VYPR

rpm package

opensuse/python-Django&distro=openSUSE Leap 16.0

pkg:rpm/opensuse/python-Django&distro=openSUSE%20Leap%2016.0

Vulnerabilities (22)

  • CVE-2025-59682Oct 1, 2025
    affected < 5.2.4-bp160.3.1fixed 5.2.4-bp160.3.1

    An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. The django.utils.archive.extract() function, used by the "startapp --template" and "startproject --template" commands, allows partial directory traversal via an archive with file paths s

  • CVE-2025-59681Oct 1, 2025
    affected < 5.2.4-bp160.3.1fixed 5.2.4-bp160.3.1

    An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate(), and QuerySet.extra() are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionar

Page 2 of 2