rpm package
opensuse/python-Django&distro=openSUSE Leap 16.0
pkg:rpm/opensuse/python-Django&distro=openSUSE%20Leap%2016.0
Vulnerabilities (22)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-59682 | — | < 5.2.4-bp160.3.1 | 5.2.4-bp160.3.1 | Oct 1, 2025 | An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. The django.utils.archive.extract() function, used by the "startapp --template" and "startproject --template" commands, allows partial directory traversal via an archive with file paths s | ||
| CVE-2025-59681 | — | < 5.2.4-bp160.3.1 | 5.2.4-bp160.3.1 | Oct 1, 2025 | An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate(), and QuerySet.extra() are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionar |
- CVE-2025-59682Oct 1, 2025affected < 5.2.4-bp160.3.1fixed 5.2.4-bp160.3.1
An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. The django.utils.archive.extract() function, used by the "startapp --template" and "startproject --template" commands, allows partial directory traversal via an archive with file paths s
- CVE-2025-59681Oct 1, 2025affected < 5.2.4-bp160.3.1fixed 5.2.4-bp160.3.1
An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate(), and QuerySet.extra() are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionar
Page 2 of 2