Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-m4am-h2ea-3ffr
Summary
An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14.
ASGI requests with a missing or understated `Content-Length` header can bypass the `FILE_UPLOAD_MAX_MEMORY_SIZE` limit, potentially loading large files into memory and causing service degradation.
 
As a reminder, Django expects a limit to be configured at the web server level rather than solely relying on `FILE_UPLOAD_MAX_MEMORY_SIZE`.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Kyle Agronick for reporting this issue.
Aliases
0
alias CVE-2026-5766
1
alias PYSEC-2026-54
Fixed_packages
0
url pkg:pypi/django@5.2.14
purl pkg:pypi/django@5.2.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.14
1
url pkg:pypi/django@6.0.5
purl pkg:pypi/django@6.0.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.5
Affected_packages
0
url pkg:pypi/django@5.2
purl pkg:pypi/django@5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-5xtt-au84-zbb2
2
vulnerability VCID-7c5n-nzwk-v7bz
3
vulnerability VCID-7upw-5p86-8bfr
4
vulnerability VCID-9kvc-1bdz-n3bd
5
vulnerability VCID-abpe-htm1-9ubp
6
vulnerability VCID-bb8b-hq41-s7a6
7
vulnerability VCID-eqsc-axng-ckca
8
vulnerability VCID-fcg9-xypn-ykhf
9
vulnerability VCID-ga69-9y5g-77c3
10
vulnerability VCID-ga7z-wj4j-63h1
11
vulnerability VCID-jybd-p65h-xffy
12
vulnerability VCID-kxdd-yzp3-r7cb
13
vulnerability VCID-m4am-h2ea-3ffr
14
vulnerability VCID-n2v7-jqjy-37bc
15
vulnerability VCID-phkp-9abp-f3dq
16
vulnerability VCID-r1vx-vv7d-gqaj
17
vulnerability VCID-shch-yusm-1uck
18
vulnerability VCID-shjc-2j68-2yfy
19
vulnerability VCID-tktt-vg92-6kae
20
vulnerability VCID-tuqc-c251-h7ds
21
vulnerability VCID-w777-44ns-cybg
22
vulnerability VCID-wa3g-27sx-mbcw
23
vulnerability VCID-whgc-pt2s-77ar
24
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2
1
url pkg:pypi/django@5.2.1
purl pkg:pypi/django@5.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-5xtt-au84-zbb2
2
vulnerability VCID-7c5n-nzwk-v7bz
3
vulnerability VCID-abpe-htm1-9ubp
4
vulnerability VCID-bb8b-hq41-s7a6
5
vulnerability VCID-eqsc-axng-ckca
6
vulnerability VCID-fcg9-xypn-ykhf
7
vulnerability VCID-ga69-9y5g-77c3
8
vulnerability VCID-ga7z-wj4j-63h1
9
vulnerability VCID-jybd-p65h-xffy
10
vulnerability VCID-kxdd-yzp3-r7cb
11
vulnerability VCID-m4am-h2ea-3ffr
12
vulnerability VCID-phkp-9abp-f3dq
13
vulnerability VCID-r1vx-vv7d-gqaj
14
vulnerability VCID-shch-yusm-1uck
15
vulnerability VCID-shjc-2j68-2yfy
16
vulnerability VCID-tktt-vg92-6kae
17
vulnerability VCID-tuqc-c251-h7ds
18
vulnerability VCID-wa3g-27sx-mbcw
19
vulnerability VCID-whgc-pt2s-77ar
20
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.1
2
url pkg:pypi/django@5.2.2
purl pkg:pypi/django@5.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-5xtt-au84-zbb2
2
vulnerability VCID-7c5n-nzwk-v7bz
3
vulnerability VCID-abpe-htm1-9ubp
4
vulnerability VCID-eqsc-axng-ckca
5
vulnerability VCID-fcg9-xypn-ykhf
6
vulnerability VCID-ga69-9y5g-77c3
7
vulnerability VCID-ga7z-wj4j-63h1
8
vulnerability VCID-jybd-p65h-xffy
9
vulnerability VCID-kxdd-yzp3-r7cb
10
vulnerability VCID-m4am-h2ea-3ffr
11
vulnerability VCID-phkp-9abp-f3dq
12
vulnerability VCID-r1vx-vv7d-gqaj
13
vulnerability VCID-shch-yusm-1uck
14
vulnerability VCID-shjc-2j68-2yfy
