Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/django-unicorn@0.18.0
Typepypi
Namespace
Namedjango-unicorn
Version0.18.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version0.67.0
Latest_non_vulnerable_version0.67.0
Affected_by_vulnerabilities
0
url VCID-dp72-beuk-8yhr
vulnerability_id VCID-dp72-beuk-8yhr
summary The Unicorn framework through 0.35.3 for Django allows XSS via component.name.
references
0
reference_url http://packetstormsecurity.com/files/164442/django-unicorn-0.35.3-Cross-Site-Scripting.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/164442/django-unicorn-0.35.3-Cross-Site-Scripting.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-42053
reference_id
reference_type
scores
0
value 0.00308
scoring_system epss
scoring_elements 0.54392
published_at 2026-06-11T12:55:00Z
1
value 0.00308
scoring_system epss
scoring_elements 0.54518
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-42053
2
reference_url https://github.com/adamghill/django-unicorn
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/adamghill/django-unicorn
3
reference_url https://github.com/adamghill/django-unicorn/commit/aa5b9835d946bd9893ef02e556859e3ea62cc5e2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/adamghill/django-unicorn/commit/aa5b9835d946bd9893ef02e556859e3ea62cc5e2
4
reference_url https://github.com/adamghill/django-unicorn/compare/0.35.3...0.36.0
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/adamghill/django-unicorn/compare/0.35.3...0.36.0
5
reference_url https://github.com/adamghill/django-unicorn/pull/288
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/adamghill/django-unicorn/pull/288
6
reference_url https://github.com/adamghill/django-unicorn/pull/288/files
reference_id
reference_type
scores
url https://github.com/adamghill/django-unicorn/pull/288/files
7
reference_url https://github.com/advisories/GHSA-c87f-fq5g-63r2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-c87f-fq5g-63r2
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django-unicorn/PYSEC-2021-357.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django-unicorn/PYSEC-2021-357.yaml
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-42053
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-42053
10
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/webapps/50393.txt
reference_id CVE-2021-42053
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/webapps/50393.txt
fixed_packages
0
url pkg:pypi/django-unicorn@0.36.0
purl pkg:pypi/django-unicorn@0.36.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hbuu-qjp7-buhf
1
vulnerability VCID-n66j-14np-6udp
2
vulnerability VCID-zda1-mqyx-gqgk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django-unicorn@0.36.0
aliases CVE-2021-42053, GHSA-c87f-fq5g-63r2, PYSEC-2021-357
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dp72-beuk-8yhr
1
url VCID-hbuu-qjp7-buhf
vulnerability_id VCID-hbuu-qjp7-buhf
summary Unicorn adds modern reactive component functionality to your Django templates. Prior to 0.67.0, component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended _is_public protection to modify internal attributes such as template_name or trigger protected methods. This vulnerability is fixed in 0.67.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-31815
reference_id
reference_type
scores
0
value 0.00103
scoring_system epss
scoring_elements 0.28002
published_at 2026-06-12T12:55:00Z
1
value 0.00103
scoring_system epss
scoring_elements 0.27803
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-31815
1
reference_url https://github.com/django-commons/django-unicorn
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django-commons/django-unicorn
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-31815
reference_id CVE-2026-31815
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-31815
3
reference_url https://github.com/advisories/GHSA-ffv6-jj46-x367
reference_id GHSA-ffv6-jj46-x367
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ffv6-jj46-x367
4
reference_url https://github.com/django-commons/django-unicorn/security/advisories/GHSA-ffv6-jj46-x367
reference_id GHSA-ffv6-jj46-x367
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:17:42Z/
url https://github.com/django-commons/django-unicorn/security/advisories/GHSA-ffv6-jj46-x367
fixed_packages
0
url pkg:pypi/django-unicorn@0.67.0
purl pkg:pypi/django-unicorn@0.67.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django-unicorn@0.67.0
aliases CVE-2026-31815, GHSA-ffv6-jj46-x367
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hbuu-qjp7-buhf
2
url VCID-n66j-14np-6udp
vulnerability_id VCID-n66j-14np-6udp
