Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/64233?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/64233?format=api", "purl": "pkg:pypi/django@2.2.22", "type": "pypi", "namespace": "", "name": "django", "version": "2.2.22", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.2.30", "latest_non_vulnerable_version": "6.0.6", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11564?format=api", "vulnerability_id": "VCID-2sve-8b9b-hud7", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23833.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23833.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23833", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01058", "scoring_system": "epss", "scoring_elements": "0.78098", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01058", "scoring_system": "epss", "scoring_elements": "0.78031", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22818", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22818" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28346", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28346" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28347", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28347" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34265", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34265" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36359", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36359" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41323", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41323" }, { "reference_url": "https://docs.djangoproject.com/en/4.0/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/4.0/releases/security" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/c477b761804984c932704554ad35f78a2e230c6a", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/c477b761804984c932704554ad35f78a2e230c6a" }, { "reference_url": "https://github.com/django/django/commit/d16133568ef9c9b42cb7a08bdf9ff3feec2e5468", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/d16133568ef9c9b42cb7a08bdf9ff3feec2e5468" }, { "reference_url": "https://github.com/django/django/commit/f9c7d48fdd6f198a6494a9202f90242f176e4fc9", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/f9c7d48fdd6f198a6494a9202f90242f176e4fc9" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-20.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-20.yaml" }, { "reference_url": "https://groups.google.com/forum/#!forum/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!forum/django-announce" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220221-0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220221-0003" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5254", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2022/dsa-5254" }, { "reference_url": "https://www.djangoproject.com/weblog/2022/feb/01/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2022/feb/01/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2022/feb/01/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2022/feb/01/security-releases/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004752", "reference_id": "1004752", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004752" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2048778", "reference_id": "2048778", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2048778" }, { "reference_url": "https://security.archlinux.org/AVG-2808", "reference_id": "AVG-2808", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2808" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23833", "reference_id": "CVE-2022-23833", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23833" }, { "reference_url": "https://github.com/advisories/GHSA-6cw3-g6wv-c2xv", "reference_id": "GHSA-6cw3-g6wv-c2xv", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6cw3-g6wv-c2xv" }, { "reference_url": "https://security.gentoo.org/glsa/202509-03", "reference_id": "GLSA-202509-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5498", "reference_id": "RHSA-2022:5498", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5498" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8853", "reference_id": "RHSA-2022:8853", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8853" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8872", "reference_id": "RHSA-2022:8872", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8872" }, { "reference_url": "https://usn.ubuntu.com/5269-1/", "reference_id": "USN-5269-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5269-1/" }, { "reference_url": "https://usn.ubuntu.com/5269-2/", "reference_id": "USN-5269-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5269-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18932?format=api", "purl": "pkg:pypi/django@2.2.27", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-beas-dwx6-1ffp" }, { "vulnerability": "VCID-db6w-yj8t-sfg4" }, { "vulnerability": "VCID-gtkn-prux-vbdb" }, { "vulnerability": "VCID-tudc-7sgh-nkda" }, { "vulnerability": "VCID-w3dy-chny-5fbc" }, { "vulnerability": "VCID-wpt2-535q-3yfe" }, { "vulnerability": "VCID-xkrz-p214-hqhp" }, { "vulnerability": "VCID-ycc8-7k6j-4kbf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.27" }, { "url": "http://public2.vulnerablecode.io/api/packages/18934?format=api", "purl": "pkg:pypi/django@3.2.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19se-3ng9-c7bw" }, { "vulnerability": "VCID-6tdg-t4nv-sbha" }, { "vulnerability": "VCID-7spe-cayc-4qb4" }, { "vulnerability": "VCID-9ge1-u71f-rbaw" }, { "vulnerability": "VCID-beas-dwx6-1ffp" }, { "vulnerability": "VCID-d2cw-526n-mbem" }, { "vulnerability": "VCID-db6w-yj8t-sfg4" }, { "vulnerability": "VCID-fmpr-bhrf-17gm" }, { "vulnerability": "VCID-gtkn-prux-vbdb" }, { "vulnerability": "VCID-j4rs-235r-dkfj" }, { "vulnerability": "VCID-jspj-r34n-jubz" }, { "vulnerability": "VCID-nhzy-7qdm-wbg8" }, { "vulnerability": "VCID-qsme-8a2n-23fs" }, { "vulnerability": "VCID-tudc-7sgh-nkda" }, { "vulnerability": "VCID-ufv7-y5a7-fugg" }, { "vulnerability": "VCID-w3dy-chny-5fbc" }, { "vulnerability": "VCID-wpt2-535q-3yfe" }, { "vulnerability": "VCID-xkrz-p214-hqhp" }, { "vulnerability": "VCID-ycc8-7k6j-4kbf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/18933?format=api", "purl": "pkg:pypi/django@4.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19se-3ng9-c7bw" }, { "vulnerability": "VCID-6tdg-t4nv-sbha" }, { "vulnerability": "VCID-7spe-cayc-4qb4" }, { "vulnerability": "VCID-beas-dwx6-1ffp" }, { "vulnerability": "VCID-db6w-yj8t-sfg4" }, { "vulnerability": "VCID-fmpr-bhrf-17gm" }, { "vulnerability": "VCID-gtkn-prux-vbdb" }, { "vulnerability": "VCID-jspj-r34n-jubz" }, { "vulnerability": "VCID-nhzy-7qdm-wbg8" }, { "vulnerability": "VCID-tudc-7sgh-nkda" }, { "vulnerability": "VCID-w3dy-chny-5fbc" }, { "vulnerability": "VCID-wpt2-535q-3yfe" }, { "vulnerability": "VCID-xkrz-p214-hqhp" }, { "vulnerability": "VCID-ycc8-7k6j-4kbf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.2" } ], "aliases": [ "BIT-django-2022-23833", "CVE-2022-23833", "GHSA-6cw3-g6wv-c2xv", "PYSEC-2022-20" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2sve-8b9b-hud7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10284?format=api", "vulnerability_id": "VCID-38w8-jbku-eugu", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45452.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45452.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-45452", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.47282", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.47141", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-45452" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45452", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45452" }, { "reference_url": "https://docs.djangoproject.com/en/4.0/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/4.0/releases/security" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/4cb35b384ceef52123fc66411a73c36a706825e1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/4cb35b384ceef52123fc66411a73c36a706825e1" }, { "reference_url": "https://github.com/django/django/commit/8d2f7cff76200cbd2337b2cf1707e383eb1fb54b", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/8d2f7cff76200cbd2337b2cf1707e383eb1fb54b" }, { "reference_url": "https://github.com/django/django/commit/e1592e0f26302e79856cc7f2218ae848ae19b0f6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/e1592e0f26302e79856cc7f2218ae848ae19b0f6" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-3.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-3.yaml" }, { "reference_url": "https://groups.google.com/forum/#!forum/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!forum/django-announce" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220121-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220121-0005" }, { "reference_url": "https://www.djangoproject.com/weblog/2022/jan/04/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2022/jan/04/security-releases" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003113", "reference_id": "1003113", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003113" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2037028", "reference_id": "2037028", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2037028" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45452", "reference_id": "CVE-2021-45452", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45452" }, { "reference_url": "https://github.com/advisories/GHSA-jrh2-hc4r-7jwx", "reference_id": "GHSA-jrh2-hc4r-7jwx", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jrh2-hc4r-7jwx" }, { "reference_url": "https://security.gentoo.org/glsa/202509-03", "reference_id": "GLSA-202509-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5498", "reference_id": "RHSA-2022:5498", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5498" }, { "reference_url": "https://usn.ubuntu.com/5204-1/", "reference_id": "USN-5204-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5204-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18642?format=api", "purl": "pkg:pypi/django@2.2.26", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sve-8b9b-hud7" }, { "vulnerability": "VCID-beas-dwx6-1ffp" }, { "vulnerability": "VCID-cece-1mun-ckgh" }, { "vulnerability": "VCID-db6w-yj8t-sfg4" }, { "vulnerability": "VCID-gtkn-prux-vbdb" }, { "vulnerability": "VCID-tudc-7sgh-nkda" }, { "vulnerability": "VCID-w3dy-chny-5fbc" }, { "vulnerability": "VCID-wpt2-535q-3yfe" }, { "vulnerability": "VCID-xkrz-p214-hqhp" }, { "vulnerability": "VCID-ycc8-7k6j-4kbf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.26" }, { "url": "http://public2.vulnerablecode.io/api/packages/18639?format=api", "purl": "pkg:pypi/django@3.2.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19se-3ng9-c7bw" }, { "vulnerability": "VCID-2sve-8b9b-hud7" }, { "vulnerability": "VCID-6tdg-t4nv-sbha" }, { "vulnerability": "VCID-7spe-cayc-4qb4" }, { "vulnerability": "VCID-9ge1-u71f-rbaw" }, { "vulnerability": "VCID-beas-dwx6-1ffp" }, { "vulnerability": "VCID-cece-1mun-ckgh" }, { "vulnerability": "VCID-d2cw-526n-mbem" }, { "vulnerability": "VCID-db6w-yj8t-sfg4" }, { "vulnerability": "VCID-fmpr-bhrf-17gm" }, { "vulnerability": "VCID-gtkn-prux-vbdb" }, { "vulnerability": "VCID-j4rs-235r-dkfj" }, { "vulnerability": "VCID-jspj-r34n-jubz" }, { "vulnerability": "VCID-nhzy-7qdm-wbg8" }, { "vulnerability": "VCID-qsme-8a2n-23fs" }, { "vulnerability": "VCID-tudc-7sgh-nkda" }, { "vulnerability": "VCID-ufv7-y5a7-fugg" }, { "vulnerability": "VCID-w3dy-chny-5fbc" }, { "vulnerability": "VCID-wpt2-535q-3yfe" }, { "vulnerability": "VCID-xkrz-p214-hqhp" }, { "vulnerability": "VCID-ycc8-7k6j-4kbf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/18641?format=api", "purl": "pkg:pypi/django@4.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19se-3ng9-c7bw" }, { "vulnerability": "VCID-2sve-8b9b-hud7" }, { "vulnerability": "VCID-6tdg-t4nv-sbha" }, { "vulnerability": "VCID-7spe-cayc-4qb4" }, { "vulnerability": "VCID-beas-dwx6-1ffp" }, { "vulnerability": "VCID-cece-1mun-ckgh" }, { "vulnerability": "VCID-db6w-yj8t-sfg4" }, { "vulnerability": "VCID-fmpr-bhrf-17gm" }, { "vulnerability": "VCID-gtkn-prux-vbdb" }, { "vulnerability": "VCID-jspj-r34n-jubz" }, { "vulnerability": "VCID-nhzy-7qdm-wbg8" }, { "vulnerability": "VCID-tudc-7sgh-nkda" }, { "vulnerability": "VCID-w3dy-chny-5fbc" }, { "vulnerability": "VCID-wpt2-535q-3yfe" }, { "vulnerability": "VCID-xkrz-p214-hqhp" }, { "vulnerability": "VCID-ycc8-7k6j-4kbf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.1" } ], "aliases": [ "BIT-django-2021-45452", "CVE-2021-45452", "GHSA-jrh2-hc4r-7jwx", "PYSEC-2022-3" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-38w8-jbku-eugu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10276?format=api", "vulnerability_id": "VCID-6uja-brvn-rufw", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45115.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45115.