Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/python3.11-django@4.2.26-1?arch=el9ap
Typerpm
Namespaceredhat
Namepython3.11-django
Version4.2.26-1
Qualifiers
arch el9ap
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-7bhx-hdfm-rudm
vulnerability_id VCID-7bhx-hdfm-rudm
summary event-driven-ansible: Event Stream Test Mode Exposes Sensitive Headers in AAP EDA
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9907.json
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9907.json
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2392834
reference_id 2392834
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2392834
2
reference_url https://access.redhat.com/errata/RHSA-2025:19201
reference_id RHSA-2025:19201
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19201
3
reference_url https://access.redhat.com/errata/RHSA-2025:19221
reference_id RHSA-2025:19221
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19221
4
reference_url https://access.redhat.com/errata/RHSA-2025:23069
reference_id RHSA-2025:23069
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23069
5
reference_url https://access.redhat.com/errata/RHSA-2025:23131
reference_id RHSA-2025:23131
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23131
fixed_packages
aliases CVE-2025-9907
risk_score 3.0
exploitability 0.5
weighted_severity 6.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7bhx-hdfm-rudm
1
url VCID-axy8-kmka-pugw
vulnerability_id VCID-axy8-kmka-pugw
summary 
Axios is vulnerable to DoS attack through lack of data size check
When Axios runs on Node.js and is given a URL with the `data:` scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory (`Buffer`/`Blob`) and returns a synthetic 200 response.
This path ignores `maxContentLength` / `maxBodyLength` (which only protect HTTP responses), so an attacker can supply a very large `data:` URI and cause the process to allocate unbounded memory and crash (DoS), even if the caller requested `responseType: 'stream'`.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58754.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58754.json
1
reference_url https://github.com/axios/axios
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios
2
reference_url https://github.com/axios/axios/commit/945435fc51467303768202250debb8d4ae892593
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/commit/945435fc51467303768202250debb8d4ae892593
3
reference_url https://github.com/axios/axios/commit/a1b1d3f073a988601583a604f5f9f5d05a3d0b67
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/commit/a1b1d3f073a988601583a604f5f9f5d05a3d0b67
4
reference_url https://github.com/axios/axios/commit/c30252f685e8f4326722de84923fcbc8cf557f06
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/commit/c30252f685e8f4326722de84923fcbc8cf557f06
5
reference_url https://github.com/axios/axios/pull/7011
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/pull/7011
6
reference_url https://github.com/axios/axios/pull/7034
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/pull/7034
7
reference_url https://github.com/axios/axios/releases/tag/v0.30.2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/releases/tag/v0.30.2
8
reference_url https://github.com/axios/axios/releases/tag/v1.12.0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/releases/tag/v1.12.0
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1114963
reference_id 1114963
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1114963
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2394735
reference_id 2394735
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2394735
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-58754
reference_id CVE-2025-58754
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-58754
12
reference_url https://github.com/advisories/GHSA-4hjh-wcwx-xvwj
reference_id GHSA-4hjh-wcwx-xvwj
reference_type
scores
url https://github.com/advisories/GHSA-4hjh-wcwx-xvwj
13
reference_url https://github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj
reference_id GHSA-4hjh-wcwx-xvwj
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj
14
reference_url https://access.redhat.com/errata/RHSA-2025:16747
reference_id RHSA-2025:16747
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:16747
15
reference_url https://access.redhat.com/errata/RHSA-2025:18252
reference_id RHSA-2025:18252
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:18252
16
reference_url https://access.redhat.com/errata/RHSA-2025:19221
reference_id RHSA-2025:19221
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19221
17
reference_url https://access.redhat.com/errata/RHSA-2025:19335
reference_id RHSA-2025:19335
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19335
18
reference_url https://access.redhat.com/errata/RHSA-2025:19375
reference_id RHSA-2025:19375
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19375
19
reference_url https://access.redhat.com/errata/RHSA-2025:19529
reference_id RHSA-2025:19529
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19529
20
reference_url https://access.redhat.com/errata/RHSA-2025:19804
reference_id RHSA-2025:19804
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19804
21
reference_url https://access.redhat.com/errata/RHSA-2025:19961
reference_id RHSA-2025:19961
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19961
22
reference_url https://access.redhat.com/errata/RHSA-2025:22684
reference_id RHSA-2025:22684
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:22684
23
reference_url https://access.redhat.com/errata/RHSA-2025:22759
reference_id RHSA-2025:22759
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:22759
24
reference_url https://access.redhat.com/errata/RHSA-2025:23069
reference_id RHSA-2025:23069
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23069
