgs |
| summary |
Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-7471 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.09442 |
| scoring_system |
epss |
| scoring_elements |
0.92785 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.09442 |
| scoring_system |
epss |
| scoring_elements |
0.92805 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.09442 |
| scoring_system |
epss |
| scoring_elements |
0.928 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.09442 |
| scoring_system |
epss |
| scoring_elements |
0.92796 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.09442 |
| scoring_system |
epss |
| scoring_elements |
0.92786 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.09442 |
| scoring_system |
epss |
| scoring_elements |
0.9279 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.09442 |
| scoring_system |
epss |
| scoring_elements |
0.92778 |
| published_at |
2026-04-01T12:55:00Z |
|
| 7 |
| value |
0.09442 |
| scoring_system |
epss |
| scoring_elements |
0.92804 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-7471 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/advisories/GHSA-hmr4-m2h5-33qx |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
CRITICAL |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-hmr4-m2h5-33qx |
|
| 7 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
| reference_url |
https://seclists.org/bugtraq/2020/Feb/30 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://seclists.org/bugtraq/2020/Feb/30 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
| reference_url |
https://usn.ubuntu.com/4264-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4264-1 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:pypi/django@2.2.10 |
| purl |
pkg:pypi/django@2.2.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 1 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 4 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 5 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 6 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 7 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 8 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 9 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 10 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 11 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 12 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 13 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 14 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 15 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 16 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 17 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 18 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 19 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 20 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 21 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 22 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 23 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 24 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 25 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.10 |
|
| 2 |
| url |
pkg:pypi/django@3.0.3 |
| purl |
pkg:pypi/django@3.0.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 1 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 2 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 3 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 6 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 7 |
| vulnerability |
VCID-gan1-9gwu-63d2 |
|
| 8 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 9 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 10 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 11 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 12 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 13 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 14 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 15 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 16 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 17 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 18 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.3 |
|
|
| aliases |
BIT-django-2020-7471, CVE-2020-7471, GHSA-hmr4-m2h5-33qx, PYSEC-2020-35
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w2dv-u8h6-sbgs |
|
| 24 |
| url |
VCID-w4pr-k5nj-ckgy |
| vulnerability_id |
VCID-w4pr-k5nj-ckgy |
| summary |
Django is subject to SQL injection through its column aliases
An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed QuerySet.annotate() or QuerySet.alias(). |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-57833 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05586 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05593 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05603 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05631 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.00022 |
| scoring_system |
epss |
| scoring_elements |
0.05868 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00022 |
| scoring_system |
epss |
| scoring_elements |
0.05828 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00022 |
| scoring_system |
epss |
| scoring_elements |
0.05834 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.00022 |
| scoring_system |
epss |
| scoring_elements |
