{"url":"http://public2.vulnerablecode.io/api/packages/9459?format=json","purl":"pkg:pypi/django@1.10.3","type":"pypi","namespace":"","name":"django","version":"1.10.3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.11.19","latest_non_vulnerable_version":"6.0.5","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7347?format=json","vulnerability_id":"VCID-9mpt-zxaw-kkeg","summary":"multiple issues","references":[{"reference_url":"https://docs.djangoproject.com/en/3.2/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/3.2/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-68w8-qjq3-2gfm","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-68w8-qjq3-2gfm"},{"reference_url":"https://groups.google.com/forum/#!forum/django-announce","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!forum/django-announce"},{"reference_url":"https://www.djangoproject.com/weblog/2021/jun/02/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2021/jun/02/security-releases/"},{"reference_url":"https://security.archlinux.org/ASA-202106-41","reference_id":"ASA-202106-41","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-41"},{"reference_url":"https://security.archlinux.org/AVG-2026","reference_id":"AVG-2026","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2026"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22501?format=json","purl":"pkg:pypi/django@2.2.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-6jpg-yrf8-cufy"},{"vulnerability":"VCID-9end-mq19-rke5"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-fksk-pr23-2yd8"},{"vulnerability":"VCID-n9vn-4uxr-hkau"},{"vulnerability":"VCID-nss9-1yrb-x7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.24"},{"url":"http://public2.vulnerablecode.io/api/packages/22502?format=json","purl":"pkg:pypi/django@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4pb2-tqru-uufs"},{"vulnerability":"VCID-n9vn-4uxr-hkau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/22503?format=json","purl":"pkg:pypi/django@3.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29qk-rv5n-efbm"},{"vulnerability":"VCID-2n2n-1fq2-7bbs"},{"vulnerability":"VCID-4pb2-tqru-uufs"},{"vulnerability":"VCID-4z4e-8ttu-tyd6"},{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-6jpg-yrf8-cufy"},{"vulnerability":"VCID-9end-mq19-rke5"},{"vulnerability":"VCID-am3f-c5ex-8ff2"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-au8h-vj9k-pufv"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-f4a7-tcz5-byfj"},{"vulnerability":"VCID-fksk-pr23-2yd8"},{"vulnerability":"VCID-fsaw-3ta1-x3dw"},{"vulnerability":"VCID-m1dr-sjmw-jfd2"},{"vulnerability":"VCID-m33h-4p9q-63fb"},{"vulnerability":"VCID-n9vn-4uxr-hkau"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-qgp1-4efd-6yg6"},{"vulnerability":"VCID-yuda-1mur-8bbq"},{"vulnerability":"VCID-z6tf-z1y9-cydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.4"}],"aliases":["CVE-2021-33203","GHSA-68w8-qjq3-2gfm","PYSEC-2021-98"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9mpt-zxaw-kkeg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35103?format=json","vulnerability_id":"VCID-hpj4-a9fa-4bca","summary":"In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with \"DEBUG = True\" (which makes this page accessible) in your production settings.","references":[{"reference_url":"https://github.com/advisories/GHSA-9r8w-6x8c-6jr9","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-9r8w-6x8c-6jr9"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/58e08e80e362db79eb0fd775dc81faad90dca47a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/58e08e80e362db79eb0fd775dc81faad90dca47a"},{"reference_url":"https://github.com/django/django/commit/e35a0c56086924f331e9422daa266e907a4784cc","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/e35a0c56086924f331e9422daa266e907a4784cc"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2017-44.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2017-44.yaml"},{"reference_url":"https://usn.ubuntu.com/3559-1","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3559-1"},{"reference_url":"https://usn.ubuntu.com/3559-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3559-1/"},{"reference_url":"https://web.archive.org/web/20170927072701/http://www.securitytracker.com/id/1039264","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20170927072701/http://www.securitytracker.com/id/1039264"},{"reference_url":"https://web.archive.org/web/20200227150819/http://www.securityfocus.com/bid/100643","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20200227150819/http://www.securityfocus.com/bid/100643"},{"reference_url":"https://www.djangoproject.com/weblog/2017/sep/05/security-releases","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2017/sep/05/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2017/sep/05/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2017/sep/05/security-releases/"},{"reference_url":"http://www.securityfocus.com/bid/100643","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/100643"},{"reference_url":"http://www.securitytracker.com/id/1039264","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1039264"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12794","reference_id":"CVE-2017-12794","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12794"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/10260?format=json","purl":"pkg:pypi/django@1.10.