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-45115", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00414", "scoring_system": "epss", "scoring_elements": "0.62157", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00414", "scoring_system": "epss", "scoring_elements": "0.62055", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-45115" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45115", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45115" }, { "reference_url": "https://docs.djangoproject.com/en/4.0/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/4.0/releases/security" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/2135637fdd5ce994de110affef9e67dffdf77277", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/2135637fdd5ce994de110affef9e67dffdf77277" }, { "reference_url": "https://github.com/django/django/commit/a8b32fe13bcaed1c0b772fdc53de84abc224fb20", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/a8b32fe13bcaed1c0b772fdc53de84abc224fb20" }, { "reference_url": "https://github.com/django/django/commit/df79ef03ac867c93caaa6be56bc69e66abfeef8f", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/df79ef03ac867c93caaa6be56bc69e66abfeef8f" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-1.yaml" }, { "reference_url": "https://groups.google.com/forum/#!forum/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!forum/django-announce" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220121-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220121-0005" }, { "reference_url": "https://www.djangoproject.com/weblog/2022/jan/04/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2022/jan/04/security-releases" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003113", "reference_id": "1003113", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003113" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2037024", "reference_id": "2037024", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2037024" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45115", "reference_id": "CVE-2021-45115", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45115" }, { "reference_url": "https://github.com/advisories/GHSA-53qw-q765-4fww", "reference_id": "GHSA-53qw-q765-4fww", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-53qw-q765-4fww" }, { "reference_url": "https://security.gentoo.org/glsa/202509-03", "reference_id": "GLSA-202509-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5498", "reference_id": "RHSA-2022:5498", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5498" }, { "reference_url": "https://usn.ubuntu.com/5204-1/", "reference_id": "USN-5204-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5204-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18642?format=api", "purl": "pkg:pypi/django@2.2.26", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sve-8b9b-hud7" }, { "vulnerability": "VCID-beas-dwx6-1ffp" }, { "vulnerability": "VCID-cece-1mun-ckgh" }, { "vulnerability": "VCID-db6w-yj8t-sfg4" }, { "vulnerability": "VCID-gtkn-prux-vbdb" }, { "vulnerability": "VCID-tudc-7sgh-nkda" }, { "vulnerability": "VCID-w3dy-chny-5fbc" }, { "vulnerability": "VCID-wpt2-535q-3yfe" }, { "vulnerability": "VCID-xkrz-p214-hqhp" }, { "vulnerability": "VCID-ycc8-7k6j-4kbf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.26" }, { "url": "http://public2.vulnerablecode.io/api/packages/18639?format=api", "purl": "pkg:pypi/django@3.2.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19se-3ng9-c7bw" }, { "vulnerability": "VCID-2sve-8b9b-hud7" }, { "vulnerability": "VCID-6tdg-t4nv-sbha" }, { "vulnerability": "VCID-7spe-cayc-4qb4" }, { "vulnerability": "VCID-9ge1-u71f-rbaw" }, { "vulnerability": "VCID-beas-dwx6-1ffp" }, { "vulnerability": "VCID-cece-1mun-ckgh" }, { "vulnerability": "VCID-d2cw-526n-mbem" }, { "vulnerability": "VCID-db6w-yj8t-sfg4" }, { "vulnerability": "VCID-fmpr-bhrf-17gm" }, { "vulnerability": "VCID-gtkn-prux-vbdb" }, { "vulnerability": "VCID-j4rs-235r-dkfj" }, { "vulnerability": "VCID-jspj-r34n-jubz" }, { "vulnerability": "VCID-nhzy-7qdm-wbg8" }, { "vulnerability": "VCID-qsme-8a2n-23fs" }, { "vulnerability": "VCID-tudc-7sgh-nkda" }, { "vulnerability": "VCID-ufv7-y5a7-fugg" }, { "vulnerability": "VCID-w3dy-chny-5fbc" }, { "vulnerability": "VCID-wpt2-535q-3yfe" }, { "vulnerability": "VCID-xkrz-p214-hqhp" }, { "vulnerability": "VCID-ycc8-7k6j-4kbf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/18641?format=api", "purl": "pkg:pypi/django@4.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19se-3ng9-c7bw" }, { "vulnerability": "VCID-2sve-8b9b-hud7" }, { "vulnerability": "VCID-6tdg-t4nv-sbha" }, { "vulnerability": "VCID-7spe-cayc-4qb4" }, { "vulnerability": "VCID-beas-dwx6-1ffp" }, { "vulnerability": "VCID-cece-1mun-ckgh" }, { "vulnerability": "VCID-db6w-yj8t-sfg4" }, { "vulnerability": "VCID-fmpr-bhrf-17gm" }, { "vulnerability": "VCID-gtkn-prux-vbdb" }, { "vulnerability": "VCID-jspj-r34n-jubz" }, { "vulnerability": "VCID-nhzy-7qdm-wbg8" }, { "vulnerability": "VCID-tudc-7sgh-nkda" }, { "vulnerability": "VCID-w3dy-chny-5fbc" }, { "vulnerability": "VCID-wpt2-535q-3yfe" }, { "vulnerability": "VCID-xkrz-p214-hqhp" }, { "vulnerability": "VCID-ycc8-7k6j-4kbf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.1" } ], "aliases": [ "BIT-django-2021-45115", "CVE-2021-45115", "GHSA-53qw-q765-4fww", "PYSEC-2022-1" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6uja-brvn-rufw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90765?format=api", "vulnerability_id": "VCID-beas-dwx6-1ffp", "summary": "An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.\nThe methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank cyberstan for reporting this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64459.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64459.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64459", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51956", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.52086", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/06dd38324ac3d60d83d9f3adabf0dcdf423d2a85", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/06dd38324ac3d60d83d9f3adabf0dcdf423d2a85" }, { "reference_url": "https://github.com/django/django/commit/59ae82e67053d281ff4562a24bbba21299f0a7d4", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/59ae82e67053d281ff4562a24bbba21299f0a7d4" }, { "reference_url": "https://github.com/django/django/commit/6703f364d767e949c5b0e4016433ef75063b4f9b", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/6703f364d767e949c5b0e4016433ef75063b4f9b" }, { "reference_url": "https://github.com/django/django/commit/72d2c87431f2ae0431d65d0ec792047f078c8241", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/72d2c87431f2ae0431d65d0ec792047f078c8241" }, { "reference_url": "https://github.com/omarkurt/django-connector-CVE-2025-64459-testbed", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/omarkurt/django-connector-CVE-2025-64459-testbed" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-108.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-108.yaml" }, { "reference_url": "https://shivasurya.me/security/django/2025/11/07/django-sql-injection-CVE-2025-64459.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://shivasurya.me/security/django/2025/11/07/django-sql-injection-CVE-2025-64459.html" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/nov/05/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2025/nov/05/security-releases" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120139", "reference_id": "1120139", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120139" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2412651", "reference_id": "2412651", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2412651" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52456.py", "reference_id": "CVE-2025-64459", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52456.py" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64459", "reference_id": "CVE-2025-64459", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64459" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "django-announce", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-11-06T04:55:36Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://github.com/advisories/GHSA-frmv-pr5f-9mcr", "reference_id": "GHSA-frmv-pr5f-9mcr", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-frmv-pr5f-9mcr" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23069", "reference_id": "RHSA-2025:23069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23070", "reference_id": "RHSA-2025:23070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23130", "reference_id": "RHSA-2025:23130", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23130" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23131", "reference_id": "RHSA-2025:23131", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23131" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23133", "reference_id": "RHSA-2025:23133", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23133" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23196", "reference_id": "RHSA-2025:23196", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23196" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1596", "reference_id": "RHSA-2026:1596", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1596" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "security", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-11-06T04:55:36Z/" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/nov/05/security-releases/", "reference_id": "security-releases", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-11-06T04:55:36Z/" } ], "url": "https://www.djangoproject.com/weblog/2025/nov/05/security-releases/" }, { "reference_url": "https://usn.ubuntu.com/7859-1/", "reference_id": "USN-7859-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7859-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/35005?format=api", "purl": "pkg:pypi/django@4.2.26", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13q1-fzeg-bfd9" }, { "vulnerability": "VCID-4xtu-yeh2-pbc8" }, { "vulnerability": "VCID-72z9-v49q-vbcc" }, { "vulnerability": "VCID-81b9-uqyv-kkhm" }, { "vulnerability": "VCID-dh5p-grha-r7a2" }, { "vulnerability": "VCID-dqpz-q718-pkas" }, { "vulnerability": "VCID-e331-cbgc-hubm" }, { "vulnerability": "VCID-hb8n-gwz6-9yd9" }, { "vulnerability": "VCID-jdjc-ygtk-c7hv" }, { "vulnerability": "VCID-pn2d-2euz-pudt" }, { "vulnerability": "VCID-q3sw-jd7p-1yg1" }, { "vulnerability": "VCID-r3dj-t213-jyhh" }, { "vulnerability": "VCID-sbwy-buwj-gkd2" }, { "vulnerability": "VCID-zr7g-1xkm-fqdw" }, { "vulnerability": "VCID-zztc-4be5-fker" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.26" }, { "url": "http://public2.vulnerablecode.io/api/packages/35019?format=api", "purl": "pkg:pypi/django@5.1.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-72z9-v49q-vbcc" }, { "vulnerability": "VCID-81b9-uqyv-kkhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/35012?format=api", "purl": "pkg:pypi/django@5.2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13q1-fzeg-bfd9" }, { "vulnerability": "VCID-1g9h-ryet-2ffs" }, { "vulnerability": "VCID-1mp4-kq35-1ba7" }, { "vulnerability": "VCID-4xtu-yeh2-pbc8" }, { "vulnerability": "VCID-72z9-v49q-vbcc" }, { "vulnerability": "VCID-81b9-uqyv-kkhm" }, { "vulnerability": "VCID-8tz7-vjwz-rycs" }, { "vulnerability": "VCID-dh5p-grha-r7a2" }, { "vulnerability": "VCID-dqpz-q718-pkas" }, { "vulnerability": "VCID-e331-cbgc-hubm" }, { "vulnerability": "VCID-h5qf-zbcz-qygg" }, { "vulnerability": "VCID-hb8n-gwz6-9yd9" }, { "vulnerability": "VCID-jdjc-ygtk-c7hv" }, { "vulnerability": "VCID-m4mg-yd86-dyfw" }, { "vulnerability": "VCID-n915-wj16-wka6" }, { "vulnerability": "VCID-pn2d-2euz-pudt" }, { "vulnerability": "VCID-q3sw-jd7p-1yg1" }, { "vulnerability": "VCID-r3dj-t213-jyhh" }, { "vulnerability": "VCID-sbwy-buwj-gkd2" }, { "vulnerability": "VCID-tvk1-4am9-f3cf" }, { "vulnerability": "VCID-z7sj-r61n-qbcd" }, { "vulnerability": "VCID-zr7g-1xkm-fqdw" }, { "vulnerability": "VCID-zztc-4be5-fker" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/38619?format=api", "purl": "pkg:pypi/django@6.0a1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13q1-fzeg-bfd9" }, { "vulnerability": "VCID-4xtu-yeh2-pbc8" }, { "vulnerability": "VCID-dqpz-q718-pkas" }, { "vulnerability": "VCID-e331-cbgc-hubm" }, { "vulnerability": "VCID-pn2d-2euz-pudt" }, { "vulnerability": "VCID-sbwy-buwj-gkd2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0a1" } ], "aliases": [ "BIT-django-2025-64459", "CVE-2025-64459", "GHSA-frmv-pr5f-9mcr", "PYSEC-2025-108" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-beas-dwx6-1ffp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11449?format=api", "vulnerability_id": "VCID-cece-1mun-ckgh", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22818.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22818.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22818", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00554", "scoring_system": "epss", "scoring_elements": "0.68624", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00554", "scoring_system": "epss", "scoring_elements": "0.68535", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22818" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22818", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22818" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28346", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28346" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28347", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28347" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34265", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34265" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36359", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36359" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41323", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41323" }, { "reference_url": "https://docs.djangoproject.com/en/4.0/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/4.0/releases/security" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/01422046065d2b51f8f613409cad2c81b39487e5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/01422046065d2b51f8f613409cad2c81b39487e5" }, { "reference_url": "https://github.com/django/django/commit/1a1e8278c46418bde24c86a65443b0674bae65e2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/1a1e8278c46418bde24c86a65443b0674bae65e2" }, { "reference_url": "https://github.com/django/django/commit/c27a7eb9f40b64990398978152e62b6ff839c2e6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/c27a7eb9f40b64990398978152e62b6ff839c2e6" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-19.