Search for packages
Package details: pkg:pypi/django@4.2.20
purl pkg:pypi/django@4.2.20
Next non-vulnerable version 4.2.22
Latest non-vulnerable version 5.2.2
Risk 3.4
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-6eh4-7hcj-duft
Aliases:
BIT-django-2025-32873
CVE-2025-32873
GHSA-8j24-cjrq-gr2m
PYSEC-2025-37
An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags().
4.2.21
Affected by 1 other vulnerability.
5.1.9
Affected by 1 other vulnerability.
5.2.1
Affected by 1 other vulnerability.
VCID-zdny-8vuh-9ycv
Aliases:
CVE-2025-48432
GHSA-7xr5-9hcq-chf9
PYSEC-2025-47
An issue was discovered in Django 5.2 before 5.2.2, 5.1 before 5.1.10, and 4.2 before 4.2.22. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.
4.2.22
Affected by 0 other vulnerabilities.
5.1.10
Affected by 0 other vulnerabilities.
5.2.2
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-4c4n-p117-sqcv django: Potential denial-of-service vulnerability in django.utils.text.wrap() BIT-django-2025-26699
CVE-2025-26699
GHSA-p3fp-8748-vqfq
PYSEC-2025-13

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-20T19:34:33.956748+00:00 PyPI Importer Affected by VCID-6eh4-7hcj-duft https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 36.1.3
2025-06-20T17:21:13.853242+00:00 GitLab Importer Affected by VCID-6eh4-7hcj-duft https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2025-32873.yml 36.1.3
2025-06-08T23:53:14.167821+00:00 GitLab Importer Affected by VCID-6eh4-7hcj-duft https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2025-32873.yml 36.1.0
2025-06-05T14:51:44.537145+00:00 PyPI Importer Affected by VCID-zdny-8vuh-9ycv https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 36.1.0
2025-06-05T11:19:58.526128+00:00 Pypa Importer Affected by VCID-zdny-8vuh-9ycv https://github.com/pypa/advisory-database/blob/main/vulns/django/PYSEC-2025-47.yaml 36.1.0
2025-05-08T09:02:04.863564+00:00 PyPI Importer Affected by VCID-6eh4-7hcj-duft https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 36.0.0
2025-05-08T09:00:57.499143+00:00 Pypa Importer Affected by VCID-6eh4-7hcj-duft https://github.com/pypa/advisory-database/blob/main/vulns/django/PYSEC-2025-37.yaml 36.0.0
2025-04-09T21:48:00.693584+00:00 PyPI Importer Fixing VCID-4c4n-p117-sqcv https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 36.0.0
2025-04-09T21:46:44.528010+00:00 Pypa Importer Fixing VCID-4c4n-p117-sqcv https://github.com/pypa/advisory-database/blob/main/vulns/django/PYSEC-2025-13.yaml 36.0.0
2025-04-05T17:42:36.568846+00:00 GitLab Importer Fixing VCID-4c4n-p117-sqcv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2025-26699.yml 36.0.0
2025-04-04T11:31:47.586080+00:00 GithubOSV Importer Fixing VCID-4c4n-p117-sqcv https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-p3fp-8748-vqfq/GHSA-p3fp-8748-vqfq.json 36.0.0
2025-03-28T20:13:11.668034+00:00 GHSA Importer Fixing VCID-4c4n-p117-sqcv https://github.com/advisories/GHSA-p3fp-8748-vqfq 36.0.0