0.05798 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-57833 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@4.2.24 |
| purl |
pkg:pypi/django@4.2.24 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 1 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 6 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 7 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 8 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 9 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 10 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 11 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 12 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 13 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.24 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/django@5.2.6 |
| purl |
pkg:pypi/django@5.2.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-28g3-ubx6-ebff |
|
| 1 |
| vulnerability |
VCID-2tfv-rtq7-2fg9 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-8qu1-45n9-gyb1 |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-ac4c-321h-tqfk |
|
| 6 |
| vulnerability |
VCID-c6xy-v4sf-u3hn |
|
| 7 |
| vulnerability |
VCID-e9k9-1s9f-dbgv |
|
| 8 |
| vulnerability |
VCID-msge-1mfu-7qfa |
|
| 9 |
| vulnerability |
VCID-mux4-uv98-hbbw |
|
| 10 |
| vulnerability |
VCID-nda7-9219-6kce |
|
| 11 |
| vulnerability |
VCID-ukkt-wgau-t3et |
|
| 12 |
| vulnerability |
VCID-vwt9-q3dt-vbfg |
|
| 13 |
| vulnerability |
VCID-ysyp-h7ja-yff3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.6 |
|
|
| aliases |
CVE-2025-57833, GHSA-6w2r-r2m5-xq5w
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w4pr-k5nj-ckgy |
|
| 25 |
| url |
VCID-wb34-g6xq-rkfx |
| vulnerability_id |
VCID-wb34-g6xq-rkfx |
| summary |
Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was possible to break escaping and inject malicious SQL. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-9402 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.85514 |
| scoring_system |
epss |
| scoring_elements |
0.99366 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.85514 |
| scoring_system |
epss |
| scoring_elements |
0.9937 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.85514 |
| scoring_system |
epss |
| scoring_elements |
0.99369 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.85514 |
| scoring_system |
epss |
| scoring_elements |
0.99368 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.85514 |
| scoring_system |
epss |
| scoring_elements |
0.99363 |
| published_at |
2026-04-01T12:55:00Z |
|
| 5 |
| value |
0.85514 |
| scoring_system |
epss |
| scoring_elements |
0.99364 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.85514 |
| scoring_system |
epss |
| scoring_elements |
0.99371 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-9402 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
| reference_url |
https://usn.ubuntu.com/4296-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4296-1 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:pypi/django@2.2.11 |
| purl |
pkg:pypi/django@2.2.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 1 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 4 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 5 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 6 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 7 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 8 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 9 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 10 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 11 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 12 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 13 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 14 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 15 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 16 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 17 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 18 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 19 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 20 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 21 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 22 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 23 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 24 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.11 |
|
| 2 |
| url |
pkg:pypi/django@3.0.4 |
| purl |
pkg:pypi/django@3.0.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 1 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 2 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 3 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 4 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 5 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 6 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 7 |
| vulnerability |
VCID-gan1-9gwu-63d2 |
|
| 8 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 9 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 10 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 11 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 12 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 13 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 14 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 15 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 16 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 17 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.0.4 |