15
vulnerability VCID-tktt-vg92-6kae
16
vulnerability VCID-tuqc-c251-h7ds
17
vulnerability VCID-wa3g-27sx-mbcw
18
vulnerability VCID-whgc-pt2s-77ar
19
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.2
3
url pkg:pypi/django@5.2.3
purl pkg:pypi/django@5.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-5xtt-au84-zbb2
2
vulnerability VCID-7c5n-nzwk-v7bz
3
vulnerability VCID-abpe-htm1-9ubp
4
vulnerability VCID-eqsc-axng-ckca
5
vulnerability VCID-fcg9-xypn-ykhf
6
vulnerability VCID-ga69-9y5g-77c3
7
vulnerability VCID-ga7z-wj4j-63h1
8
vulnerability VCID-jybd-p65h-xffy
9
vulnerability VCID-kxdd-yzp3-r7cb
10
vulnerability VCID-m4am-h2ea-3ffr
11
vulnerability VCID-phkp-9abp-f3dq
12
vulnerability VCID-r1vx-vv7d-gqaj
13
vulnerability VCID-shch-yusm-1uck
14
vulnerability VCID-shjc-2j68-2yfy
15
vulnerability VCID-tktt-vg92-6kae
16
vulnerability VCID-tuqc-c251-h7ds
17
vulnerability VCID-wa3g-27sx-mbcw
18
vulnerability VCID-whgc-pt2s-77ar
19
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.3
4
url pkg:pypi/django@5.2.4
purl pkg:pypi/django@5.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-5xtt-au84-zbb2
2
vulnerability VCID-7c5n-nzwk-v7bz
3
vulnerability VCID-abpe-htm1-9ubp
4
vulnerability VCID-eqsc-axng-ckca
5
vulnerability VCID-fcg9-xypn-ykhf
6
vulnerability VCID-ga69-9y5g-77c3
7
vulnerability VCID-ga7z-wj4j-63h1
8
vulnerability VCID-jybd-p65h-xffy
9
vulnerability VCID-kxdd-yzp3-r7cb
10
vulnerability VCID-m4am-h2ea-3ffr
11
vulnerability VCID-phkp-9abp-f3dq
12
vulnerability VCID-r1vx-vv7d-gqaj
13
vulnerability VCID-shch-yusm-1uck
14
vulnerability VCID-shjc-2j68-2yfy
15
vulnerability VCID-tktt-vg92-6kae
16
vulnerability VCID-tuqc-c251-h7ds
17
vulnerability VCID-wa3g-27sx-mbcw
18
vulnerability VCID-whgc-pt2s-77ar
19
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.4
5
url pkg:pypi/django@5.2.5
purl pkg:pypi/django@5.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-5xtt-au84-zbb2
2
vulnerability VCID-7c5n-nzwk-v7bz
3
vulnerability VCID-abpe-htm1-9ubp
4
vulnerability VCID-eqsc-axng-ckca
5
vulnerability VCID-fcg9-xypn-ykhf
6
vulnerability VCID-ga69-9y5g-77c3
7
vulnerability VCID-ga7z-wj4j-63h1
8
vulnerability VCID-jybd-p65h-xffy
9
vulnerability VCID-kxdd-yzp3-r7cb
10
vulnerability VCID-m4am-h2ea-3ffr
11
vulnerability VCID-phkp-9abp-f3dq
12
vulnerability VCID-r1vx-vv7d-gqaj
13
vulnerability VCID-shch-yusm-1uck
14
vulnerability VCID-shjc-2j68-2yfy
15
vulnerability VCID-tktt-vg92-6kae
16
vulnerability VCID-tuqc-c251-h7ds
17
vulnerability VCID-wa3g-27sx-mbcw
18
vulnerability VCID-whgc-pt2s-77ar
19
vulnerability VCID-ynt9-h6ww-h7e9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.5
6
url pkg:pypi/django@5.2.6
purl pkg:pypi/django@5.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-5xtt-au84-zbb2
2
vulnerability VCID-7c5n-nzwk-v7bz
3
vulnerability VCID-abpe-htm1-9ubp
4
vulnerability VCID-eqsc-axng-ckca
5
vulnerability VCID-fcg9-xypn-ykhf
6
vulnerability VCID-ga69-9y5g-77c3
7
vulnerability VCID-ga7z-wj4j-63h1
8
vulnerability VCID-jybd-p65h-xffy
9
vulnerability VCID-kxdd-yzp3-r7cb
10
vulnerability VCID-m4am-h2ea-3ffr
11
vulnerability VCID-phkp-9abp-f3dq
12
vulnerability VCID-r1vx-vv7d-gqaj
13
vulnerability VCID-shch-yusm-1uck
14
vulnerability VCID-shjc-2j68-2yfy
15
vulnerability VCID-tktt-vg92-6kae
16