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-19.yaml" }, { "reference_url": "https://groups.google.com/forum/#!forum/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!forum/django-announce" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220221-0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220221-0003" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5254", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2022/dsa-5254" }, { "reference_url": "https://www.djangoproject.com/weblog/2022/feb/01/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2022/feb/01/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2022/feb/01/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2022/feb/01/security-releases/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004752", "reference_id": "1004752", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004752" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2048775", "reference_id": "2048775", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2048775" }, { "reference_url": "https://security.archlinux.org/AVG-2808", "reference_id": "AVG-2808", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2808" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22818", "reference_id": "CVE-2022-22818", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22818" }, { "reference_url": "https://github.com/advisories/GHSA-95rw-fx8r-36v6", "reference_id": "GHSA-95rw-fx8r-36v6", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-95rw-fx8r-36v6" }, { "reference_url": "https://security.gentoo.org/glsa/202509-03", "reference_id": "GLSA-202509-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5498", "reference_id": "RHSA-2022:5498", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5498" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8506", "reference_id": "RHSA-2022:8506", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8506" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8853", "reference_id": "RHSA-2022:8853", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8853" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8872", "reference_id": "RHSA-2022:8872", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8872" }, { "reference_url": "https://usn.ubuntu.com/5269-1/", "reference_id": "USN-5269-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5269-1/" }, { "reference_url": "https://usn.ubuntu.com/5269-2/", "reference_id": "USN-5269-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5269-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18932?format=api", "purl": "pkg:pypi/django@2.2.27", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-beas-dwx6-1ffp" }, { "vulnerability": "VCID-db6w-yj8t-sfg4" }, { "vulnerability": "VCID-gtkn-prux-vbdb" }, { "vulnerability": "VCID-tudc-7sgh-nkda" }, { "vulnerability": "VCID-w3dy-chny-5fbc" }, { "vulnerability": "VCID-wpt2-535q-3yfe" }, { "vulnerability": "VCID-xkrz-p214-hqhp" }, { "vulnerability": "VCID-ycc8-7k6j-4kbf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.27" }, { "url": "http://public2.vulnerablecode.io/api/packages/18934?format=api", "purl": "pkg:pypi/django@3.2.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19se-3ng9-c7bw" }, { "vulnerability": "VCID-6tdg-t4nv-sbha" }, { "vulnerability": "VCID-7spe-cayc-4qb4" }, { "vulnerability": "VCID-9ge1-u71f-rbaw" }, { "vulnerability": "VCID-beas-dwx6-1ffp" }, { "vulnerability": "VCID-d2cw-526n-mbem" }, { "vulnerability": "VCID-db6w-yj8t-sfg4" }, { "vulnerability": "VCID-fmpr-bhrf-17gm" }, { "vulnerability": "VCID-gtkn-prux-vbdb" }, { "vulnerability": "VCID-j4rs-235r-dkfj" }, { "vulnerability": "VCID-jspj-r34n-jubz" }, { "vulnerability": "VCID-nhzy-7qdm-wbg8" }, { "vulnerability": "VCID-qsme-8a2n-23fs" }, { "vulnerability": "VCID-tudc-7sgh-nkda" }, { "vulnerability": "VCID-ufv7-y5a7-fugg" }, { "vulnerability": "VCID-w3dy-chny-5fbc" }, { "vulnerability": "VCID-wpt2-535q-3yfe" }, { "vulnerability": "VCID-xkrz-p214-hqhp" }, { "vulnerability": "VCID-ycc8-7k6j-4kbf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/18933?format=api", "purl": "pkg:pypi/django@4.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19se-3ng9-c7bw" }, { "vulnerability": "VCID-6tdg-t4nv-sbha" }, { "vulnerability": "VCID-7spe-cayc-4qb4" }, { "vulnerability": "VCID-beas-dwx6-1ffp" }, { "vulnerability": "VCID-db6w-yj8t-sfg4" }, { "vulnerability": "VCID-fmpr-bhrf-17gm" }, { "vulnerability": "VCID-gtkn-prux-vbdb" }, { "vulnerability": "VCID-jspj-r34n-jubz" }, { "vulnerability": "VCID-nhzy-7qdm-wbg8" }, { "vulnerability": "VCID-tudc-7sgh-nkda" }, { "vulnerability": "VCID-w3dy-chny-5fbc" }, { "vulnerability": "VCID-wpt2-535q-3yfe" }, { "vulnerability": "VCID-xkrz-p214-hqhp" }, { "vulnerability": "VCID-ycc8-7k6j-4kbf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.2" } ], "aliases": [ "BIT-django-2022-22818", "CVE-2022-22818", "GHSA-95rw-fx8r-36v6", "PYSEC-2022-19" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cece-1mun-ckgh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25650?format=api", "vulnerability_id": "VCID-db6w-yj8t-sfg4", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-57833.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-57833.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-57833", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22648", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22452", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-57833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-6w2r-r2m5-xq5w", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://github.com/advisories/GHSA-6w2r-r2m5-xq5w" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/102965ea93072fe3c39a30be437c683ec1106ef5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/102965ea93072fe3c39a30be437c683ec1106ef5" }, { "reference_url": "https://github.com/django/django/commit/31334e6965ad136a5e369993b01721499c5d1a92", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/31334e6965ad136a5e369993b01721499c5d1a92" }, { "reference_url": "https://github.com/django/django/commit/4c044fcc866ec226f612c475950b690b0139d243", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/4c044fcc866ec226f612c475950b690b0139d243" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-105.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-105.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00017.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00017.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57833", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57833" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/sep/03/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2025/sep/03/security-releases" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/09/03/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/09/03/3" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1113865", "reference_id": "1113865", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1113865" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392990", "reference_id": "2392990", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392990" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "django-announce", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-08T17:33:03Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://medium.com/@EyalSec/django-unauthenticated-0-click-rce-and-sql-injection-using-default-configuration-059964f3f898", "reference_id": "django-unauthenticated-0-click-rce-and-sql-injection-using-default-configuration-059964f3f898", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-08T17:33:03Z/" } ], "url": "https://medium.com/@EyalSec/django-unauthenticated-0-click-rce-and-sql-injection-using-default-configuration-059964f3f898" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16403", "reference_id": "RHSA-2025:16403", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16403" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16404", "reference_id": "RHSA-2025:16404", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16404" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16487", "reference_id": "RHSA-2025:16487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16514", "reference_id": "RHSA-2025:16514", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16514" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17498", "reference_id": "RHSA-2025:17498", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17498" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17499", "reference_id": "RHSA-2025:17499", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17499" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17500", "reference_id": "RHSA-2025:17500", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17500" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17606", "reference_id": "RHSA-2025:17606", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17606" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17613", "reference_id": "RHSA-2025:17613", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17613" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17614", "reference_id": "RHSA-2025:17614", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17614" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "security", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-08T17:33:03Z/" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/sep/03/security-releases/", "reference_id": "security-releases", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-08T17:33:03Z/" } ], "url": "https://www.djangoproject.com/weblog/2025/sep/03/security-releases/" }, { "reference_url": "https://usn.ubuntu.com/7736-1/", "reference_id": "USN-7736-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7736-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/89034?format=api", "purl": "pkg:pypi/django@4.2.24", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13q1-fzeg-bfd9" }, { "vulnerability": "VCID-4xtu-yeh2-pbc8" }, { "vulnerability": "VCID-72z9-v49q-vbcc" }, { "vulnerability": "VCID-81b9-uqyv-kkhm" }, { "vulnerability": "VCID-beas-dwx6-1ffp" }, { "vulnerability": "VCID-dh5p-grha-r7a2" }, { "vulnerability": "VCID-dqpz-q718-pkas" }, { "vulnerability": "VCID-e331-cbgc-hubm" }, { "vulnerability": "VCID-fwwm-7y13-y3dx" }, { "vulnerability": "VCID-hb8n-gwz6-9yd9" }, { "vulnerability": "VCID-jdjc-ygtk-c7hv" }, { "vulnerability": "VCID-pmhc-yu6r-uudy" }, { "vulnerability": "VCID-pn2d-2euz-pudt" }, { "vulnerability": "VCID-q3sw-jd7p-1yg1" }, { "vulnerability": "VCID-r3dj-t213-jyhh" }, { "vulnerability": "VCID-sbwy-buwj-gkd2" }, { "vulnerability": "VCID-xkrz-p214-hqhp" }, { "vulnerability": "VCID-zr7g-1xkm-fqdw" }, { "vulnerability": "VCID-zztc-4be5-fker" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.24" }, { "url": "http://public2.vulnerablecode.io/api/packages/89035?format=api", "purl": "pkg:pypi/django@5.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-72z9-v49q-vbcc" }, { "vulnerability": "VCID-81b9-uqyv-kkhm" }, { "vulnerability": "VCID-beas-dwx6-1ffp" }, { "vulnerability": "VCID-fwwm-7y13-y3dx" }, { "vulnerability": "VCID-pmhc-yu6r-uudy" }, { "vulnerability": "VCID-xkrz-p214-hqhp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/89036?format=api", "purl": "pkg:pypi/django@5.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13q1-fzeg-bfd9" }, { "vulnerability": "VCID-1g9h-ryet-2ffs" }, { "vulnerability": "VCID-1mp4-kq35-1ba7" }, { "vulnerability": "VCID-4xtu-yeh2-pbc8" }, { "vulnerability": "VCID-72z9-v49q-vbcc" }, { "vulnerability": "VCID-81b9-uqyv-kkhm" }, { "vulnerability": "VCID-8tz7-vjwz-rycs" }, { "vulnerability": "VCID-beas-dwx6-1ffp" }, { "vulnerability": "VCID-dh5p-grha-r7a2" }, { "vulnerability": "VCID-dqpz-q718-pkas" }, { "vulnerability": "VCID-e331-cbgc-hubm" }, { "vulnerability": "VCID-fwwm-7y13-y3dx" }, { "vulnerability": "VCID-h5qf-zbcz-qygg" }, { "vulnerability": "VCID-hb8n-gwz6-9yd9" }, { "vulnerability": "VCID-jdjc-ygtk-c7hv" }, { "vulnerability": "VCID-m4mg-yd86-dyfw" }, { "vulnerability": "VCID-n915-wj16-wka6" }, { "vulnerability": "VCID-pmhc-yu6r-uudy" }, { "vulnerability": "VCID-pn2d-2euz-pudt" }, { "vulnerability": "VCID-q3sw-jd7p-1yg1" }, { "vulnerability": "VCID-r3dj-t213-jyhh" }, { "vulnerability": "VCID-sbwy-buwj-gkd2" }, { "vulnerability": "VCID-tvk1-4am9-f3cf" }, { "vulnerability": "VCID-xkrz-p214-hqhp" }, { "vulnerability": "VCID-z7sj-r61n-qbcd" }, { "vulnerability": "VCID-zr7g-1xkm-fqdw" }, { "vulnerability": "VCID-zztc-4be5-fker" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.6" } ], "aliases": [ "BIT-django-2025-57833", "CVE-2025-57833", "GHSA-6w2r-r2m5-xq5w", "PYSEC-2025-105" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-db6w-yj8t-sfg4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11798?format=api", "vulnerability_id": "VCID-gtkn-prux-vbdb", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28346.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28346.