|
|
| aliases |
BIT-django-2020-9402, CVE-2020-9402, GHSA-3gh2-xw74-jmcw, PYSEC-2020-36
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wb34-g6xq-rkfx |
|
| 26 |
| url |
VCID-x516-xwze-6ba3 |
| vulnerability_id |
VCID-x516-xwze-6ba3 |
| summary |
Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.) |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:pypi/django@2.2.9 |
| purl |
pkg:pypi/django@2.2.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-66w1-4zku-gyfp |
|
| 1 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 4 |
| vulnerability |
VCID-9k9t-vp1a-z7bt |
|
| 5 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 6 |
| vulnerability |
VCID-c8s7-3g9m-d3cw |
|
| 7 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 8 |
| vulnerability |
VCID-gp5e-nguh-5fdk |
|
| 9 |
| vulnerability |
VCID-hwa2-n7a2-pyg1 |
|
| 10 |
| vulnerability |
VCID-j4br-4y39-s3gs |
|
| 11 |
| vulnerability |
VCID-kypj-ptb9-8qhz |
|
| 12 |
| vulnerability |
VCID-mmay-juu6-5ua9 |
|
| 13 |
| vulnerability |
VCID-mzdk-m12w-q3fc |
|
| 14 |
| vulnerability |
VCID-pa75-6avj-duf7 |
|
| 15 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 16 |
| vulnerability |
VCID-th9v-dk98-3kea |
|
| 17 |
| vulnerability |
VCID-u7m5-tzv2-c7hn |
|
| 18 |
| vulnerability |
VCID-ume2-wt6y-jye7 |
|
| 19 |
| vulnerability |
VCID-upy5-adtx-n7hg |
|
| 20 |
| vulnerability |
VCID-v4ad-xxy8-wfc9 |
|
| 21 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 22 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 23 |
| vulnerability |
VCID-w6k8-js68-87g4 |
|
| 24 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 25 |
| vulnerability |
VCID-wkrc-62bd-bbgx |
|
| 26 |
| vulnerability |
VCID-z8z1-cjee-kfeg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.9 |
|
|
| aliases |
PYSEC-2019-86
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-x516-xwze-6ba3 |
|
| 27 |
| url |
VCID-x664-bfna-6qdv |
| vulnerability_id |
VCID-x664-bfna-6qdv |
| summary |
In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-3498 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01439 |
| scoring_system |
epss |
| scoring_elements |
0.8071 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.01439 |
| scoring_system |
epss |
| scoring_elements |
0.80718 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.01439 |
| scoring_system |
epss |
| scoring_elements |
0.80732 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.01439 |
| scoring_system |
epss |
| scoring_elements |
0.80715 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.01439 |
| scoring_system |
epss |
| scoring_elements |
0.80652 |
| published_at |
2026-04-01T12:55:00Z |
|
| 5 |
| value |
0.01439 |
| scoring_system |
epss |
| scoring_elements |
0.80682 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.01439 |
| scoring_system |
epss |
| scoring_elements |
0.8066 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.01439 |
| scoring_system |
epss |
| scoring_elements |
0.80706 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.01439 |
| scoring_system |
epss |
| scoring_elements |
0.80677 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-3498 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
| reference_url |
https://usn.ubuntu.com/3851-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/3851-1 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2019-3498 |
| reference_id |
CVE-2019-3498 |
| reference_type |
|
| scores |
| 0 |
| value |
4.3 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:M/Au:N/C:N/I:P/A:N |
|
| 1 |
| value |
6.5 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
|
| 2 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
|
| 3 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 4 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2019-3498 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.11.18 |
| purl |
pkg:pypi/django@1.11.18 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 2 |
| vulnerability |
VCID-56na-n4w5-8fak |
|
| 3 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 4 |
| vulnerability |
VCID-6xs7-fpvj-mbbw |
|
| 5 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 8 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 9 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 10 |
| vulnerability |
VCID-be38-bevp-y7ae |
|
| 11 |
| vulnerability |
VCID-c3ne-nkd9-pug8 |
|
| 12 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 13 |
| vulnerability |
VCID-f7dh-ahya-hfar |
|
| 14 |
| vulnerability |
VCID-hpg4-c6bk-s7c7 |
|
| 15 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 16 |
| vulnerability |
VCID-k114-8z8u-2qh1 |
|
| 17 |
| vulnerability |
VCID-mjsc-w5v5-t7cg |
|
| 18 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 19 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 20 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 21 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 22 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 23 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
| 24 |
| vulnerability |
VCID-xaqg-mhqa-7keg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.18 |
|
| 1 |
| url |
pkg:pypi/django@2.0.10 |
| purl |
pkg:pypi/django@2.0.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3s9f-prpy-hbcx |
|