25
reference_url https://access.redhat.com/errata/RHSA-2025:23131
reference_id RHSA-2025:23131
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23131
26
reference_url https://access.redhat.com/errata/RHSA-2025:23546
reference_id RHSA-2025:23546
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23546
27
reference_url https://access.redhat.com/errata/RHSA-2026:0627
reference_id RHSA-2026:0627
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0627
28
reference_url https://access.redhat.com/errata/RHSA-2026:0718
reference_id RHSA-2026:0718
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0718
29
reference_url https://access.redhat.com/errata/RHSA-2026:1018
reference_id RHSA-2026:1018
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1018
30
reference_url https://access.redhat.com/errata/RHSA-2026:1942
reference_id RHSA-2026:1942
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1942
31
reference_url https://access.redhat.com/errata/RHSA-2026:4215
reference_id RHSA-2026:4215
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4215
32
reference_url https://access.redhat.com/errata/RHSA-2026:6226
reference_id RHSA-2026:6226
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6226
fixed_packages
aliases CVE-2025-58754, GHSA-4hjh-wcwx-xvwj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-axy8-kmka-pugw
2
url VCID-ce2x-fyuu-tqhk
vulnerability_id VCID-ce2x-fyuu-tqhk
summary aap-gateway: Improper Path Validation in Gateway Allows Credential Exfiltration
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9909.json
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9909.json
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2392836
reference_id 2392836
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2392836
2
reference_url https://access.redhat.com/errata/RHSA-2025:21768
reference_id RHSA-2025:21768
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:21768
3
reference_url https://access.redhat.com/errata/RHSA-2025:21775
reference_id RHSA-2025:21775
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:21775
4
reference_url https://access.redhat.com/errata/RHSA-2025:23069
reference_id RHSA-2025:23069
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23069
5
reference_url https://access.redhat.com/errata/RHSA-2025:23131
reference_id RHSA-2025:23131
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23131
fixed_packages
aliases CVE-2025-9909
risk_score 3.0
exploitability 0.5
weighted_severity 6.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ce2x-fyuu-tqhk
3
url VCID-cwjz-fga9-tubz
vulnerability_id VCID-cwjz-fga9-tubz
summary quic-go is an implementation of the QUIC protocol in Go. In versions prior to 0.49.0, 0.54.1, and 0.55.0, a misbehaving or malicious server can cause a denial-of-service (DoS) attack on the quic-go client by triggering an assertion failure, leading to a process crash. This requires no authentication and can be exploited during the handshake phase. This was observed in the wild with certain server implementations. quic-go needs to be able to handle misbehaving server implementations, including those that prematurely send a HANDSHAKE_DONE frame. Versions 0.49.0, 0.54.1, and 0.55.0 discard Initial keys when receiving a HANDSHAKE_DONE frame, thereby correctly handling premature HANDSHAKE_DONE frames.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59530.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59530.json
1
reference_url https://github.com/quic-go/quic-go
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/quic-go/quic-go
2
reference_url https://github.com/quic-go/quic-go/blob/v0.55.0/connection.go#L2682-L2685
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/quic-go/quic-go/blob/v0.55.0/connection.go#L2682-L2685
3
reference_url https://github.com/quic-go/quic-go/commit/bc5bccf10fd02728eef150683eb4dfaa5c0e749c
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/quic-go/quic-go/commit/bc5bccf10fd02728eef150683eb4dfaa5c0e749c
4
reference_url https://github.com/quic-go/quic-go/commit/ce7c9ea8834b9d2ed79efa9269467f02c0895d42
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/quic-go/quic-go/commit/ce7c9ea8834b9d2ed79efa9269467f02c0895d42
5
reference_url https://github.com/quic-go/quic-go/pull/5354
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/quic-go/quic-go/pull/5354
6
reference_url https://github.com/quic-go/quic-go/security/advisories/GHSA-47m2-4cr7-mhcw
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/quic-go/quic-go/security/advisories/GHSA-47m2-4cr7-mhcw
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-59530
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-59530
8
reference_url https://pkg.go.dev/vuln/GO-2025-4017
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://pkg.go.dev/vuln/GO-2025-4017
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2403125
reference_id 2403125
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2403125
10
reference_url https://access.redhat.com/errata/RHSA-2025:21706
reference_id RHSA-2025:21706
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:21706
11
reference_url https://access.redhat.com/errata/RHSA-2025:21768
reference_id RHSA-2025:21768
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:21768
12
reference_url https://access.redhat.com/errata/RHSA-2025:21775
reference_id RHSA-2025:21775
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:21775
13
reference_url https://access.redhat.com/errata/RHSA-2025:21892
reference_id RHSA-2025:21892
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:21892
14
reference_url https://access.redhat.com/errata/RHSA-2025:22784
reference_id RHSA-2025:22784
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:22784
15
reference_url https://access.redhat.com/errata/RHSA-2025:23069
reference_id RHSA-2025:23069