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28346", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01971", "scoring_system": "epss", "scoring_elements": "0.83977", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01971", "scoring_system": "epss", "scoring_elements": "0.8392", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28346" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22818", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22818" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28346", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28346" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28347", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28347" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34265", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34265" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36359", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36359" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41323", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41323" }, { "reference_url": "https://docs.djangoproject.com/en/4.0/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/4.0/releases/security" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/2044dac5c6968441be6f534c4139bcf48c5c7e48", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/2044dac5c6968441be6f534c4139bcf48c5c7e48" }, { "reference_url": "https://github.com/django/django/commit/2c09e68ec911919360d5f8502cefc312f9e03c5d", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/2c09e68ec911919360d5f8502cefc312f9e03c5d" }, { "reference_url": "https://github.com/django/django/commit/800828887a0509ad1162d6d407e94d8de7eafc60", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/800828887a0509ad1162d6d407e94d8de7eafc60" }, { "reference_url": "https://github.com/django/django/commit/93cae5cb2f9a4ef1514cf1a41f714fef08005200", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/93cae5cb2f9a4ef1514cf1a41f714fef08005200" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-190.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-190.yaml" }, { "reference_url": "https://groups.google.com/forum/#!forum/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!forum/django-announce" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00013.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220609-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220609-0002" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5254", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2022/dsa-5254" }, { "reference_url": "https://www.djangoproject.com/weblog/2022/apr/11/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2022/apr/11/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2022/apr/11/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2022/apr/11/security-releases/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/04/11/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2022/04/11/1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009677", "reference_id": "1009677", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009677" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072447", "reference_id": "2072447", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072447" }, { "reference_url": "https://security.archlinux.org/ASA-202204-9", "reference_id": "ASA-202204-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202204-9" }, { "reference_url": "https://security.archlinux.org/AVG-2667", "reference_id": "AVG-2667", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2667" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28346", "reference_id": "CVE-2022-28346", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28346" }, { "reference_url": "https://github.com/advisories/GHSA-2gwj-7jmv-h26r", "reference_id": "GHSA-2gwj-7jmv-h26r", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2gwj-7jmv-h26r" }, { "reference_url": "https://security.gentoo.org/glsa/202509-03", "reference_id": "GLSA-202509-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5115", "reference_id": "RHSA-2022:5115", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5115" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5498", "reference_id": "RHSA-2022:5498", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5498" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5602", "reference_id": "RHSA-2022:5602", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5602" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5702", "reference_id": "RHSA-2022:5702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5703", "reference_id": "RHSA-2022:5703", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5703" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8872", "reference_id": "RHSA-2022:8872", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8872" }, { "reference_url": "https://usn.ubuntu.com/5373-1/", "reference_id": "USN-5373-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5373-1/" }, { "reference_url": "https://usn.ubuntu.com/5373-2/", "reference_id": "USN-5373-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5373-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20125?format=api", "purl": "pkg:pypi/django@2.2.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-beas-dwx6-1ffp" }, { "vulnerability": "VCID-db6w-yj8t-sfg4" }, { "vulnerability": "VCID-tudc-7sgh-nkda" }, { "vulnerability": "VCID-wpt2-535q-3yfe" }, { "vulnerability": "VCID-xkrz-p214-hqhp" }, { "vulnerability": "VCID-ycc8-7k6j-4kbf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.28" }, { "url": "http://public2.vulnerablecode.io/api/packages/20124?format=api", "purl": "pkg:pypi/django@3.2.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19se-3ng9-c7bw" }, { "vulnerability": "VCID-6tdg-t4nv-sbha" }, { "vulnerability": "VCID-7spe-cayc-4qb4" }, { "vulnerability": "VCID-9ge1-u71f-rbaw" }, { "vulnerability": "VCID-beas-dwx6-1ffp" }, { "vulnerability": "VCID-d2cw-526n-mbem" }, { "vulnerability": "VCID-db6w-yj8t-sfg4" }, { "vulnerability": "VCID-fmpr-bhrf-17gm" }, { "vulnerability": "VCID-j4rs-235r-dkfj" }, { "vulnerability": "VCID-jspj-r34n-jubz" }, { "vulnerability": "VCID-nhzy-7qdm-wbg8" }, { "vulnerability": "VCID-qsme-8a2n-23fs" }, { "vulnerability": "VCID-tudc-7sgh-nkda" }, { "vulnerability": "VCID-ufv7-y5a7-fugg" }, { "vulnerability": "VCID-wpt2-535q-3yfe" }, { "vulnerability": "VCID-xkrz-p214-hqhp" }, { "vulnerability": "VCID-ycc8-7k6j-4kbf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/20123?format=api", "purl": "pkg:pypi/django@4.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19se-3ng9-c7bw" }, { "vulnerability": "VCID-6tdg-t4nv-sbha" }, { "vulnerability": "VCID-7spe-cayc-4qb4" }, { "vulnerability": "VCID-beas-dwx6-1ffp" }, { "vulnerability": "VCID-db6w-yj8t-sfg4" }, { "vulnerability": "VCID-fmpr-bhrf-17gm" }, { "vulnerability": "VCID-jspj-r34n-jubz" }, { "vulnerability": "VCID-nhzy-7qdm-wbg8" }, { "vulnerability": "VCID-tudc-7sgh-nkda" }, { "vulnerability": "VCID-wpt2-535q-3yfe" }, { "vulnerability": "VCID-xkrz-p214-hqhp" }, { "vulnerability": "VCID-ycc8-7k6j-4kbf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.4" } ], "aliases": [ "BIT-django-2022-28346", "CVE-2022-28346", "GHSA-2gwj-7jmv-h26r", "PYSEC-2022-190" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gtkn-prux-vbdb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10239?format=api", "vulnerability_id": "VCID-j3bz-6jqe-ffgm", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44420.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44420.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44420", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32404", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32222", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44420" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44420", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44420" }, { "reference_url": "https://docs.djangoproject.com/en/3.2/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/3.2/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/3.2/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/3.2/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/d4dcd5b9dd9e462fec8220e33e3e6c822b7e88a6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/d4dcd5b9dd9e462fec8220e33e3e6c822b7e88a6" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-439.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-439.yaml" }, { "reference_url": "https://groups.google.com/forum/#!forum/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!forum/django-announce" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211229-0006", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20211229-0006" }, { "reference_url": "https://www.djangoproject.com/weblog/2021/dec/07/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2021/dec/07/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2021/dec/07/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2021/dec/07/security-releases/" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2021/12/07/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openwall.com/lists/oss-security/2021/12/07/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2028178", "reference_id": "2028178", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2028178" }, { "reference_url": "https://security.archlinux.org/AVG-2605", "reference_id": "AVG-2605", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2605" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44420", "reference_id": "CVE-2021-44420", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44420" }, { "reference_url": "https://github.com/advisories/GHSA-v6rh-hp5x-86rv", "reference_id": "GHSA-v6rh-hp5x-86rv", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v6rh-hp5x-86rv" }, { "reference_url": "https://security.gentoo.org/glsa/202509-03", "reference_id": "GLSA-202509-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5498", "reference_id": "RHSA-2022:5498", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5498" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0742", "reference_id": "RHSA-2023:0742", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0742" }, { "reference_url": "https://usn.ubuntu.com/5178-1/", "reference_id": "USN-5178-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5178-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18244?format=api", "purl": "pkg:pypi/django@2.2.25", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sve-8b9b-hud7" }, { "vulnerability": "VCID-38w8-jbku-eugu" }, { "vulnerability": "VCID-6uja-brvn-rufw" }, { "vulnerability": "VCID-beas-dwx6-1ffp" }, { "vulnerability": "VCID-cece-1mun-ckgh" }, { "vulnerability": "VCID-db6w-yj8t-sfg4" }, { "vulnerability": "VCID-gtkn-prux-vbdb" }, { "vulnerability": "VCID-tudc-7sgh-nkda" }, { "vulnerability": "VCID-w3dy-chny-5fbc" }, { "vulnerability": "VCID-wpt2-535q-3yfe" }, { "vulnerability": "VCID-xkrz-p214-hqhp" }, { "vulnerability": "VCID-ycc8-7k6j-4kbf" }, { "vulnerability": "VCID-ymm2-ns18-wkcw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.25" }, { "url": "http://public2.vulnerablecode.io/api/packages/18245?format=api", "purl": "pkg:pypi/django@3.1.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-beas-dwx6-1ffp" }, { "vulnerability": "VCID-db6w-yj8t-sfg4" }, { "vulnerability": "VCID-tudc-7sgh-nkda" }, { "vulnerability": "VCID-wpt2-535q-3yfe" }, { "vulnerability": "VCID-xkrz-p214-hqhp" }, { "vulnerability": "VCID-ycc8-7k6j-4kbf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/18243?format=api", "purl": "pkg:pypi/django@3.2.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19se-3ng9-c7bw" }, { "vulnerability": "VCID-2sve-8b9b-hud7" }, { "vulnerability": "VCID-38w8-jbku-eugu" }, { "vulnerability": "VCID-6tdg-t4nv-sbha" }, { "vulnerability": "VCID-6uja-brvn-rufw" }, { "vulnerability": "VCID-7spe-cayc-4qb4" }, { "vulnerability": "VCID-9ge1-u71f-rbaw" }, { "vulnerability": "VCID-beas-dwx6-1ffp" }, { "vulnerability": "VCID-cece-1mun-ckgh" }, { "vulnerability": "VCID-d2cw-526n-mbem" }, { "vulnerability": "VCID-db6w-yj8t-sfg4" }, { "vulnerability": "VCID-fmpr-bhrf-17gm" }, { "vulnerability": "VCID-gtkn-prux-vbdb" }, { "vulnerability": "VCID-j4rs-235r-dkfj" }, { "vulnerability": "VCID-jspj-r34n-jubz" }, { "vulnerability": "VCID-nhzy-7qdm-wbg8" }, { "vulnerability": "VCID-qsme-8a2n-23fs" }, { "vulnerability": "VCID-tudc-7sgh-nkda" }, { "vulnerability": "VCID-ufv7-y5a7-fugg" }, { "vulnerability": "VCID-w3dy-chny-5fbc" }, { "vulnerability": "VCID-wpt2-535q-3yfe" }, { "vulnerability": "VCID-xkrz-p214-hqhp" }, { "vulnerability": "VCID-ycc8-7k6j-4kbf" }, { "vulnerability": "VCID-ymm2-ns18-wkcw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.10" } ], "aliases": [ "BIT-django-2021-44420", "CVE-2021-44420", "GHSA-v6rh-hp5x-86rv", "PYSEC-2021-439" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j3bz-6jqe-ffgm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/20512?format=api", "vulnerability_id": "VCID-tudc-7sgh-nkda", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45231.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45231.