| 1 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 4 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 5 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 6 |
| vulnerability |
VCID-c3ne-nkd9-pug8 |
|
| 7 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 8 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 9 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 10 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 11 |
| vulnerability |
VCID-xaqg-mhqa-7keg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.0.10 |
|
| 2 |
| url |
pkg:pypi/django@2.1.5 |
| purl |
pkg:pypi/django@2.1.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 2 |
| vulnerability |
VCID-3s9f-prpy-hbcx |
|
| 3 |
| vulnerability |
VCID-56na-n4w5-8fak |
|
| 4 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 5 |
| vulnerability |
VCID-6xs7-fpvj-mbbw |
|
| 6 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 7 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 8 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 9 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 10 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 11 |
| vulnerability |
VCID-b2ds-36xh-zfhp |
|
| 12 |
| vulnerability |
VCID-be38-bevp-y7ae |
|
| 13 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 14 |
| vulnerability |
VCID-c3ne-nkd9-pug8 |
|
| 15 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 16 |
| vulnerability |
VCID-f7dh-ahya-hfar |
|
| 17 |
| vulnerability |
VCID-hpg4-c6bk-s7c7 |
|
| 18 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 19 |
| vulnerability |
VCID-k114-8z8u-2qh1 |
|
| 20 |
| vulnerability |
VCID-mjsc-w5v5-t7cg |
|
| 21 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 22 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 23 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 24 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 25 |
| vulnerability |
VCID-xaqg-mhqa-7keg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.5 |
|
|
| aliases |
CVE-2019-3498, GHSA-337x-4q8g-prc5, PYSEC-2019-17
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-x664-bfna-6qdv |
|
| 28 |
| url |
VCID-xaqg-mhqa-7keg |
| vulnerability_id |
VCID-xaqg-mhqa-7keg |
| summary |
Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-6975 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.18399 |
| scoring_system |
epss |
| scoring_elements |
0.95194 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.18399 |
| scoring_system |
epss |
| scoring_elements |
0.95219 |
| published_at |
2026-04-08T12:55:00Z |
|
| 2 |
| value |
0.18399 |
| scoring_system |
epss |
| scoring_elements |
0.95211 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.18399 |
| scoring_system |
epss |
| scoring_elements |
0.95207 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.18399 |
| scoring_system |
epss |
| scoring_elements |
0.95206 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.18399 |
| scoring_system |
epss |
| scoring_elements |
0.95231 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.18399 |
| scoring_system |
epss |
| scoring_elements |
0.95228 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.18399 |
| scoring_system |
epss |
| scoring_elements |
0.95222 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-6975 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
| reference_url |
https://github.com/django/django |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/django/django |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
| reference_url |
https://seclists.org/bugtraq/2019/Jul/10 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://seclists.org/bugtraq/2019/Jul/10 |
|
| 23 |
| reference_url |
https://usn.ubuntu.com/3890-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/3890-1 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2019-6975 |
| reference_id |
CVE-2019-6975 |
| reference_type |
|
| scores |
| 0 |
| value |
5.0 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:L/Au:N/C:N/I:N/A:P |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 2 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 3 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 4 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2019-6975 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:pypi/django@1.11.20 |
| purl |
pkg:pypi/django@1.11.20 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 2 |
| vulnerability |
VCID-56na-n4w5-8fak |
|
| 3 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 4 |
| vulnerability |
VCID-6xs7-fpvj-mbbw |
|
| 5 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 8 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 9 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 10 |
| vulnerability |
VCID-be38-bevp-y7ae |
|
| 11 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 12 |
| vulnerability |
VCID-f7dh-ahya-hfar |
|
| 13 |
| vulnerability |
VCID-hpg4-c6bk-s7c7 |
|
| 14 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 15 |
| vulnerability |
VCID-k114-8z8u-2qh1 |
|
| 16 |
| vulnerability |
VCID-mjsc-w5v5-t7cg |
|
| 17 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 18 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 19 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 20 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 21 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 22 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.20 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| url |