summary The Unicorn framework before 0.36.1 for Django allows XSS via a component. NOTE: this issue exists because of an incomplete fix for CVE-2021-42053.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-42134
reference_id
reference_type
scores
0
value 0.0024
scoring_system epss
scoring_elements 0.47527
published_at 2026-06-11T12:55:00Z
1
value 0.0024
scoring_system epss
scoring_elements 0.47668
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-42134
1
reference_url https://github.com/adamghill/django-unicorn
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/adamghill/django-unicorn
2
reference_url https://github.com/adamghill/django-unicorn/commit/3a832a9e3f6455ddd3b87f646247269918ad10c6
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/adamghill/django-unicorn/commit/3a832a9e3f6455ddd3b87f646247269918ad10c6
3
reference_url https://github.com/adamghill/django-unicorn/compare/0.36.0...0.36.1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/adamghill/django-unicorn/compare/0.36.0...0.36.1
4
reference_url https://github.com/advisories/GHSA-ggmv-6q9p-9gm6
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-ggmv-6q9p-9gm6
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django-unicorn/PYSEC-2021-369.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django-unicorn/PYSEC-2021-369.yaml
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-42134
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-42134
fixed_packages
0
url pkg:pypi/django-unicorn@0.36.1
purl pkg:pypi/django-unicorn@0.36.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hbuu-qjp7-buhf
1
vulnerability VCID-zda1-mqyx-gqgk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django-unicorn@0.36.1
aliases CVE-2021-42134, GHSA-ggmv-6q9p-9gm6, PYSEC-2021-369
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n66j-14np-6udp
3
url VCID-zda1-mqyx-gqgk
vulnerability_id VCID-zda1-mqyx-gqgk
summary Django-Unicorn adds modern reactive component functionality to Django templates. Affected versions of Django-Unicorn are vulnerable to python class pollution vulnerability. The vulnerability arises from the core functionality `set_property_value`, which can be remotely triggered by users by crafting appropriate component requests and feeding in values of second and third parameter to the vulnerable function, leading to arbitrary changes to the python runtime status. With this finding at least five ways of vulnerability exploitation have been observed, stably resulting in Cross-Site Scripting (XSS), Denial of Service (DoS), and Authentication Bypass attacks in almost every Django-Unicorn-based application. This issue has been addressed in version 0.62.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-24370
reference_id
reference_type
scores
0
value 0.00113
scoring_system epss
scoring_elements 0.29512
published_at 2026-06-11T12:55:00Z
1
value 0.00113
scoring_system epss
scoring_elements 0.2971
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-24370
1
reference_url https://github.com/adamghill/django-unicorn
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/adamghill/django-unicorn
2
reference_url https://github.com/adamghill/django-unicorn/releases/tag/0.62.0
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/adamghill/django-unicorn/releases/tag/0.62.0
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-24370
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-24370
4
reference_url https://github.com/adamghill/django-unicorn/commit/17614200f27174f789d4af54cc3a1f2b0df7870c
reference_id 17614200f27174f789d4af54cc3a1f2b0df7870c
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-04T15:35:02Z/
url https://github.com/adamghill/django-unicorn/commit/17614200f27174f789d4af54cc3a1f2b0df7870c
5
reference_url https://github.com/adamghill/django-unicorn/security/advisories/GHSA-g9wf-5777-gq43
reference_id GHSA-g9wf-5777-gq43
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-04T15:35:02Z/
url https://github.com/adamghill/django-unicorn/security/advisories/GHSA-g9wf-5777-gq43
6
reference_url https://github.com/advisories/GHSA-g9wf-5777-gq43
reference_id GHSA-g9wf-5777-gq43
reference_type
scores
url https://github.com/advisories/GHSA-g9wf-5777-gq43
fixed_packages
0
url pkg:pypi/django-unicorn@0.62.0
purl pkg:pypi/django-unicorn@0.62.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hbuu-qjp7-buhf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django-unicorn@0.62.0
aliases CVE-2025-24370, GHSA-g9wf-5777-gq43
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zda1-mqyx-gqgk
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/django-unicorn@0.18.0