Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/python-django@0.95.1-1?distro=trixie

Type deb

Namespace debian

Name python-django

Version 0.95.1-1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 0.96-1.1

Latest_non_vulnerable_version 3:5.2.14-2

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-72fp-zabh-6qbv

vulnerability_id VCID-72fp-zabh-6qbv

summary

Django Improper Access Control
The LazyUser class in the AuthenticationMiddleware for Django 0.95 does not properly cache the user name across requests, which allows remote authenticated users to gain the privileges of a different user.

references

reference_url

http://code.djangoproject.com/changeset/3754

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://code.djangoproject.com/changeset/3754

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2007-0405

reference_id

reference_type

scores

value	0.00761
scoring_system	epss
scoring_elements	0.73526
published_at	2026-05-14T12:55:00Z

value	0.00761
scoring_system	epss
scoring_elements	0.73442
published_at	2026-04-26T12:55:00Z

value	0.00761
scoring_system	epss
scoring_elements	0.7344
published_at	2026-04-29T12:55:00Z

value	0.00761
scoring_system	epss
scoring_elements	0.73436
published_at	2026-05-05T12:55:00Z

value	0.00761
scoring_system	epss
scoring_elements	0.73461
published_at	2026-05-07T12:55:00Z

value	0.00761
scoring_system	epss
scoring_elements	0.73484
published_at	2026-05-09T12:55:00Z

value	0.00761
scoring_system	epss
scoring_elements	0.73444
published_at	2026-05-11T12:55:00Z

value	0.00761
scoring_system	epss
scoring_elements	0.73467
published_at	2026-05-12T12:55:00Z

value	0.00761
scoring_system	epss
scoring_elements	0.733
published_at	2026-04-01T12:55:00Z

value	0.00761
scoring_system	epss
scoring_elements	0.73309
published_at	2026-04-02T12:55:00Z

value	0.00761
scoring_system	epss
scoring_elements	0.73333
published_at	2026-04-04T12:55:00Z

value	0.00761
scoring_system	epss
scoring_elements	0.73306
published_at	2026-04-07T12:55:00Z

value	0.00761
scoring_system	epss
scoring_elements	0.73342
published_at	2026-04-08T12:55:00Z

value	0.00761
scoring_system	epss
scoring_elements	0.73356
published_at	2026-04-09T12:55:00Z

value	0.00761
scoring_system	epss
scoring_elements	0.73379
published_at	2026-04-11T12:55:00Z

value	0.00761
scoring_system	epss
scoring_elements	0.73359
published_at	2026-04-12T12:55:00Z

value	0.00761
scoring_system	epss
scoring_elements	0.73351
published_at	2026-04-13T12:55:00Z

value	0.00761
scoring_system	epss
scoring_elements	0.73394
published_at	2026-04-16T12:55:00Z

value	0.00761
scoring_system	epss
scoring_elements	0.73402
published_at	2026-04-18T12:55:00Z

value	0.00761
scoring_system	epss
scoring_elements	0.73395
published_at	2026-04-21T12:55:00Z

value	0.00761
scoring_system	epss
scoring_elements	0.73429
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2007-0405

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0405
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0405

reference_url	http://secunia.com/advisories/23826
reference_id
reference_type
scores
url	http://secunia.com/advisories/23826

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/31628

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/31628

reference_url

https://github.com/django/django

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django

reference_url

https://github.com/django/django/commit/3c5782287e

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/3c5782287e

reference_url

https://github.com/django/django/commit/e89f0a65581f82a5740bfe989136cea75d09cd67

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/e89f0a65581f82a5740bfe989136cea75d09cd67

reference_url	http://www.securityfocus.com/bid/22138
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/22138

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=407786
reference_id	407786
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=407786

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:django_project:django:0.95:::::::*
reference_id	cpe:2.3:a:django_project:django:0.95:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:django_project:django:0.95:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2007-0405

reference_id

CVE-2007-0405

reference_type

scores

value	6.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:P/I:P/A:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2007-0405

reference_url

https://github.com/advisories/GHSA-mwv2-398h-v489

reference_id

GHSA-mwv2-398h-v489

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-mwv2-398h-v489

fixed_packages

url	pkg:deb/debian/python-django@0.95.1-1?distro=trixie
purl	pkg:deb/debian/python-django@0.95.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@0.95.1-1%3Fdistro=trixie

url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2?distro=trixie

purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1adz-zw3h-pqek

vulnerability	VCID-46pv-pzsu-jucd

vulnerability	VCID-ac4c-321h-tqfk

vulnerability	VCID-buuq-c9ps-jfdu

vulnerability	VCID-ff2a-at5f-2qa8

vulnerability	VCID-gfym-spzk-w7gk

vulnerability	VCID-jzae-1awh-k7cm

vulnerability	VCID-mga4-an1w-qqf9

vulnerability	VCID-rwyy-f7jh-pubf

vulnerability	VCID-ssut-reka-r3f8

vulnerability	VCID-xhpa-mffz-syfy

vulnerability	VCID-z47n-5z72-u3bm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2%3Fdistro=trixie

url pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1adz-zw3h-pqek

vulnerability	VCID-46pv-pzsu-jucd

vulnerability	VCID-ac4c-321h-tqfk

vulnerability	VCID-buuq-c9ps-jfdu

vulnerability	VCID-ff2a-at5f-2qa8

vulnerability	VCID-gfym-spzk-w7gk

vulnerability	VCID-jzae-1awh-k7cm

vulnerability	VCID-mga4-an1w-qqf9

vulnerability	VCID-rwyy-f7jh-pubf

vulnerability	VCID-ssut-reka-r3f8

vulnerability	VCID-xhpa-mffz-syfy

vulnerability	VCID-z47n-5z72-u3bm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/python-django@3:4.2.28-0%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/python-django@3:4.2.28-0%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1adz-zw3h-pqek

vulnerability	VCID-46pv-pzsu-jucd

vulnerability	VCID-ac4c-321h-tqfk

vulnerability	VCID-buuq-c9ps-jfdu

vulnerability	VCID-ff2a-at5f-2qa8

vulnerability	VCID-gfym-spzk-w7gk

vulnerability	VCID-rwyy-f7jh-pubf

vulnerability	VCID-ssut-reka-r3f8

vulnerability	VCID-z47n-5z72-u3bm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.28-0%252Bdeb13u1%3Fdistro=trixie

url pkg:deb/debian/python-django@3:4.2.29-1?distro=trixie

purl pkg:deb/debian/python-django@3:4.2.29-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1adz-zw3h-pqek

vulnerability	VCID-46pv-pzsu-jucd

vulnerability	VCID-ff2a-at5f-2qa8

vulnerability	VCID-gfym-spzk-w7gk

vulnerability	VCID-ssut-reka-r3f8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.29-1%3Fdistro=trixie

url pkg:deb/debian/python-django@3:4.2.30-1?distro=trixie

purl pkg:deb/debian/python-django@3:4.2.30-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-buuq-c9ps-jfdu

vulnerability	VCID-rwyy-f7jh-pubf

vulnerability	VCID-z47n-5z72-u3bm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.30-1%3Fdistro=trixie

url	pkg:deb/debian/python-django@3:5.2.13-1?distro=trixie
purl	pkg:deb/debian/python-django@3:5.2.13-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:5.2.13-1%3Fdistro=trixie

url	pkg:deb/debian/python-django@3:5.2.14-1?distro=trixie
purl	pkg:deb/debian/python-django@3:5.2.14-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:5.2.14-1%3Fdistro=trixie

url	pkg:deb/debian/python-django@3:5.2.14-2?distro=trixie
purl	pkg:deb/debian/python-django@3:5.2.14-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:5.2.14-2%3Fdistro=trixie

aliases CVE-2007-0405, GHSA-mwv2-398h-v489

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-72fp-zabh-6qbv

url VCID-yx42-v5s7-h7ac

vulnerability_id VCID-yx42-v5s7-h7ac

summary

Django Arbitrary Code Execution
`bin/compile-messages.py` in Django 0.95 does not quote argument strings before invoking the msgfmt program through the os.system function, which allows attackers to execute arbitrary commands via shell metacharacters in a (1) .po or (2) .mo file.

references

reference_url

http://code.djangoproject.com/changeset/3592

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://code.djangoproject.com/changeset/3592

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2007-0404

reference_id

reference_type

scores

value	0.0067
scoring_system	epss
scoring_elements	0.71527
published_at	2026-05-14T12:55:00Z

value	0.0067
scoring_system	epss
scoring_elements	0.71373
published_at	2026-04-18T12:55:00Z

value	0.0067
scoring_system	epss
scoring_elements	0.71406
published_at	2026-05-05T12:55:00Z

value	0.0067
scoring_system	epss
scoring_elements	0.71414
published_at	2026-04-26T12:55:00Z

value	0.0067
scoring_system	epss
scoring_elements	0.71419
published_at	2026-04-29T12:55:00Z

value	0.0067
scoring_system	epss
scoring_elements	0.71441
published_at	2026-05-07T12:55:00Z

value	0.0067
scoring_system	epss
scoring_elements	0.71477
published_at	2026-05-09T12:55:00Z

value	0.0067
scoring_system	epss
scoring_elements	0.71442
published_at	2026-05-11T12:55:00Z

value	0.0067
scoring_system	epss
scoring_elements	0.71472
published_at	2026-05-12T12:55:00Z

value	0.0067
scoring_system	epss
scoring_elements	0.71275
published_at	2026-04-07T12:55:00Z

value	0.0067
scoring_system	epss
scoring_elements	0.71283
published_at	2026-04-02T12:55:00Z

value	0.0067
scoring_system	epss
scoring_elements	0.71301
published_at	2026-04-04T12:55:00Z

value	0.0067
scoring_system	epss
scoring_elements	0.71317
published_at	2026-04-08T12:55:00Z

value	0.0067
scoring_system	epss
scoring_elements	0.7133
published_at	2026-04-09T12:55:00Z

value	0.0067
scoring_system	epss
scoring_elements	0.71353
published_at	2026-04-21T12:55:00Z

value	0.0067
scoring_system	epss
scoring_elements	0.71338
published_at	2026-04-12T12:55:00Z

value	0.0067
scoring_system	epss
scoring_elements	0.71321
published_at	2026-04-13T12:55:00Z

value	0.0067
scoring_system	epss
scoring_elements	0.71367
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2007-0404

reference_url

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=407519

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=407519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0404
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0404

reference_url	http://secunia.com/advisories/23826
reference_id
reference_type
scores
url	http://secunia.com/advisories/23826