pkg:pypi/django@2.1.7 |
| purl |
pkg:pypi/django@2.1.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 2 |
| vulnerability |
VCID-3s9f-prpy-hbcx |
|
| 3 |
| vulnerability |
VCID-56na-n4w5-8fak |
|
| 4 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 5 |
| vulnerability |
VCID-6xs7-fpvj-mbbw |
|
| 6 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 7 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 8 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 9 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 10 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 11 |
| vulnerability |
VCID-b2ds-36xh-zfhp |
|
| 12 |
| vulnerability |
VCID-be38-bevp-y7ae |
|
| 13 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 14 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 15 |
| vulnerability |
VCID-f7dh-ahya-hfar |
|
| 16 |
| vulnerability |
VCID-hpg4-c6bk-s7c7 |
|
| 17 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 18 |
| vulnerability |
VCID-k114-8z8u-2qh1 |
|
| 19 |
| vulnerability |
VCID-mjsc-w5v5-t7cg |
|
| 20 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 21 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 22 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 23 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.7 |
|
|
| aliases |
CVE-2019-6975, GHSA-wh4h-v3f2-r2pp, PYSEC-2019-18
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xaqg-mhqa-7keg |
|
| 29 |
| url |
VCID-xne6-9e55-uued |
| vulnerability_id |
VCID-xne6-9e55-uued |
| summary |
In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/django@1.11.18 |
| purl |
pkg:pypi/django@1.11.18 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 2 |
| vulnerability |
VCID-56na-n4w5-8fak |
|
| 3 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 4 |
| vulnerability |
VCID-6xs7-fpvj-mbbw |
|
| 5 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 6 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 7 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 8 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 9 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 10 |
| vulnerability |
VCID-be38-bevp-y7ae |
|
| 11 |
| vulnerability |
VCID-c3ne-nkd9-pug8 |
|
| 12 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 13 |
| vulnerability |
VCID-f7dh-ahya-hfar |
|
| 14 |
| vulnerability |
VCID-hpg4-c6bk-s7c7 |
|
| 15 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 16 |
| vulnerability |
VCID-k114-8z8u-2qh1 |
|
| 17 |
| vulnerability |
VCID-mjsc-w5v5-t7cg |
|
| 18 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 19 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 20 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 21 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 22 |
| vulnerability |
VCID-wb34-g6xq-rkfx |
|
| 23 |
| vulnerability |
VCID-x516-xwze-6ba3 |
|
| 24 |
| vulnerability |
VCID-xaqg-mhqa-7keg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.18 |
|
| 1 |
| url |
pkg:pypi/django@2.0.10 |
| purl |
pkg:pypi/django@2.0.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3s9f-prpy-hbcx |
|
| 1 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 2 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 3 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 4 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 5 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 6 |
| vulnerability |
VCID-c3ne-nkd9-pug8 |
|
| 7 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 8 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 9 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 10 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 11 |
| vulnerability |
VCID-xaqg-mhqa-7keg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.0.10 |
|
| 2 |
| url |
pkg:pypi/django@2.1.5 |
| purl |
pkg:pypi/django@2.1.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1v22-g646-wbay |
|
| 1 |
| vulnerability |
VCID-2zb9-27sm-3kgh |
|
| 2 |
| vulnerability |
VCID-3s9f-prpy-hbcx |
|
| 3 |
| vulnerability |
VCID-56na-n4w5-8fak |
|
| 4 |
| vulnerability |
VCID-6gss-ppm5-3yc9 |
|
| 5 |
| vulnerability |
VCID-6xs7-fpvj-mbbw |
|
| 6 |
| vulnerability |
VCID-84mm-45p6-xkau |
|
| 7 |
| vulnerability |
VCID-896g-hqec-ryb9 |
|
| 8 |
| vulnerability |
VCID-8jaq-53td-wbeg |
|
| 9 |
| vulnerability |
VCID-9uzd-mmyv-mfh4 |
|
| 10 |
| vulnerability |
VCID-a8zx-jamf-cfcm |
|
| 11 |
| vulnerability |
VCID-b2ds-36xh-zfhp |
|
| 12 |
| vulnerability |
VCID-be38-bevp-y7ae |
|
| 13 |
| vulnerability |
VCID-c2kc-1jh1-j3ha |
|
| 14 |
| vulnerability |
VCID-c3ne-nkd9-pug8 |
|
| 15 |
| vulnerability |
VCID-e2jd-yd4j-kqgt |
|
| 16 |
| vulnerability |
VCID-f7dh-ahya-hfar |
|
| 17 |
| vulnerability |
VCID-hpg4-c6bk-s7c7 |
|
| 18 |
| vulnerability |
VCID-jtru-9jmz-kkek |
|
| 19 |
| vulnerability |
VCID-k114-8z8u-2qh1 |
|
| 20 |
| vulnerability |
VCID-mjsc-w5v5-t7cg |
|
| 21 |
| vulnerability |
VCID-qjez-qe32-e3b6 |
|
| 22 |
| vulnerability |
VCID-qm34-ec8s-tfd7 |
|
| 23 |
| vulnerability |
VCID-w2dv-u8h6-sbgs |
|
| 24 |
| vulnerability |
VCID-w4pr-k5nj-ckgy |
|
| 25 |
| vulnerability |
VCID-xaqg-mhqa-7keg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.5 |
|
|
| aliases |
PYSEC-2019-87
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xne6-9e55-uued |
|
|
|---|