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-vdpf-jddk-syda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.10.8"},{"url":"http://public2.vulnerablecode.io/api/packages/10261?format=json","purl":"pkg:pypi/django@1.11.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-322v-ntsv-7uge"},{"vulnerability":"VCID-3mfy-uj9u-d7de"},{"vulnerability":"VCID-5q58-pzt4-8uey"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-c3m7-fu62-2qd9"},{"vulnerability":"VCID-c58g-7jpv-t7hc"},{"vulnerability":"VCID-f1br-hvnm-wfdg"},{"vulnerability":"VCID-g44a-m54u-97cr"},{"vulnerability":"VCID-gfar-wbzc-3ubr"},{"vulnerability":"VCID-kbab-v2gz-dfe6"},{"vulnerability":"VCID-m4wa-xv9b-q7ce"},{"vulnerability":"VCID-t952-ghnf-jkby"},{"vulnerability":"VCID-vdpf-jddk-syda"},{"vulnerability":"VCID-x61x-6b6k-h3bn"},{"vulnerability":"VCID-yreb-z7nz-jkbs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.5"}],"aliases":["CVE-2017-12794","GHSA-9r8w-6x8c-6jr9","PYSEC-2017-44"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hpj4-a9fa-4bca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35050?format=json","vulnerability_id":"VCID-rruq-9scz-vbg8","summary":"Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an \"on success\" URL. The security check for these redirects (namely ``django.utils.http.is_safe_url()``) considered some numeric URLs \"safe\" when they shouldn't be, aka an open redirect vulnerability. Also, if a developer relies on ``is_safe_url()`` to provide safe redirect targets and puts such a URL into a link, they could suffer from an XSS attack.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1445","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1445"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1451","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1451"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1462","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1470","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1470"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1596","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1596"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3093","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3093"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2927","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2927"},{"reference_url":"https://github.com/advisories/GHSA-37hp-765x-j95x","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-37hp-765x-j95x"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/254326cb3682389f55f886804d2c43f7b9f23e4f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/254326cb3682389f55f886804d2c43f7b9f23e4f"},{"reference_url":"https://github.com/django/django/commit/8339277518c7d8ec280070a780915304654e3b66","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/8339277518c7d8ec280070a780915304654e3b66"},{"reference_url":"https://github.com/django/django/commit/f824655bc2c50b19d2f202d7640785caabc82787","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/f824655bc2c50b19d2f202d7640785caabc82787"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2017-9.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2017-9.yaml"},{"reference_url":"https://www.djangoproject.com/weblog/2017/apr/04/security-releases","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2017/apr/04/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2017/apr/04/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2017/apr/04/security-releases/"},{"reference_url":"http://www.debian.org/security/2017/dsa-3835","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2017/dsa-3835"},{"reference_url":"http://www.securityfocus.com/bid/97406","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/97406"},{"reference_url":"http://www.securitytracker.com/id/1038177","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1038177"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7233","reference_id":"CVE-2017-7233","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7233"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9840?format=json","purl":"pkg:pypi/django@1.10.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-hpj4-a9fa-4bca"},{"vulnerability":"VCID-vdpf-jddk-syda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.10.7"}],"aliases":["CVE-2017-7233","GHSA-37hp-765x-j95x","PYSEC-2017-9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rruq-9scz-vbg8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35048?format=json","vulnerability_id":"VCID-upbz-vg19-rugv","summary":"A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18) site using the ``django.views.static.serve()`` view could redirect to any other domain, aka an open redirect vulnerability.","references":[{"reference_url":"https://github.com/advisories/GHSA-h4hv-m4h4-mhwg","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-h4hv-m4h4-mhwg"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/2a9f6ef71b8e23fd267ee2be1be26dde8ab67037","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/2a9f6ef71b8e23fd267ee2be1be26dde8ab67037"},{"reference_url":"https://github.com/django/django/commit/4a6b945dffe8d10e7cec107d93e6efaebfbded29","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/4a6b945dffe8d10e7cec107d93e6efaebfbded29"},{"reference_url":"https://github.com/django/django/commit/5f1ffb07afc1e59729ce2b283124116d6c0659e4","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/5f1ffb07afc1e59729ce2b283124116d6c0659e4"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2017-10.