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45231", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46576", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46721", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/3c733c78d6f8e50296d6e248968b6516c92a53ca", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/3c733c78d6f8e50296d6e248968b6516c92a53ca" }, { "reference_url": "https://github.com/django/django/commit/96d84047715ea1715b4bd1594e46122b8a77b9e2", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/96d84047715ea1715b4bd1594e46122b8a77b9e2" }, { "reference_url": "https://github.com/django/django/commit/bf4888d317ba4506d091eeac6e8b4f1fcc731199", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/bf4888d317ba4506d091eeac6e8b4f1fcc731199" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/sep/03/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2024/sep/03/security-releases" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314496", "reference_id": "2314496", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314496" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45231", "reference_id": "CVE-2024-45231", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45231" }, { "reference_url": "https://groups.google.com/forum/#%21forum/django-announce", "reference_id": "django-announce", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:35:34Z/" } ], "url": "https://groups.google.com/forum/#%21forum/django-announce" }, { "reference_url": "https://github.com/advisories/GHSA-rrqc-c2jx-6jgv", "reference_id": "GHSA-rrqc-c2jx-6jgv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rrqc-c2jx-6jgv" }, { "reference_url": "https://security.gentoo.org/glsa/202509-03", "reference_id": "GLSA-202509-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-03" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "security", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:35:34Z/" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://www.djangoproject.com/weblog/2024/sep/03/security-releases/", "reference_id": "security-releases", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:35:34Z/" } ], "url": "https://www.djangoproject.com/weblog/2024/sep/03/security-releases/" }, { "reference_url": "https://usn.ubuntu.com/6987-1/", "reference_id": "USN-6987-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6987-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/33732?format=api", "purl": "pkg:pypi/django@4.2.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13q1-fzeg-bfd9" }, { "vulnerability": "VCID-4xtu-yeh2-pbc8" }, { "vulnerability": "VCID-72z9-v49q-vbcc" }, { "vulnerability": "VCID-81b9-uqyv-kkhm" }, { "vulnerability": "VCID-a4fn-xf8s-tye5" }, { "vulnerability": "VCID-beas-dwx6-1ffp" }, { "vulnerability": "VCID-db6w-yj8t-sfg4" }, { "vulnerability": "VCID-dh5p-grha-r7a2" }, { "vulnerability": "VCID-dqpz-q718-pkas" }, { "vulnerability": "VCID-e331-cbgc-hubm" }, { "vulnerability": "VCID-fwwm-7y13-y3dx" }, { "vulnerability": "VCID-hb8n-gwz6-9yd9" }, { "vulnerability": "VCID-jdjc-ygtk-c7hv" }, { "vulnerability": "VCID-mja4-jz67-kbh6" }, { "vulnerability": "VCID-pmhc-yu6r-uudy" }, { "vulnerability": "VCID-pn2d-2euz-pudt" }, { "vulnerability": "VCID-q3sw-jd7p-1yg1" }, { "vulnerability": "VCID-r3dj-t213-jyhh" }, { "vulnerability": "VCID-s9u4-39qe-pkh2" }, { "vulnerability": "VCID-sbwy-buwj-gkd2" }, { "vulnerability": "VCID-wwzx-eujh-sye1" }, { "vulnerability": "VCID-xkrz-p214-hqhp" }, { "vulnerability": "VCID-ycc8-7k6j-4kbf" }, { "vulnerability": "VCID-z3vg-rtt7-vuem" }, { "vulnerability": "VCID-zr7g-1xkm-fqdw" }, { "vulnerability": "VCID-zztc-4be5-fker" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/33731?format=api", "purl": "pkg:pypi/django@5.0.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6wvp-47qa-m7bc" }, { "vulnerability": "VCID-a4fn-xf8s-tye5" }, { "vulnerability": "VCID-beas-dwx6-1ffp" }, { "vulnerability": "VCID-db6w-yj8t-sfg4" }, { "vulnerability": "VCID-mja4-jz67-kbh6" }, { "vulnerability": "VCID-wwzx-eujh-sye1" }, { "vulnerability": "VCID-xkrz-p214-hqhp" }, { "vulnerability": "VCID-ycc8-7k6j-4kbf" }, { "vulnerability": "VCID-z3vg-rtt7-vuem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.0.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/33730?format=api", "purl": "pkg:pypi/django@5.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6wvp-47qa-m7bc" }, { "vulnerability": "VCID-72z9-v49q-vbcc" }, { "vulnerability": "VCID-81b9-uqyv-kkhm" }, { "vulnerability": "VCID-a4fn-xf8s-tye5" }, { "vulnerability": "VCID-beas-dwx6-1ffp" }, { "vulnerability": "VCID-db6w-yj8t-sfg4" }, { "vulnerability": "VCID-fwwm-7y13-y3dx" }, { "vulnerability": "VCID-mja4-jz67-kbh6" }, { "vulnerability": "VCID-pmhc-yu6r-uudy" }, { "vulnerability": "VCID-s9u4-39qe-pkh2" }, { "vulnerability": "VCID-wwzx-eujh-sye1" }, { "vulnerability": "VCID-xkrz-p214-hqhp" }, { "vulnerability": "VCID-ycc8-7k6j-4kbf" }, { "vulnerability": "VCID-z3vg-rtt7-vuem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.1" } ], "aliases": [ "CVE-2024-45231", "GHSA-rrqc-c2jx-6jgv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tudc-7sgh-nkda" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9580?format=api", "vulnerability_id": "VCID-u9dr-ca2g-e3hk", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33203.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33203.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33203", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34403", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34225", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33203" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33203", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33203" }, { "reference_url": "https://docs.djangoproject.com/en/3.2/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/3.2/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/3.2/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/3.2/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-68w8-qjq3-2gfm", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-68w8-qjq3-2gfm" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/053cc9534d174dc89daba36724ed2dcb36755b90", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/053cc9534d174dc89daba36724ed2dcb36755b90" }, { "reference_url": "https://github.com/django/django/commit/20c67a0693c4ede2b09af02574823485e82e4c8f", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/20c67a0693c4ede2b09af02574823485e82e4c8f" }, { "reference_url": "https://github.com/django/django/commit/dfaba12cda060b8b292ae1d271b44bf810b1c5b9", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/dfaba12cda060b8b292ae1d271b44bf810b1c5b9" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-98.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-98.yaml" }, { "reference_url": "https://groups.google.com/forum/#!forum/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!forum/django-announce" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33203", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33203" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210727-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210727-0004" }, { "reference_url": "https://www.djangoproject.com/weblog/2021/jun/02/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2021/jun/02/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2021/jun/02/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2021/jun/02/security-releases/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966251", "reference_id": "1966251", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966251" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989394", "reference_id": "989394", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989394" }, { "reference_url": "https://security.archlinux.org/ASA-202106-41", "reference_id": "ASA-202106-41", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-41" }, { "reference_url": "https://security.archlinux.org/AVG-2026", "reference_id": "AVG-2026", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2026" }, { "reference_url": "https://security.gentoo.org/glsa/202509-03", "reference_id": "GLSA-202509-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3490", "reference_id": "RHSA-2021:3490", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3490" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4702", "reference_id": "RHSA-2021:4702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5070", "reference_id": "RHSA-2021:5070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5070" }, { "reference_url": "https://usn.ubuntu.com/4975-1/", "reference_id": "USN-4975-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4975-1/" }, { "reference_url": "https://usn.ubuntu.com/4975-2/", "reference_id": "USN-4975-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4975-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65110?format=api", "purl": "pkg:pypi/django@2.2.24", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sve-8b9b-hud7" }, { "vulnerability": "VCID-38w8-jbku-eugu" }, { "vulnerability": "VCID-6uja-brvn-rufw" }, { "vulnerability": "VCID-beas-dwx6-1ffp" }, { "vulnerability": "VCID-cece-1mun-ckgh" }, { "vulnerability": "VCID-db6w-yj8t-sfg4" }, { "vulnerability": "VCID-gtkn-prux-vbdb" }, { "vulnerability": "VCID-j3bz-6jqe-ffgm" }, { "vulnerability": "VCID-tudc-7sgh-nkda" }, { "vulnerability": "VCID-w3dy-chny-5fbc" }, { "vulnerability": "VCID-wpt2-535q-3yfe" }, { "vulnerability": "VCID-xkrz-p214-hqhp" }, { "vulnerability": "VCID-ycc8-7k6j-4kbf" }, { "vulnerability": "VCID-ymm2-ns18-wkcw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.24" }, { "url": "http://public2.vulnerablecode.io/api/packages/65111?format=api", "purl": "pkg:pypi/django@3.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-28ff-ng96-5ugk" }, { "vulnerability": "VCID-beas-dwx6-1ffp" }, { "vulnerability": "VCID-db6w-yj8t-sfg4" }, { "vulnerability": "VCID-j3bz-6jqe-ffgm" }, { "vulnerability": "VCID-tudc-7sgh-nkda" }, { "vulnerability": "VCID-wpt2-535q-3yfe" }, { "vulnerability": "VCID-xkrz-p214-hqhp" }, { "vulnerability": "VCID-ycc8-7k6j-4kbf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/65112?format=api", "purl": "pkg:pypi/django@3.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19se-3ng9-c7bw" }, { "vulnerability": "VCID-28ff-ng96-5ugk" }, { "vulnerability": "VCID-2sve-8b9b-hud7" }, { "vulnerability": "VCID-38w8-jbku-eugu" }, { "vulnerability": "VCID-6tdg-t4nv-sbha" }, { "vulnerability": "VCID-6uja-brvn-rufw" }, { "vulnerability": "VCID-7spe-cayc-4qb4" }, { "vulnerability": "VCID-9ge1-u71f-rbaw" }, { "vulnerability": "VCID-beas-dwx6-1ffp" }, { "vulnerability": "VCID-cece-1mun-ckgh" }, { "vulnerability": "VCID-d2cw-526n-mbem" }, { "vulnerability": "VCID-db6w-yj8t-sfg4" }, { "vulnerability": "VCID-fmpr-bhrf-17gm" }, { "vulnerability": "VCID-gtkn-prux-vbdb" }, { "vulnerability": "VCID-j3bz-6jqe-ffgm" }, { "vulnerability": "VCID-j4rs-235r-dkfj" }, { "vulnerability": "VCID-jspj-r34n-jubz" }, { "vulnerability": "VCID-nhzy-7qdm-wbg8" }, { "vulnerability": "VCID-qsme-8a2n-23fs" }, { "vulnerability": "VCID-tudc-7sgh-nkda" }, { "vulnerability": "VCID-ufv7-y5a7-fugg" }, { "vulnerability": "VCID-w3dy-chny-5fbc" }, { "vulnerability": "VCID-wpt2-535q-3yfe" }, { "vulnerability": "VCID-xkrz-p214-hqhp" }, { "vulnerability": "VCID-ycc8-7k6j-4kbf" }, { "vulnerability": "VCID-ymm2-ns18-wkcw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.4" } ], "aliases": [ "BIT-django-2021-33203", "CVE-2021-33203", "GHSA-68w8-qjq3-2gfm", "PYSEC-2021-98" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u9dr-ca2g-e3hk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11799?format=api", "vulnerability_id": "VCID-w3dy-chny-5fbc", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28347.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28347.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28347", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00748", "scoring_system": "epss", "scoring_elements": "0.73618", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00748", "scoring_system": "epss", "scoring_elements": "0.73544", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28347" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22818", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22818" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28346", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28346" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28347", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28347" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34265", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34265" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36359", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36359" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41323", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41323" }, { "reference_url": "https://docs.djangoproject.com/en/4.0/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/4.0/releases/security" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/00b0fc50e1738c7174c495464a5ef069408a4402", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/00b0fc50e1738c7174c495464a5ef069408a4402" }, { "reference_url": "https://github.com/django/django/commit/29a6c98b4c13af82064f993f0acc6e8fafa4d3f5", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/29a6c98b4c13af82064f993f0acc6e8fafa4d3f5" }, { "reference_url": "https://github.com/django/django/commit/6723a26e59b0b5429a0c5873941e01a2e1bdbb81", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/6723a26e59b0b5429a0c5873941e01a2e1bdbb81" }, { "reference_url": "https://github.com/django/django/commit/9e19accb6e0a00ba77d5a95a91675bf18877c72d", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/9e19accb6e0a00ba77d5a95a91675bf18877c72d" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-191.