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/31627

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/31627

reference_url

https://github.com/django/django

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django

reference_url

https://github.com/django/django/commit/518d406e53

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/518d406e53

reference_url

https://github.com/django/django/commit/a132d411c6986418ee6c0edc331080aa792fee6e

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/a132d411c6986418ee6c0edc331080aa792fee6e

reference_url	http://www.securityfocus.com/bid/22134
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/22134

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=407786
reference_id	407786
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=407786

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:django_project:django:0.95:::::::*
reference_id	cpe:2.3:a:django_project:django:0.95:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:django_project:django:0.95:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2007-0404

reference_id

CVE-2007-0404

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2007-0404

reference_url

https://github.com/advisories/GHSA-qc99-g3wm-hgxr

reference_id

GHSA-qc99-g3wm-hgxr

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qc99-g3wm-hgxr

fixed_packages

url	pkg:deb/debian/python-django@0.95.1-1?distro=trixie
purl	pkg:deb/debian/python-django@0.95.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@0.95.1-1%3Fdistro=trixie

url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2?distro=trixie

purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1adz-zw3h-pqek

vulnerability	VCID-46pv-pzsu-jucd

vulnerability	VCID-ac4c-321h-tqfk

vulnerability	VCID-buuq-c9ps-jfdu

vulnerability	VCID-ff2a-at5f-2qa8

vulnerability	VCID-gfym-spzk-w7gk

vulnerability	VCID-jzae-1awh-k7cm

vulnerability	VCID-mga4-an1w-qqf9

vulnerability	VCID-rwyy-f7jh-pubf

vulnerability	VCID-ssut-reka-r3f8

vulnerability	VCID-xhpa-mffz-syfy

vulnerability	VCID-z47n-5z72-u3bm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2%3Fdistro=trixie

url pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1adz-zw3h-pqek

vulnerability	VCID-46pv-pzsu-jucd

vulnerability	VCID-ac4c-321h-tqfk

vulnerability	VCID-buuq-c9ps-jfdu

vulnerability	VCID-ff2a-at5f-2qa8

vulnerability	VCID-gfym-spzk-w7gk

vulnerability	VCID-jzae-1awh-k7cm

vulnerability	VCID-mga4-an1w-qqf9

vulnerability	VCID-rwyy-f7jh-pubf

vulnerability	VCID-ssut-reka-r3f8

vulnerability	VCID-xhpa-mffz-syfy

vulnerability	VCID-z47n-5z72-u3bm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/python-django@3:4.2.28-0%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/python-django@3:4.2.28-0%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1adz-zw3h-pqek

vulnerability	VCID-46pv-pzsu-jucd

vulnerability	VCID-ac4c-321h-tqfk

vulnerability	VCID-buuq-c9ps-jfdu

vulnerability	VCID-ff2a-at5f-2qa8

vulnerability	VCID-gfym-spzk-w7gk

vulnerability	VCID-rwyy-f7jh-pubf

vulnerability	VCID-ssut-reka-r3f8

vulnerability	VCID-z47n-5z72-u3bm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.28-0%252Bdeb13u1%3Fdistro=trixie

url pkg:deb/debian/python-django@3:4.2.29-1?distro=trixie

purl pkg:deb/debian/python-django@3:4.2.29-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1adz-zw3h-pqek

vulnerability	VCID-46pv-pzsu-jucd

vulnerability	VCID-ff2a-at5f-2qa8

vulnerability	VCID-gfym-spzk-w7gk

vulnerability	VCID-ssut-reka-r3f8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.29-1%3Fdistro=trixie

url pkg:deb/debian/python-django@3:4.2.30-1?distro=trixie

purl pkg:deb/debian/python-django@3:4.2.30-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-buuq-c9ps-jfdu

vulnerability	VCID-rwyy-f7jh-pubf

vulnerability	VCID-z47n-5z72-u3bm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.30-1%3Fdistro=trixie

url	pkg:deb/debian/python-django@3:5.2.13-1?distro=trixie
purl	pkg:deb/debian/python-django@3:5.2.13-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:5.2.13-1%3Fdistro=trixie

url	pkg:deb/debian/python-django@3:5.2.14-1?distro=trixie
purl	pkg:deb/debian/python-django@3:5.2.14-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:5.2.14-1%3Fdistro=trixie

url	pkg:deb/debian/python-django@3:5.2.14-2?distro=trixie
purl	pkg:deb/debian/python-django@3:5.2.14-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:5.2.14-2%3Fdistro=trixie

aliases CVE-2007-0404, GHSA-qc99-g3wm-hgxr

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yx42-v5s7-h7ac

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@0.95.1-1%3Fdistro=trixie

Package Instance