vulnerability VCID-tuqc-c251-h7ds
17
vulnerability VCID-wa3g-27sx-mbcw
18
vulnerability VCID-whgc-pt2s-77ar
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.6
7
url pkg:pypi/django@5.2.7
purl pkg:pypi/django@5.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-7c5n-nzwk-v7bz
2
vulnerability VCID-abpe-htm1-9ubp
3
vulnerability VCID-eqsc-axng-ckca
4
vulnerability VCID-fcg9-xypn-ykhf
5
vulnerability VCID-ga69-9y5g-77c3
6
vulnerability VCID-ga7z-wj4j-63h1
7
vulnerability VCID-jybd-p65h-xffy
8
vulnerability VCID-kxdd-yzp3-r7cb
9
vulnerability VCID-m4am-h2ea-3ffr
10
vulnerability VCID-phkp-9abp-f3dq
11
vulnerability VCID-r1vx-vv7d-gqaj
12
vulnerability VCID-shch-yusm-1uck
13
vulnerability VCID-shjc-2j68-2yfy
14
vulnerability VCID-tktt-vg92-6kae
15
vulnerability VCID-tuqc-c251-h7ds
16
vulnerability VCID-wa3g-27sx-mbcw
17
vulnerability VCID-whgc-pt2s-77ar
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.7
8
url pkg:pypi/django@5.2.8
purl pkg:pypi/django@5.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-7c5n-nzwk-v7bz
2
vulnerability VCID-abpe-htm1-9ubp
3
vulnerability VCID-eqsc-axng-ckca
4
vulnerability VCID-fcg9-xypn-ykhf
5
vulnerability VCID-ga7z-wj4j-63h1
6
vulnerability VCID-jybd-p65h-xffy
7
vulnerability VCID-kxdd-yzp3-r7cb
8
vulnerability VCID-m4am-h2ea-3ffr
9
vulnerability VCID-phkp-9abp-f3dq
10
vulnerability VCID-r1vx-vv7d-gqaj
11
vulnerability VCID-shch-yusm-1uck
12
vulnerability VCID-shjc-2j68-2yfy
13
vulnerability VCID-tktt-vg92-6kae
14
vulnerability VCID-tuqc-c251-h7ds
15
vulnerability VCID-wa3g-27sx-mbcw
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.8
9
url pkg:pypi/django@5.2.9
purl pkg:pypi/django@5.2.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-abpe-htm1-9ubp
2
vulnerability VCID-eqsc-axng-ckca
3
vulnerability VCID-ga7z-wj4j-63h1
4
vulnerability VCID-jybd-p65h-xffy
5
vulnerability VCID-kxdd-yzp3-r7cb
6
vulnerability VCID-m4am-h2ea-3ffr
7
vulnerability VCID-phkp-9abp-f3dq
8
vulnerability VCID-r1vx-vv7d-gqaj
9
vulnerability VCID-shch-yusm-1uck
10
vulnerability VCID-shjc-2j68-2yfy
11
vulnerability VCID-tktt-vg92-6kae
12
vulnerability VCID-tuqc-c251-h7ds
13
vulnerability VCID-wa3g-27sx-mbcw
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.9
10
url pkg:pypi/django@5.2.10
purl pkg:pypi/django@5.2.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-abpe-htm1-9ubp
2
vulnerability VCID-eqsc-axng-ckca
3
vulnerability VCID-ga7z-wj4j-63h1
4
vulnerability VCID-jybd-p65h-xffy
5
vulnerability VCID-kxdd-yzp3-r7cb
6
vulnerability VCID-m4am-h2ea-3ffr
7
vulnerability VCID-phkp-9abp-f3dq
8
vulnerability VCID-r1vx-vv7d-gqaj
9
vulnerability VCID-shch-yusm-1uck
10
vulnerability VCID-shjc-2j68-2yfy
11
vulnerability VCID-tktt-vg92-6kae
12
vulnerability VCID-tuqc-c251-h7ds
13
vulnerability VCID-wa3g-27sx-mbcw
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.10
11
url pkg:pypi/django@5.2.11
purl pkg:pypi/django@5.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-ga7z-wj4j-63h1
3
vulnerability VCID-kxdd-yzp3-r7cb
4
vulnerability VCID-m4am-h2ea-3ffr
5
vulnerability VCID-phkp-9abp-f3dq
6
vulnerability VCID-tktt-vg92-6kae
7
vulnerability VCID-tuqc-c251-h7ds
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.11
12
url pkg:pypi/django@5.2.12
purl pkg:pypi/django@5.2.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-ga7z-wj4j-63h1