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-191.yaml" }, { "reference_url": "https://groups.google.com/forum/#!forum/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!forum/django-announce" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5254", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2022/dsa-5254" }, { "reference_url": "https://www.djangoproject.com/weblog/2022/apr/11/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2022/apr/11/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2022/apr/11/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2022/apr/11/security-releases/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/04/11/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2022/04/11/1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009677", "reference_id": "1009677", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009677" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072459", "reference_id": "2072459", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072459" }, { "reference_url": "https://security.archlinux.org/ASA-202204-9", "reference_id": "ASA-202204-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202204-9" }, { "reference_url": "https://security.archlinux.org/AVG-2667", "reference_id": "AVG-2667", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2667" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28347", "reference_id": "CVE-2022-28347", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28347" }, { "reference_url": "https://github.com/advisories/GHSA-w24h-v9qh-8gxj", "reference_id": "GHSA-w24h-v9qh-8gxj", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w24h-v9qh-8gxj" }, { "reference_url": "https://security.gentoo.org/glsa/202509-03", "reference_id": "GLSA-202509-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5498", "reference_id": "RHSA-2022:5498", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5498" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5602", "reference_id": "RHSA-2022:5602", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5602" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5702", "reference_id": "RHSA-2022:5702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5703", "reference_id": "RHSA-2022:5703", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5703" }, { "reference_url": "https://usn.ubuntu.com/5373-1/", "reference_id": "USN-5373-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5373-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20125?format=api", "purl": "pkg:pypi/django@2.2.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-beas-dwx6-1ffp" }, { "vulnerability": "VCID-db6w-yj8t-sfg4" }, { "vulnerability": "VCID-tudc-7sgh-nkda" }, { "vulnerability": "VCID-wpt2-535q-3yfe" }, { "vulnerability": "VCID-xkrz-p214-hqhp" }, { "vulnerability": "VCID-ycc8-7k6j-4kbf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.28" }, { "url": "http://public2.vulnerablecode.io/api/packages/20124?format=api", "purl": "pkg:pypi/django@3.2.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19se-3ng9-c7bw" }, { "vulnerability": "VCID-6tdg-t4nv-sbha" }, { "vulnerability": "VCID-7spe-cayc-4qb4" }, { "vulnerability": "VCID-9ge1-u71f-rbaw" }, { "vulnerability": "VCID-beas-dwx6-1ffp" }, { "vulnerability": "VCID-d2cw-526n-mbem" }, { "vulnerability": "VCID-db6w-yj8t-sfg4" }, { "vulnerability": "VCID-fmpr-bhrf-17gm" }, { "vulnerability": "VCID-j4rs-235r-dkfj" }, { "vulnerability": "VCID-jspj-r34n-jubz" }, { "vulnerability": "VCID-nhzy-7qdm-wbg8" }, { "vulnerability": "VCID-qsme-8a2n-23fs" }, { "vulnerability": "VCID-tudc-7sgh-nkda" }, { "vulnerability": "VCID-ufv7-y5a7-fugg" }, { "vulnerability": "VCID-wpt2-535q-3yfe" }, { "vulnerability": "VCID-xkrz-p214-hqhp" }, { "vulnerability": "VCID-ycc8-7k6j-4kbf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/20123?format=api", "purl": "pkg:pypi/django@4.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19se-3ng9-c7bw" }, { "vulnerability": "VCID-6tdg-t4nv-sbha" }, { "vulnerability": "VCID-7spe-cayc-4qb4" }, { "vulnerability": "VCID-beas-dwx6-1ffp" }, { "vulnerability": "VCID-db6w-yj8t-sfg4" }, { "vulnerability": "VCID-fmpr-bhrf-17gm" }, { "vulnerability": "VCID-jspj-r34n-jubz" }, { "vulnerability": "VCID-nhzy-7qdm-wbg8" }, { "vulnerability": "VCID-tudc-7sgh-nkda" }, { "vulnerability": "VCID-wpt2-535q-3yfe" }, { "vulnerability": "VCID-xkrz-p214-hqhp" }, { "vulnerability": "VCID-ycc8-7k6j-4kbf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.4" } ], "aliases": [ "BIT-django-2022-28347", "CVE-2022-28347", "GHSA-w24h-v9qh-8gxj", "PYSEC-2022-191" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w3dy-chny-5fbc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12228?format=api", "vulnerability_id": "VCID-wpt2-535q-3yfe", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36359", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0113", "scoring_system": "epss", "scoring_elements": "0.78797", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0113", "scoring_system": "epss", "scoring_elements": "0.78732", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36359" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22818", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22818" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28346", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28346" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28347", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28347" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34265", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34265" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36359", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36359" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41323", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41323" }, { "reference_url": "https://docs.djangoproject.com/en/4.0/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/4.0/releases/security" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/b3e4494d759202a3b6bf247fd34455bf13be5b80", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/b3e4494d759202a3b6bf247fd34455bf13be5b80" }, { "reference_url": "https://github.com/django/django/commit/b7d9529cbe0af4adabb6ea5d01ed8dcce3668fb3", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/b7d9529cbe0af4adabb6ea5d01ed8dcce3668fb3" }, { "reference_url": "https://github.com/django/django/commit/bd062445cffd3f6cc6dcd20d13e2abed818fa173", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/bd062445cffd3f6cc6dcd20d13e2abed818fa173" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-245.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-245.yaml" }, { "reference_url": "https://groups.google.com/g/django-announce/c/8cz--gvaJr4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/django-announce/c/8cz--gvaJr4" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220915-0008", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220915-0008" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5254", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2022/dsa-5254" }, { "reference_url": "https://www.djangoproject.com/weblog/2022/aug/03/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2022/aug/03/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2022/aug/03/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2022/aug/03/security-releases/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/08/03/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2022/08/03/1" }, { "reference_url": "https://security.archlinux.org/AVG-2810", "reference_id": "AVG-2810", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2810" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36359", "reference_id": "CVE-2022-36359", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36359" }, { "reference_url": "https://github.com/advisories/GHSA-8x94-hmjh-97hq", "reference_id": "GHSA-8x94-hmjh-97hq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8x94-hmjh-97hq" }, { "reference_url": "https://security.gentoo.org/glsa/202509-03", "reference_id": "GLSA-202509-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-03" }, { "reference_url": "https://usn.ubuntu.com/5549-1/", "reference_id": "USN-5549-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5549-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/25743?format=api", "purl": "pkg:pypi/django@3.2.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19se-3ng9-c7bw" }, { "vulnerability": "VCID-6tdg-t4nv-sbha" }, { "vulnerability": "VCID-7spe-cayc-4qb4" }, { "vulnerability": "VCID-9ge1-u71f-rbaw" }, { "vulnerability": "VCID-beas-dwx6-1ffp" }, { "vulnerability": "VCID-d2cw-526n-mbem" }, { "vulnerability": "VCID-db6w-yj8t-sfg4" }, { "vulnerability": "VCID-j4rs-235r-dkfj" }, { "vulnerability": "VCID-jspj-r34n-jubz" }, { "vulnerability": "VCID-nhzy-7qdm-wbg8" }, { "vulnerability": "VCID-qsme-8a2n-23fs" }, { "vulnerability": "VCID-tudc-7sgh-nkda" }, { "vulnerability": "VCID-ufv7-y5a7-fugg" }, { "vulnerability": "VCID-xkrz-p214-hqhp" }, { "vulnerability": "VCID-ycc8-7k6j-4kbf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/25744?format=api", "purl": "pkg:pypi/django@4.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19se-3ng9-c7bw" }, { "vulnerability": "VCID-6tdg-t4nv-sbha" }, { "vulnerability": "VCID-7spe-cayc-4qb4" }, { "vulnerability": "VCID-beas-dwx6-1ffp" }, { "vulnerability": "VCID-db6w-yj8t-sfg4" }, { "vulnerability": "VCID-jspj-r34n-jubz" }, { "vulnerability": "VCID-nhzy-7qdm-wbg8" }, { "vulnerability": "VCID-tudc-7sgh-nkda" }, { "vulnerability": "VCID-xkrz-p214-hqhp" }, { "vulnerability": "VCID-ycc8-7k6j-4kbf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.7" } ], "aliases": [ "BIT-django-2022-36359", "CVE-2022-36359", "GHSA-8x94-hmjh-97hq", "PYSEC-2022-245" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wpt2-535q-3yfe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9608?format=api", "vulnerability_id": "VCID-x91x-cxp9-4fgp", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33571.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33571.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33571", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03081", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03069", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33571" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33571", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33571" }, { "reference_url": "https://docs.djangoproject.com/en/3.2/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/3.2/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/3.2/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/3.2/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-p99v-5w3c-jqq9", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p99v-5w3c-jqq9" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/203d4ab9ebcd72fc4d6eb7398e66ed9e474e118e", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/203d4ab9ebcd72fc4d6eb7398e66ed9e474e118e" }, { "reference_url": "https://github.com/django/django/commit/9f75e2e562fa0c0482f3dde6fc7399a9070b4a3d", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/9f75e2e562fa0c0482f3dde6fc7399a9070b4a3d" }, { "reference_url": "https://github.com/django/django/commit/f27c38ab5d90f68c9dd60cabef248a570c0be8fc", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/f27c38ab5d90f68c9dd60cabef248a570c0be8fc" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-99.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-99.yaml" }, { "reference_url": "https://groups.google.com/g/django-announce/c/sPyjSKMi8Eo", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/django-announce/c/sPyjSKMi8Eo" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33571", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33571" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210727-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210727-0004" }, { "reference_url": "https://www.djangoproject.com/weblog/2021/jun/02/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2021/jun/02/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2021/jun/02/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2021/jun/02/security-releases/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966253", "reference_id": "1966253", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966253" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989394", "reference_id": "989394", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989394" }, { "reference_url": "https://security.archlinux.org/ASA-202106-41", "reference_id": "ASA-202106-41", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-41" }, { "reference_url": "https://security.archlinux.org/AVG-2026", "reference_id": "AVG-2026", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2026" }, { "reference_url": "https://security.gentoo.org/glsa/202509-03", "reference_id": "GLSA-202509-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3490", "reference_id": "RHSA-2021:3490", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3490" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4702", "reference_id": "RHSA-2021:4702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5070", "reference_id": "RHSA-2021:5070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5070" }, { "reference_url": "https://usn.ubuntu.com/4975-1/", "reference_id": "USN-4975-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4975-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65110?format=api", "purl": "pkg:pypi/django@2.2.24", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sve-8b9b-hud7" }, { "vulnerability": "VCID-38w8-jbku-eugu" }, { "vulnerability": "VCID-6uja-brvn-rufw" }, { "vulnerability": "VCID-beas-dwx6-1ffp" }, { "vulnerability": "VCID-cece-1mun-ckgh" }, { "vulnerability": "VCID-db6w-yj8t-sfg4" }, { "vulnerability": "VCID-gtkn-prux-vbdb" }, { "vulnerability": "VCID-j3bz-6jqe-ffgm" }, { "vulnerability": "VCID-tudc-7sgh-nkda" }, { "vulnerability": "VCID-w3dy-chny-5fbc" }, { "vulnerability": "VCID-wpt2-535q-3yfe" }, { "vulnerability": "VCID-xkrz-p214-hqhp" }, { "vulnerability": "VCID-ycc8-7k6j-4kbf" }, { "vulnerability": "VCID-ymm2-ns18-wkcw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.24" }, { "url": "http://public2.vulnerablecode.io/api/packages/65111?format=api", "purl": "pkg:pypi/django@3.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-28ff-ng96-5ugk" }, { "vulnerability": "VCID-beas-dwx6-1ffp" }, { "vulnerability": "VCID-db6w-yj8t-sfg4" }, { "vulnerability": "VCID-j3bz-6jqe-ffgm" }, { "vulnerability": "VCID-tudc-7sgh-nkda" }, { "vulnerability": "VCID-wpt2-535q-3yfe" }, { "vulnerability": "VCID-xkrz-p214-hqhp" }, { "vulnerability": "VCID-ycc8-7k6j-4kbf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/65112?format=api", "purl": "pkg:pypi/django@3.