Fedora: Security Advisory (FEDORA-2025-24dfd3b072)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2025-b1379d950d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EUVD-2025-59682

Malicious code in fauzi-klipo22-sluey npm...

python311-Django-5.2.7-1.1 on GA media (moderate)

python311-Django-5.2.7-1.1 on GA media Announcement ID: openSUSE-SU-2025:15598-1 Rating: moderate Cross-References: CVE-2025-59681 CVE-2025-59682 CVSS scores: CVE-2025-59681 SUSE : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2025-59681 SUSE : 9.3...

python311-Django4-4.2.25-1.1 on GA media (moderate)

python311-Django4-4.2.25-1.1 on GA media Announcement ID: openSUSE-SU-2025:15596-1 Rating: moderate Cross-References: CVE-2025-59681 CVE-2025-59682 CVSS scores: CVE-2025-59681 SUSE : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2025-59681 SUSE : 9.3...

FreeBSD : Django -- multiple vulnerabilities (90fc859e-9fe4-11f0-9fa2-080027836e8b)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 90fc859e-9fe4-11f0-9fa2-080027836e8b advisory. Django reports: CVE-2025-59681: Potential SQL injection in QuerySet.annotate, alias, aggregate...

aldryn-django (>=4.2.10.0 <=4.2.18.0), alertwise (=1.0.0) +113 more potentially affected by CVE-2025-59682 via django (>=4.2.0 <=4.2.24)

django PYPI version =4.2.0, =4.2.10.0, =65.10.0, =7.5.1, =1.0.2, =0.0.1, =1.3.9, =0.4.0, =0.0.1, =4.16.2, =4.8.0, =0.0.4.dev0, =8.0.0, =8.5.1 and more Source cves: CVE-2025-59682 Source advisory: OSV:GHSA-Q95W-C7QG-HRFF...

aa-altcorp (>=0.1.2b0 <=1.1.1), aa-alumni (>=0.0.1a1 <=1.0.1) +1436 more potentially affected by CVE-2025-59682 via django (>=5.2.0 <=5.2.6)

django PYPI version =5.2.0, =0.1.2b0, =0.0.1a1, =0.1.1, =3.1.0b1, =1.0.3, =0.0.1a2, =0.1.0, =0.2.0, =1.0.0, =1.1.0b3, =0.1.0b1, =0.1.0, =1.1.0 and more Source cves: CVE-2025-59682 Source advisory: SNYK:PYTHON-DJANGO-13179425...

chromatrace (>=0.1.6 <=0.1.7), ddos-blocker (>=0.0.3 <=0.0.13) +21 more potentially affected by CVE-2025-59682 via django (>=5.1.0 <=5.1.12)

django PYPI version =5.1.0, =0.1.6, =0.0.3, =0.0.15, =2.7.0, =1.0.3, =0.6.2, =5.1.0, =0.2.30, =1.42.2, =1.21.0, =1.21.1.dev5 and more Source cves: CVE-2025-59682 Source advisory: SNYK:PYTHON-DJANGO-13179425...

chromatrace (>=0.1.6 <=0.1.7), ddos-blocker (>=0.0.3 <=0.0.13) +21 more potentially affected by CVE-2025-59682 via django (>=5.1.0 <=5.1.12)

django PYPI version =5.1.0, =0.1.6, =0.0.3, =0.0.15, =2.7.0, =1.0.3, =0.6.2, =5.1.0, =0.2.30, =1.42.2, =1.21.0, =1.21.1.dev5 and more Source cves: CVE-2025-59682 Source advisory: OSV:GHSA-Q95W-C7QG-HRFF...

CVE-2025-59682

creationtimestamp| type| source ---|---|--- 2025-10-01 16:25:21+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3m25hccwtnd2k 2025-10-04 20:51:40+00:00| seen| https://bsky.app/profile/getpokemon7.bsky.social/post/3m2fhlce4y22i 2025-12-16 13:56:42+00:00| seen|...

CVE-2025-59682

An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. The django.utils.archive.extract function, used by the "startapp --template" and "startproject --template" commands, allows partial directory traversal via an archive with file paths sharing a common...

CVE-2025-59682

An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. The django.utils.archive.extract function, used by the "startapp --template" and "startproject --template" commands, allows partial directory traversal via an archive with file paths sharing a common...