Search for packages
Package details: pkg:pypi/django@5.1.8
purl pkg:pypi/django@5.1.8
Next non-vulnerable version 5.1.10
Latest non-vulnerable version 5.2.2
Risk 3.4
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-6eh4-7hcj-duft
Aliases:
BIT-django-2025-32873
CVE-2025-32873
GHSA-8j24-cjrq-gr2m
PYSEC-2025-37
An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags().
5.1.9
Affected by 1 other vulnerability.
5.2.1
Affected by 1 other vulnerability.
VCID-zdny-8vuh-9ycv
Aliases:
CVE-2025-48432
GHSA-7xr5-9hcq-chf9
PYSEC-2025-47
An issue was discovered in Django 5.2 before 5.2.2, 5.1 before 5.1.10, and 4.2 before 4.2.22. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.
5.1.10
Affected by 0 other vulnerabilities.
5.2.2
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-dpmr-57g2-aqhv django: Django DoS Unicode Attack CVE-2025-27556
GHSA-wqfg-m96j-85vm
PYSEC-2025-14

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-20T19:34:33.974174+00:00 PyPI Importer Affected by VCID-6eh4-7hcj-duft https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 36.1.3
2025-06-20T17:21:13.881807+00:00 GitLab Importer Affected by VCID-6eh4-7hcj-duft https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2025-32873.yml 36.1.3
2025-06-08T23:53:14.193564+00:00 GitLab Importer Affected by VCID-6eh4-7hcj-duft https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2025-32873.yml 36.1.0
2025-06-05T14:51:44.559999+00:00 PyPI Importer Affected by VCID-zdny-8vuh-9ycv https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 36.1.0
2025-06-05T11:19:58.544157+00:00 Pypa Importer Affected by VCID-zdny-8vuh-9ycv https://github.com/pypa/advisory-database/blob/main/vulns/django/PYSEC-2025-47.yaml 36.1.0
2025-05-08T09:02:04.908569+00:00 PyPI Importer Affected by VCID-6eh4-7hcj-duft https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 36.0.0
2025-05-08T09:00:57.547969+00:00 Pypa Importer Affected by VCID-6eh4-7hcj-duft https://github.com/pypa/advisory-database/blob/main/vulns/django/PYSEC-2025-37.yaml 36.0.0
2025-05-02T21:35:32.268322+00:00 GitLab Importer Fixing VCID-dpmr-57g2-aqhv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2025-27556.yml 36.0.0
2025-04-09T21:48:01.965168+00:00 PyPI Importer Fixing VCID-dpmr-57g2-aqhv https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 36.0.0
2025-04-09T21:46:45.940336+00:00 Pypa Importer Fixing VCID-dpmr-57g2-aqhv https://github.com/pypa/advisory-database/blob/main/vulns/django/PYSEC-2025-14.yaml 36.0.0
2025-04-04T11:31:03.187417+00:00 GithubOSV Importer Fixing VCID-dpmr-57g2-aqhv https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-wqfg-m96j-85vm/GHSA-wqfg-m96j-85vm.json 36.0.0
2025-04-03T16:37:04.107592+00:00 GHSA Importer Fixing VCID-dpmr-57g2-aqhv https://github.com/advisories/GHSA-wqfg-m96j-85vm 36.0.0