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19se-3ng9-c7bw" }, { "vulnerability": "VCID-28ff-ng96-5ugk" }, { "vulnerability": "VCID-2sve-8b9b-hud7" }, { "vulnerability": "VCID-38w8-jbku-eugu" }, { "vulnerability": "VCID-6tdg-t4nv-sbha" }, { "vulnerability": "VCID-6uja-brvn-rufw" }, { "vulnerability": "VCID-7spe-cayc-4qb4" }, { "vulnerability": "VCID-9ge1-u71f-rbaw" }, { "vulnerability": "VCID-beas-dwx6-1ffp" }, { "vulnerability": "VCID-cece-1mun-ckgh" }, { "vulnerability": "VCID-d2cw-526n-mbem" }, { "vulnerability": "VCID-db6w-yj8t-sfg4" }, { "vulnerability": "VCID-fmpr-bhrf-17gm" }, { "vulnerability": "VCID-gtkn-prux-vbdb" }, { "vulnerability": "VCID-j3bz-6jqe-ffgm" }, { "vulnerability": "VCID-j4rs-235r-dkfj" }, { "vulnerability": "VCID-jspj-r34n-jubz" }, { "vulnerability": "VCID-nhzy-7qdm-wbg8" }, { "vulnerability": "VCID-qsme-8a2n-23fs" }, { "vulnerability": "VCID-tudc-7sgh-nkda" }, { "vulnerability": "VCID-ufv7-y5a7-fugg" }, { "vulnerability": "VCID-w3dy-chny-5fbc" }, { "vulnerability": "VCID-wpt2-535q-3yfe" }, { "vulnerability": "VCID-xkrz-p214-hqhp" }, { "vulnerability": "VCID-ycc8-7k6j-4kbf" }, { "vulnerability": "VCID-ymm2-ns18-wkcw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.4" } ], "aliases": [ "BIT-django-2021-33571", "CVE-2021-33571", "GHSA-p99v-5w3c-jqq9", "PYSEC-2021-99" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x91x-cxp9-4fgp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90357?format=api", "vulnerability_id": "VCID-xkrz-p214-hqhp", "summary": "An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.\nNFKC normalization in Python is slow on Windows. As a consequence, `django.http.HttpResponseRedirect`, `django.http.HttpResponsePermanentRedirect`, and the shortcut `django.shortcuts.redirect` were subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank Seokchan Yoon for reporting this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64458.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64458.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64458", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07314", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07356", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64458" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/3790593781d26168e7306b5b2f8ea0309de16242", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/3790593781d26168e7306b5b2f8ea0309de16242" }, { "reference_url": "https://github.com/django/django/commit/4f5d904b63751dea9ffc3b0e046404a7fa5881ac", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/4f5d904b63751dea9ffc3b0e046404a7fa5881ac" }, { "reference_url": "https://github.com/django/django/commit/6e13348436fccf8f22982921d6a3a3e65c956a9f", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/6e13348436fccf8f22982921d6a3a3e65c956a9f" }, { "reference_url": "https://github.com/django/django/commit/770eea38d7a0e9ba9455140b5a9a9e33618226a7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/770eea38d7a0e9ba9455140b5a9a9e33618226a7" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-107.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-107.yaml" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/nov/05/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2025/nov/05/security-releases" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2412649", "reference_id": "2412649", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2412649" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64458", "reference_id": "CVE-2025-64458", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64458" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "django-announce", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-05T16:20:23Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://github.com/advisories/GHSA-qw25-v68c-qjf3", "reference_id": "GHSA-qw25-v68c-qjf3", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qw25-v68c-qjf3" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "security", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-05T16:20:23Z/" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/nov/05/security-releases/", "reference_id": "security-releases", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-05T16:20:23Z/" } ], "url": "https://www.djangoproject.com/weblog/2025/nov/05/security-releases/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/35005?format=api", "purl": "pkg:pypi/django@4.2.26", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13q1-fzeg-bfd9" }, { "vulnerability": "VCID-4xtu-yeh2-pbc8" }, { "vulnerability": "VCID-72z9-v49q-vbcc" }, { "vulnerability": "VCID-81b9-uqyv-kkhm" }, { "vulnerability": "VCID-dh5p-grha-r7a2" }, { "vulnerability": "VCID-dqpz-q718-pkas" }, { "vulnerability": "VCID-e331-cbgc-hubm" }, { "vulnerability": "VCID-hb8n-gwz6-9yd9" }, { "vulnerability": "VCID-jdjc-ygtk-c7hv" }, { "vulnerability": "VCID-pn2d-2euz-pudt" }, { "vulnerability": "VCID-q3sw-jd7p-1yg1" }, { "vulnerability": "VCID-r3dj-t213-jyhh" }, { "vulnerability": "VCID-sbwy-buwj-gkd2" }, { "vulnerability": "VCID-zr7g-1xkm-fqdw" }, { "vulnerability": "VCID-zztc-4be5-fker" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.26" }, { "url": "http://public2.vulnerablecode.io/api/packages/35019?format=api", "purl": "pkg:pypi/django@5.1.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-72z9-v49q-vbcc" }, { "vulnerability": "VCID-81b9-uqyv-kkhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/35012?format=api", "purl": "pkg:pypi/django@5.2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13q1-fzeg-bfd9" }, { "vulnerability": "VCID-1g9h-ryet-2ffs" }, { "vulnerability": "VCID-1mp4-kq35-1ba7" }, { "vulnerability": "VCID-4xtu-yeh2-pbc8" }, { "vulnerability": "VCID-72z9-v49q-vbcc" }, { "vulnerability": "VCID-81b9-uqyv-kkhm" }, { "vulnerability": "VCID-8tz7-vjwz-rycs" }, { "vulnerability": "VCID-dh5p-grha-r7a2" }, { "vulnerability": "VCID-dqpz-q718-pkas" }, { "vulnerability": "VCID-e331-cbgc-hubm" }, { "vulnerability": "VCID-h5qf-zbcz-qygg" }, { "vulnerability": "VCID-hb8n-gwz6-9yd9" }, { "vulnerability": "VCID-jdjc-ygtk-c7hv" }, { "vulnerability": "VCID-m4mg-yd86-dyfw" }, { "vulnerability": "VCID-n915-wj16-wka6" }, { "vulnerability": "VCID-pn2d-2euz-pudt" }, { "vulnerability": "VCID-q3sw-jd7p-1yg1" }, { "vulnerability": "VCID-r3dj-t213-jyhh" }, { "vulnerability": "VCID-sbwy-buwj-gkd2" }, { "vulnerability": "VCID-tvk1-4am9-f3cf" }, { "vulnerability": "VCID-z7sj-r61n-qbcd" }, { "vulnerability": "VCID-zr7g-1xkm-fqdw" }, { "vulnerability": "VCID-zztc-4be5-fker" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/38619?format=api", "purl": "pkg:pypi/django@6.0a1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13q1-fzeg-bfd9" }, { "vulnerability": "VCID-4xtu-yeh2-pbc8" }, { "vulnerability": "VCID-dqpz-q718-pkas" }, { "vulnerability": "VCID-e331-cbgc-hubm" }, { "vulnerability": "VCID-pn2d-2euz-pudt" }, { "vulnerability": "VCID-sbwy-buwj-gkd2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0a1" } ], "aliases": [ "BIT-django-2025-64458", "CVE-2025-64458", "GHSA-qw25-v68c-qjf3", "PYSEC-2025-107" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xkrz-p214-hqhp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25446?format=api", "vulnerability_id": "VCID-ycc8-7k6j-4kbf", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48432.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48432.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48432", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00411", "scoring_system": "epss", "scoring_elements": "0.61866", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00411", "scoring_system": "epss", "scoring_elements": "0.61967", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24680" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53907" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56374" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-7xr5-9hcq-chf9", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7xr5-9hcq-chf9" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-47.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-47.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48432", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48432" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/jun/04/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2025/jun/04/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/06/04/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/06/04/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/06/10/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/06/10/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/06/10/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/06/10/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/06/10/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/06/10/4" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107282", "reference_id": "1107282", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107282" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370365", "reference_id": "2370365", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370365" }, { "reference_url": "https://security.archlinux.org/ASA-202506-6", "reference_id": "ASA-202506-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202506-6" }, { "reference_url": "https://security.archlinux.org/AVG-2894", "reference_id": "AVG-2894", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2894" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases/", "reference_id": "bugfix-releases", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/" } ], "url": "https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases/" }, { "reference_url": "https://groups.google.com/g/django-announce", "reference_id": "django-announce", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/" } ], "url": "https://groups.google.com/g/django-announce" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14686", "reference_id": "RHSA-2025:14686", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14686" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16487", "reference_id": "RHSA-2025:16487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16487" }, { "reference_url": "https://docs.djangoproject.com/en/dev/releases/security/", "reference_id": "security", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/" } ], "url": "https://docs.djangoproject.com/en/dev/releases/security/" }, { "reference_url": "https://www.djangoproject.com/weblog/2025/jun/04/security-releases/", "reference_id": "security-releases", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:20:12Z/" } ], "url": "https://www.djangoproject.com/weblog/2025/jun/04/security-releases/" }, { "reference_url": "https://usn.ubuntu.com/7555-1/", "reference_id": "USN-7555-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7555-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87733?format=api", "purl": "pkg:pypi/django@4.2.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13q1-fzeg-bfd9" }, { "vulnerability": "VCID-4xtu-yeh2-pbc8" }, { "vulnerability": "VCID-72z9-v49q-vbcc" }, { "vulnerability": "VCID-81b9-uqyv-kkhm" }, { "vulnerability": "VCID-beas-dwx6-1ffp" }, { "vulnerability": "VCID-db6w-yj8t-sfg4" }, { "vulnerability": "VCID-dh5p-grha-r7a2" }, { "vulnerability": "VCID-dqpz-q718-pkas" }, { "vulnerability": "VCID-e331-cbgc-hubm" }, { "vulnerability": "VCID-fwwm-7y13-y3dx" }, { "vulnerability": "VCID-hb8n-gwz6-9yd9" }, { "vulnerability": "VCID-jdjc-ygtk-c7hv" }, { "vulnerability": "VCID-pmhc-yu6r-uudy" }, { "vulnerability": "VCID-pn2d-2euz-pudt" }, { "vulnerability": "VCID-q3sw-jd7p-1yg1" }, { "vulnerability": "VCID-r3dj-t213-jyhh" }, { "vulnerability": "VCID-sbwy-buwj-gkd2" }, { "vulnerability": "VCID-xkrz-p214-hqhp" }, { "vulnerability": "VCID-zr7g-1xkm-fqdw" }, { "vulnerability": "VCID-zztc-4be5-fker" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.2.22" }, { "url": "http://public2.vulnerablecode.io/api/packages/87732?format=api", "purl": "pkg:pypi/django@5.1.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-72z9-v49q-vbcc" }, { "vulnerability": "VCID-81b9-uqyv-kkhm" }, { "vulnerability": "VCID-beas-dwx6-1ffp" }, { "vulnerability": "VCID-db6w-yj8t-sfg4" }, { "vulnerability": "VCID-fwwm-7y13-y3dx" }, { "vulnerability": "VCID-pmhc-yu6r-uudy" }, { "vulnerability": "VCID-xkrz-p214-hqhp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.1.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/87731?format=api", "purl": "pkg:pypi/django@5.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13q1-fzeg-bfd9" }, { "vulnerability": "VCID-1g9h-ryet-2ffs" }, { "vulnerability": "VCID-1mp4-kq35-1ba7" }, { "vulnerability": "VCID-4xtu-yeh2-pbc8" }, { "vulnerability": "VCID-72z9-v49q-vbcc" }, { "vulnerability": "VCID-81b9-uqyv-kkhm" }, { "vulnerability": "VCID-8tz7-vjwz-rycs" }, { "vulnerability": "VCID-beas-dwx6-1ffp" }, { "vulnerability": "VCID-db6w-yj8t-sfg4" }, { "vulnerability": "VCID-dh5p-grha-r7a2" }, { "vulnerability": "VCID-dqpz-q718-pkas" }, { "vulnerability": "VCID-e331-cbgc-hubm" }, { "vulnerability": "VCID-fwwm-7y13-y3dx" }, { "vulnerability": "VCID-h5qf-zbcz-qygg" }, { "vulnerability": "VCID-hb8n-gwz6-9yd9" }, { "vulnerability": "VCID-jdjc-ygtk-c7hv" }, { "vulnerability": "VCID-m4mg-yd86-dyfw" }, { "vulnerability": "VCID-n915-wj16-wka6" }, { "vulnerability": "VCID-pmhc-yu6r-uudy" }, { "vulnerability": "VCID-pn2d-2euz-pudt" }, { "vulnerability": "VCID-q3sw-jd7p-1yg1" }, { "vulnerability": "VCID-r3dj-t213-jyhh" }, { "vulnerability": "VCID-sbwy-buwj-gkd2" }, { "vulnerability": "VCID-tvk1-4am9-f3cf" }, { "vulnerability": "VCID-xkrz-p214-hqhp" }, { "vulnerability": "VCID-z7sj-r61n-qbcd" }, { "vulnerability": "VCID-zr7g-1xkm-fqdw" }, { "vulnerability": "VCID-zztc-4be5-fker" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.2" } ], "aliases": [ "BIT-django-2025-48432", "CVE-2025-48432", "GHSA-7xr5-9hcq-chf9", "PYSEC-2025-47" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ycc8-7k6j-4kbf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10277?format=api", "vulnerability_id": "VCID-ymm2-ns18-wkcw", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45116.