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2017-10.yaml"},{"reference_url":"https://web.archive.org/web/20170429023907/http://www.securitytracker.com/id/1038177","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20170429023907/http://www.securitytracker.com/id/1038177"},{"reference_url":"https://web.archive.org/web/20170526042328/http://www.securityfocus.com/bid/97401","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20170526042328/http://www.securityfocus.com/bid/97401"},{"reference_url":"https://www.djangoproject.com/weblog/2017/apr/04/security-releases","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2017/apr/04/security-releases"},{"reference_url":"https://www.djangoproject.com/weblog/2017/apr/04/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2017/apr/04/security-releases/"},{"reference_url":"http://www.debian.org/security/2017/dsa-3835","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2017/dsa-3835"},{"reference_url":"http://www.securityfocus.com/bid/97401","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/97401"},{"reference_url":"http://www.securitytracker.com/id/1038177","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1038177"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7234","reference_id":"CVE-2017-7234","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7234"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9840?format=json","purl":"pkg:pypi/django@1.10.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-hpj4-a9fa-4bca"},{"vulnerability":"VCID-vdpf-jddk-syda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.10.7"}],"aliases":["CVE-2017-7234","GHSA-h4hv-m4h4-mhwg","PYSEC-2017-10"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-upbz-vg19-rugv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5990?format=json","vulnerability_id":"VCID-vdpf-jddk-syda","summary":"insufficient validation","references":[{"reference_url":"http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html","reference_id":"","reference_type":"","scores":[],"url":"http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19844"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.djangoproject.com/en/dev/releases/security/"},{"reference_url":"https://github.com/advisories/GHSA-vfq6-hq5r-27r6","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-vfq6-hq5r-27r6"},{"reference_url":"https://groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/"},{"reference_url":"https://seclists.org/bugtraq/2020/Jan/9","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2020/Jan/9"},{"reference_url":"https://security.gentoo.org/glsa/202004-17","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202004-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200110-0003/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20200110-0003/"},{"reference_url":"https://usn.ubuntu.com/4224-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4224-1/"},{"reference_url":"https://www.debian.org/security/2020/dsa-4598","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2020/dsa-4598"},{"reference_url":"https://www.djangoproject.com/weblog/2019/dec/18/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2019/dec/18/security-releases/"},{"reference_url":"https://security.archlinux.org/AVG-1080","reference_id":"AVG-1080","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1080"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/14736?format=json","purl":"pkg:pypi/django@1.11.27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5q58-pzt4-8uey"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-m4wa-xv9b-q7ce"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.11.27"},{"url":"http://public2.vulnerablecode.io/api/packages/14737?format=json","purl":"pkg:pypi/django@2.2.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4cp2-k4mn-8ffj"},{"vulnerability":"VCID-51tx-4tp9-kbcz"},{"vulnerability":"VCID-5q58-pzt4-8uey"},{"vulnerability":"VCID-6jpg-yrf8-cufy"},{"vulnerability":"VCID-9end-mq19-rke5"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-attf-6gj8-ebaj"},{"vulnerability":"VCID-drwp-htkk-bkfh"},{"vulnerability":"VCID-fhp8-tck4-mye4"},{"vulnerability":"VCID-fksk-pr23-2yd8"},{"vulnerability":"VCID-hh9b-52xn-z7a9"},{"vulnerability":"VCID-j81e-su1y-tqa6"},{"vulnerability":"VCID-m4wa-xv9b-q7ce"},{"vulnerability":"VCID-n9vn-4uxr-hkau"},{"vulnerability":"VCID-na9w-xkvx-cbhd"},{"vulnerability":"VCID-nss9-1yrb-x7f2"},{"vulnerability":"VCID-q8r2-m9s6-rbek"},{"vulnerability":"VCID-qvfs-2v1h-p3h4"},{"vulnerability":"VCID-u9q1-63gf-7feh"},{"vulnerability":"VCID-z4x1-e7tp-rqhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.9"}],"aliases":["CVE-2019-19844","GHSA-vfq6-hq5r-27r6","PYSEC-2019-16"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vdpf-jddk-syda"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6758?format=json","vulnerability_id":"VCID-8gus-er59-1qak","summary":"multiple