3
vulnerability VCID-kxdd-yzp3-r7cb
4
vulnerability VCID-m4am-h2ea-3ffr
5
vulnerability VCID-phkp-9abp-f3dq
6
vulnerability VCID-tktt-vg92-6kae
7
vulnerability VCID-tuqc-c251-h7ds
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.12
13
url pkg:pypi/django@5.2.13
purl pkg:pypi/django@5.2.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-m4am-h2ea-3ffr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@5.2.13
14
url pkg:pypi/django@6.0
purl pkg:pypi/django@6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-7upw-5p86-8bfr
2
vulnerability VCID-abpe-htm1-9ubp
3
vulnerability VCID-eqsc-axng-ckca
4
vulnerability VCID-ga7z-wj4j-63h1
5
vulnerability VCID-jybd-p65h-xffy
6
vulnerability VCID-kxdd-yzp3-r7cb
7
vulnerability VCID-m4am-h2ea-3ffr
8
vulnerability VCID-phkp-9abp-f3dq
9
vulnerability VCID-r1vx-vv7d-gqaj
10
vulnerability VCID-shch-yusm-1uck
11
vulnerability VCID-shjc-2j68-2yfy
12
vulnerability VCID-tktt-vg92-6kae
13
vulnerability VCID-tuqc-c251-h7ds
14
vulnerability VCID-w777-44ns-cybg
15
vulnerability VCID-wa3g-27sx-mbcw
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0
15
url pkg:pypi/django@6.0.1
purl pkg:pypi/django@6.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kcg-gx5y-cuaw
1
vulnerability VCID-abpe-htm1-9ubp
2
vulnerability VCID-eqsc-axng-ckca
3
vulnerability VCID-ga7z-wj4j-63h1
4
vulnerability VCID-jybd-p65h-xffy
5
vulnerability VCID-kxdd-yzp3-r7cb
6
vulnerability VCID-m4am-h2ea-3ffr
7
vulnerability VCID-phkp-9abp-f3dq
8
vulnerability VCID-r1vx-vv7d-gqaj
9
vulnerability VCID-shch-yusm-1uck
10
vulnerability VCID-shjc-2j68-2yfy
11
vulnerability VCID-tktt-vg92-6kae
12
vulnerability VCID-tuqc-c251-h7ds
13
vulnerability VCID-wa3g-27sx-mbcw
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.1
16
url pkg:pypi/django@6.0.2
purl pkg:pypi/django@6.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-ga7z-wj4j-63h1
3
vulnerability VCID-kxdd-yzp3-r7cb
4
vulnerability VCID-m4am-h2ea-3ffr
5
vulnerability VCID-phkp-9abp-f3dq
6
vulnerability VCID-tktt-vg92-6kae
7
vulnerability VCID-tuqc-c251-h7ds
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.2
17
url pkg:pypi/django@6.0.3
purl pkg:pypi/django@6.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-ga7z-wj4j-63h1
3
vulnerability VCID-kxdd-yzp3-r7cb
4
vulnerability VCID-m4am-h2ea-3ffr
5
vulnerability VCID-phkp-9abp-f3dq
6
vulnerability VCID-tktt-vg92-6kae
7
vulnerability VCID-tuqc-c251-h7ds
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.3
18
url pkg:pypi/django@6.0.4
purl pkg:pypi/django@6.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abpe-htm1-9ubp
1
vulnerability VCID-eqsc-axng-ckca
2
vulnerability VCID-m4am-h2ea-3ffr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@6.0.4
References
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://groups.google.com/g/django-announce
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
url https://groups.google.com/g/django-announce
2
reference_url https://www.djangoproject.com/weblog/2026/may/05/security-releases/
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
url https://www.djangoproject.com/weblog/2026/may/05/security-releases/
Weaknesses
Exploits
Severity_range_score6.3 - 6.3
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-m4am-h2ea-3ffr