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45116.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-45116", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00363", "scoring_system": "epss", "scoring_elements": "0.58927", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00363", "scoring_system": "epss", "scoring_elements": "0.58816", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-45116" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45116", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45116" }, { "reference_url": "https://docs.djangoproject.com/en/4.0/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/4.0/releases/security" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/2a8ec7f546d6d5806e221ec948c5146b55bd7489", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/2a8ec7f546d6d5806e221ec948c5146b55bd7489" }, { "reference_url": "https://github.com/django/django/commit/c7fe895bca06daf12cc1670b56eaf72a1ef27a16", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/c7fe895bca06daf12cc1670b56eaf72a1ef27a16" }, { "reference_url": "https://github.com/django/django/commit/c9f648ccfac5ab90fb2829a66da4f77e68c7f93a", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/c9f648ccfac5ab90fb2829a66da4f77e68c7f93a" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-2.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-2.yaml" }, { "reference_url": "https://groups.google.com/forum/#!forum/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!forum/django-announce" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220121-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220121-0005" }, { "reference_url": "https://www.djangoproject.com/weblog/2022/jan/04/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2022/jan/04/security-releases" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003113", "reference_id": "1003113", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003113" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2037025", "reference_id": "2037025", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2037025" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV/", "reference_id": "B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-22T15:36:53Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45116", "reference_id": "CVE-2021-45116", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45116" }, { "reference_url": "https://groups.google.com/forum/#%21forum/django-announce", "reference_id": "django-announce", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-22T15:36:53Z/" } ], "url": "https://groups.google.com/forum/#%21forum/django-announce" }, { "reference_url": "https://github.com/advisories/GHSA-8c5j-9r9f-c6w8", "reference_id": "GHSA-8c5j-9r9f-c6w8", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8c5j-9r9f-c6w8" }, { "reference_url": "https://security.gentoo.org/glsa/202509-03", "reference_id": "GLSA-202509-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-03" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220121-0005/", "reference_id": "ntap-20220121-0005", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-22T15:36:53Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20220121-0005/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5498", "reference_id": "RHSA-2022:5498", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5498" }, { "reference_url": "https://docs.djangoproject.com/en/4.0/releases/security/", "reference_id": "security", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-22T15:36:53Z/" } ], "url": "https://docs.djangoproject.com/en/4.0/releases/security/" }, { "reference_url": "https://www.djangoproject.com/weblog/2022/jan/04/security-releases/", "reference_id": "security-releases", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-22T15:36:53Z/" } ], "url": "https://www.djangoproject.com/weblog/2022/jan/04/security-releases/" }, { "reference_url": "https://usn.ubuntu.com/5204-1/", "reference_id": "USN-5204-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5204-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18642?format=api", "purl": "pkg:pypi/django@2.2.26", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sve-8b9b-hud7" }, { "vulnerability": "VCID-beas-dwx6-1ffp" }, { "vulnerability": "VCID-cece-1mun-ckgh" }, { "vulnerability": "VCID-db6w-yj8t-sfg4" }, { "vulnerability": "VCID-gtkn-prux-vbdb" }, { "vulnerability": "VCID-tudc-7sgh-nkda" }, { "vulnerability": "VCID-w3dy-chny-5fbc" }, { "vulnerability": "VCID-wpt2-535q-3yfe" }, { "vulnerability": "VCID-xkrz-p214-hqhp" }, { "vulnerability": "VCID-ycc8-7k6j-4kbf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.26" }, { "url": "http://public2.vulnerablecode.io/api/packages/18639?format=api", "purl": "pkg:pypi/django@3.2.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19se-3ng9-c7bw" }, { "vulnerability": "VCID-2sve-8b9b-hud7" }, { "vulnerability": "VCID-6tdg-t4nv-sbha" }, { "vulnerability": "VCID-7spe-cayc-4qb4" }, { "vulnerability": "VCID-9ge1-u71f-rbaw" }, { "vulnerability": "VCID-beas-dwx6-1ffp" }, { "vulnerability": "VCID-cece-1mun-ckgh" }, { "vulnerability": "VCID-d2cw-526n-mbem" }, { "vulnerability": "VCID-db6w-yj8t-sfg4" }, { "vulnerability": "VCID-fmpr-bhrf-17gm" }, { "vulnerability": "VCID-gtkn-prux-vbdb" }, { "vulnerability": "VCID-j4rs-235r-dkfj" }, { "vulnerability": "VCID-jspj-r34n-jubz" }, { "vulnerability": "VCID-nhzy-7qdm-wbg8" }, { "vulnerability": "VCID-qsme-8a2n-23fs" }, { "vulnerability": "VCID-tudc-7sgh-nkda" }, { "vulnerability": "VCID-ufv7-y5a7-fugg" }, { "vulnerability": "VCID-w3dy-chny-5fbc" }, { "vulnerability": "VCID-wpt2-535q-3yfe" }, { "vulnerability": "VCID-xkrz-p214-hqhp" }, { "vulnerability": "VCID-ycc8-7k6j-4kbf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/18641?format=api", "purl": "pkg:pypi/django@4.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19se-3ng9-c7bw" }, { "vulnerability": "VCID-2sve-8b9b-hud7" }, { "vulnerability": "VCID-6tdg-t4nv-sbha" }, { "vulnerability": "VCID-7spe-cayc-4qb4" }, { "vulnerability": "VCID-beas-dwx6-1ffp" }, { "vulnerability": "VCID-cece-1mun-ckgh" }, { "vulnerability": "VCID-db6w-yj8t-sfg4" }, { "vulnerability": "VCID-fmpr-bhrf-17gm" }, { "vulnerability": "VCID-gtkn-prux-vbdb" }, { "vulnerability": "VCID-jspj-r34n-jubz" }, { "vulnerability": "VCID-nhzy-7qdm-wbg8" }, { "vulnerability": "VCID-tudc-7sgh-nkda" }, { "vulnerability": "VCID-w3dy-chny-5fbc" }, { "vulnerability": "VCID-wpt2-535q-3yfe" }, { "vulnerability": "VCID-xkrz-p214-hqhp" }, { "vulnerability": "VCID-ycc8-7k6j-4kbf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@4.0.1" } ], "aliases": [ "BIT-django-2021-45116", "CVE-2021-45116", "GHSA-8c5j-9r9f-c6w8", "PYSEC-2022-2" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ymm2-ns18-wkcw" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9514?format=api", "vulnerability_id": "VCID-5zzj-9ez5-6ub1", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-32052.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-32052.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32052", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01859", "scoring_system": "epss", "scoring_elements": "0.83525", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01859", "scoring_system": "epss", "scoring_elements": "0.83465", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32052" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32052", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32052" }, { "reference_url": "https://docs.djangoproject.com/en/3.2/releases/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.djangoproject.com/en/3.2/releases/security" }, { "reference_url": "https://docs.djangoproject.com/en/3.2/releases/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.djangoproject.com/en/3.2/releases/security/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-qm57-vhq3-3fwf", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qm57-vhq3-3fwf" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/e1e81aa1c4427411e3c68facdd761229ffea6f6f", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/e1e81aa1c4427411e3c68facdd761229ffea6f6f" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-8.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-8.yaml" }, { "reference_url": "https://groups.google.com/forum/#!forum/django-announce", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!forum/django-announce" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32052", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32052" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210611-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210611-0002" }, { "reference_url": "https://www.djangoproject.com/weblog/2021/may/06/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.djangoproject.com/weblog/2021/may/06/security-releases" }, { "reference_url": "https://www.djangoproject.com/weblog/2021/may/06/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2021/may/06/security-releases/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/05/06/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2021/05/06/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1957455", "reference_id": "1957455", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1957455" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988136", "reference_id": "988136", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988136" }, { "reference_url": "https://security.archlinux.org/AVG-1924", "reference_id": "AVG-1924", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1924" }, { "reference_url": "https://security.gentoo.org/glsa/202509-03", "reference_id": "GLSA-202509-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-03" }, { "reference_url": "https://usn.ubuntu.com/4975-1/", "reference_id": "USN-4975-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4975-1/" }, { "reference_url": "https://usn.ubuntu.com/5373-1/", "reference_id": "USN-5373-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5373-1/" }, { "reference_url": "https://usn.ubuntu.com/5373-2/", "reference_id": "USN-5373-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5373-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64233?format=api", "purl": "pkg:pypi/django@2.2.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sve-8b9b-hud7" }, { "vulnerability": "VCID-38w8-jbku-eugu" }, { "vulnerability": "VCID-6uja-brvn-rufw" }, { "vulnerability": "VCID-beas-dwx6-1ffp" }, { "vulnerability": "VCID-cece-1mun-ckgh" }, { "vulnerability": "VCID-db6w-yj8t-sfg4" }, { "vulnerability": "VCID-gtkn-prux-vbdb" }, { "vulnerability": "VCID-j3bz-6jqe-ffgm" }, { "vulnerability": "VCID-tudc-7sgh-nkda" }, { "vulnerability": "VCID-u9dr-ca2g-e3hk" }, { "vulnerability": "VCID-w3dy-chny-5fbc" }, { "vulnerability": "VCID-wpt2-535q-3yfe" }, { "vulnerability": "VCID-x91x-cxp9-4fgp" }, { "vulnerability": "VCID-xkrz-p214-hqhp" }, { "vulnerability": "VCID-ycc8-7k6j-4kbf" }, { "vulnerability": "VCID-ymm2-ns18-wkcw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.22" }, { "url": "http://public2.vulnerablecode.io/api/packages/64234?format=api", "purl": "pkg:pypi/django@3.1.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-28ff-ng96-5ugk" }, { "vulnerability": "VCID-beas-dwx6-1ffp" }, { "vulnerability": "VCID-db6w-yj8t-sfg4" }, { "vulnerability": "VCID-j3bz-6jqe-ffgm" }, { "vulnerability": "VCID-tudc-7sgh-nkda" }, { "vulnerability": "VCID-u9dr-ca2g-e3hk" }, { "vulnerability": "VCID-wpt2-535q-3yfe" }, { "vulnerability": "VCID-x91x-cxp9-4fgp" }, { "vulnerability": "VCID-xkrz-p214-hqhp" }, { "vulnerability": "VCID-ycc8-7k6j-4kbf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/64235?format=api", "purl": "pkg:pypi/django@3.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19se-3ng9-c7bw" }, { "vulnerability": "VCID-28ff-ng96-5ugk" }, { "vulnerability": "VCID-2sve-8b9b-hud7" }, { "vulnerability": "VCID-38w8-jbku-eugu" }, { "vulnerability": "VCID-6tdg-t4nv-sbha" }, { "vulnerability": "VCID-6uja-brvn-rufw" }, { "vulnerability": "VCID-7spe-cayc-4qb4" }, { "vulnerability": "VCID-9ge1-u71f-rbaw" }, { "vulnerability": "VCID-beas-dwx6-1ffp" }, { "vulnerability": "VCID-cece-1mun-ckgh" }, { "vulnerability": "VCID-d2cw-526n-mbem" }, { "vulnerability": "VCID-db6w-yj8t-sfg4" }, { "vulnerability": "VCID-fmpr-bhrf-17gm" }, { "vulnerability": "VCID-gtkn-prux-vbdb" }, { "vulnerability": "VCID-j3bz-6jqe-ffgm" }, { "vulnerability": "VCID-j4rs-235r-dkfj" }, { "vulnerability": "VCID-jspj-r34n-jubz" }, { "vulnerability": "VCID-nhzy-7qdm-wbg8" }, { "vulnerability": "VCID-qsme-8a2n-23fs" }, { "vulnerability": "VCID-tudc-7sgh-nkda" }, { "vulnerability": "VCID-u9dr-ca2g-e3hk" }, { "vulnerability": "VCID-ufv7-y5a7-fugg" }, { "vulnerability": "VCID-w3dy-chny-5fbc" }, { "vulnerability": "VCID-wpt2-535q-3yfe" }, { "vulnerability": "VCID-x91x-cxp9-4fgp" }, { "vulnerability": "VCID-xkrz-p214-hqhp" }, { "vulnerability": "VCID-ycc8-7k6j-4kbf" }, { "vulnerability": "VCID-ymm2-ns18-wkcw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.2" } ], "aliases": [ "BIT-django-2021-32052", "CVE-2021-32052", "GHSA-qm57-vhq3-3fwf", "PYSEC-2021-8" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5zzj-9ez5-6ub1" } ], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.22" }