issues","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9013","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9013"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9014","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9014"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7233","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7233"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7234","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7234"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OG5ROMUPS6C7BXELD3TAUUH7OBYV56WQ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OG5ROMUPS6C7BXELD3TAUUH7OBYV56WQ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXDKJYHN74BWY3P7AR2UZDVJREQMRE6S/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXDKJYHN74BWY3P7AR2UZDVJREQMRE6S/"},{"reference_url":"https://www.djangoproject.com/weblog/2016/nov/01/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2016/nov/01/security-releases/"},{"reference_url":"http://www.debian.org/security/2017/dsa-3835","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2017/dsa-3835"},{"reference_url":"http://www.securityfocus.com/bid/94068","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94068"},{"reference_url":"http://www.securitytracker.com/id/1037159","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1037159"},{"reference_url":"http://www.ubuntu.com/usn/USN-3115-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-3115-1"},{"reference_url":"https://security.archlinux.org/ASA-201611-15","reference_id":"ASA-201611-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-15"},{"reference_url":"https://security.archlinux.org/AVG-57","reference_id":"AVG-57","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-57"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9457?format=json","purl":"pkg:pypi/django@1.8.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-c58g-7jpv-t7hc"},{"vulnerability":"VCID-rruq-9scz-vbg8"},{"vulnerability":"VCID-upbz-vg19-rugv"},{"vulnerability":"VCID-vdpf-jddk-syda"},{"vulnerability":"VCID-x61x-6b6k-h3bn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.16"},{"url":"http://public2.vulnerablecode.io/api/packages/9458?format=json","purl":"pkg:pypi/django@1.9.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-rruq-9scz-vbg8"},{"vulnerability":"VCID-upbz-vg19-rugv"},{"vulnerability":"VCID-vdpf-jddk-syda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.11"},{"url":"http://public2.vulnerablecode.io/api/packages/9459?format=json","purl":"pkg:pypi/django@1.10.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-hpj4-a9fa-4bca"},{"vulnerability":"VCID-rruq-9scz-vbg8"},{"vulnerability":"VCID-upbz-vg19-rugv"},{"vulnerability":"VCID-vdpf-jddk-syda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.10.3"}],"aliases":["CVE-2016-9014","PYSEC-2016-18"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8gus-er59-1qak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6759?format=json","vulnerability_id":"VCID-qy2a-mvpz-q7eh","summary":"multiple issues","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9013","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9013"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9014","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9014"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7233","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7233"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7234","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7234"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OG5ROMUPS6C7BXELD3TAUUH7OBYV56WQ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OG5ROMUPS6C7BXELD3TAUUH7OBYV56WQ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXDKJYHN74BWY3P7AR2UZDVJREQMRE6S/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXDKJYHN74BWY3P7AR2UZDVJREQMRE6S/"},{"reference_url":"https://www.djangoproject.com/weblog/2016/nov/01/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2016/nov/01/security-releases/"},{"reference_url":"http://www.debian.org/security/2017/dsa-3835","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2017/dsa-3835"},{"reference_url":"http://www.securityfocus.com/bid/94069","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94069"},{"reference_url":"http://www.securitytracker.com/id/1037159","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1037159"},{"reference_url":"http://www.ubuntu.com/usn/USN-3115-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-3115-1"},{"reference_url":"https://security.archlinux.org/ASA-201611-15","reference_id":"ASA-201611-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-15"},{"reference_url":"https://security.archlinux.org/AVG-57","reference_id":"AVG-57","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-57"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9457?format=json","purl":"pkg:pypi/django@1.8.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-c58g-7jpv-t7hc"},{"vulnerability":"VCID-rruq-9scz-vbg8"},{"vulnerability":"VCID-upbz-vg19-rugv"},{"vulnerability":"VCID-vdpf-jddk-syda"},{"vulnerability":"VCID-x61x-6b6k-h3bn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.16"},{"url":"http://public2.vulnerablecode.io/api/packages/9458?format=json","purl":"pkg:pypi/django@1.9.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-rruq-9scz-vbg8"},{"vulnerability":"VCID-upbz-vg19-rugv"},{"vulnerability":"VCID-vdpf-jddk-syda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.11"},{"url":"http://public2.vulnerablecode.io/api/packages/9459?format=json","purl":"pkg:pypi/django@1.10.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-hpj4-a9fa-4bca"},{"vulnerability":"VCID-rruq-9scz-vbg8"},{"vulnerability":"VCID-upbz-vg19-rugv"},{"vulnerability":"VCID-vdpf-jddk-syda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.10.3"}],"aliases":["CVE-2016-9013","PYSEC-2016-17"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qy2a-mvpz-q7eh"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.10.3"}