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23069
16
reference_url https://access.redhat.com/errata/RHSA-2025:23131
reference_id RHSA-2025:23131
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23131
fixed_packages
aliases CVE-2025-59530, GHSA-47m2-4cr7-mhcw
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cwjz-fga9-tubz
4
url VCID-kbwv-w739-eqes
vulnerability_id VCID-kbwv-w739-eqes
summary event-driven-ansible: Sensitive Internal Headers Disclosure in AAP EDA Event Streams
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9908.json
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9908.json
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2392835
reference_id 2392835
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2392835
2
reference_url https://access.redhat.com/errata/RHSA-2025:19201
reference_id RHSA-2025:19201
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19201
3
reference_url https://access.redhat.com/errata/RHSA-2025:19221
reference_id RHSA-2025:19221
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19221
4
reference_url https://access.redhat.com/errata/RHSA-2025:23069
reference_id RHSA-2025:23069
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23069
5
reference_url https://access.redhat.com/errata/RHSA-2025:23131
reference_id RHSA-2025:23131
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23131
fixed_packages
aliases CVE-2025-9908
risk_score 3.0
exploitability 0.5
weighted_severity 6.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kbwv-w739-eqes
5
url VCID-whgc-pt2s-77ar
vulnerability_id VCID-whgc-pt2s-77ar
summary 
An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.
The methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank cyberstan for reporting this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64459.json
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64459.json
1
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
2
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://docs.djangoproject.com/en/dev/releases/security/
3
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
4
reference_url https://github.com/django/django/commit/06dd38324ac3d60d83d9f3adabf0dcdf423d2a85
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/06dd38324ac3d60d83d9f3adabf0dcdf423d2a85
5
reference_url https://github.com/django/django/commit/59ae82e67053d281ff4562a24bbba21299f0a7d4
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/59ae82e67053d281ff4562a24bbba21299f0a7d4
6
reference_url https://github.com/django/django/commit/6703f364d767e949c5b0e4016433ef75063b4f9b
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/6703f364d767e949c5b0e4016433ef75063b4f9b
7
reference_url https://github.com/django/django/commit/72d2c87431f2ae0431d65d0ec792047f078c8241
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/72d2c87431f2ae0431d65d0ec792047f078c8241
8
reference_url https://github.com/omarkurt/django-connector-CVE-2025-64459-testbed
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/omarkurt/django-connector-CVE-2025-64459-testbed
9
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/django-announce
10
reference_url https://shivasurya.me/security/django/2025/11/07/django-sql-injection-CVE-2025-64459.html
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://shivasurya.me/security/django/2025/11/07/django-sql-injection-CVE-2025-64459.html
11
reference_url https://www.djangoproject.com/weblog/2025/nov/05/security-releases
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2025/nov/05/security-releases
12
reference_url https://www.djangoproject.com/weblog/2025/nov/05/security-releases/
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://www.djangoproject.com/weblog/2025/nov/05/security-releases/
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120139
reference_id 1120139
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120139
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2412651
reference_id 2412651
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2412651
15
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52456.py
reference_id CVE-2025-64459
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52456.py
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-64459
reference_id CVE-2025-64459
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-64459
17
reference_url https://github.com/advisories/GHSA-frmv-pr5f-9mcr
reference_id GHSA-frmv-pr5f-9mcr
reference_type
scores
url https://github.com/advisories/GHSA-frmv-pr5f-9mcr
18
reference_url https://access.redhat.com/errata/RHSA-2025:23069
reference_id RHSA-2025:23069
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23069
19
reference_url https://access.redhat.com/errata/RHSA-2025:23070
reference_id RHSA-2025:23070
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23070
20
reference_url https://access.redhat.com/errata/RHSA-2025:23130
reference_id RHSA-2025:23130
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23130
21
reference_url https://access.redhat.com/errata/RHSA-2025:23131
reference_id RHSA-2025:23131
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23131
22
reference_url https://access.redhat.com/errata/RHSA-2025:23133
reference_id RHSA-2025:23133
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23133
23
reference_url https://access.redhat.com/errata/RHSA-2025:23196
reference_id RHSA-2025:23196
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23196
24
reference_url https://access.redhat.com/errata/RHSA-2026:1596
reference_id RHSA-2026:1596
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1596
fixed_packages
aliases BIT-django-2025-64459, CVE-2025-64459, GHSA-frmv-pr5f-9mcr, PYSEC-2025-108
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-whgc-pt2s-77ar
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-django@4.2.26-1%3Farch=el9ap