17 matches found
EUVD-2025-28218
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2025-48383
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Django-Select2 is a Django integration for Select2. Prior to version 8.4.1, instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and...
Information Leakage
djangoselect2 is vulnerable to information leakage. The vulnerability is due to improper handling of instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget, allowing an attacker to access restricted query sets and sensitive data...
Transmission of Private Resources into a New Sphere ('Resource Leak')
Overview django-select2 is a Django integration of Select2. Affected versions of this package are vulnerable to Transmission of Private Resources into a New Sphere 'Resource Leak' via a HeavySelect2Mixin class in forms.py. An attacker can access restricted data by exploiting the reuse of widget...
aldryn-django-cms (=3.5.3.2), aleksis (>=1.0.0a4.dev0 <=2023.1.0.dev0) +43 more potentially affected by CVE-2025-48383 via django-select2 (>=4.3.2 <=8.2.4)
django-select2 PYPI version =4.3.2, =1.0.0a4.dev0, =2.0.0, =1.0.0, =2.0.0, =2.1.0, =2.0.0, =0.1.0, =2.0.0, =2.0.0, =2.0.0, =0.1.1, =2.0.0, =2.2.0 and more Source cves: CVE-2025-48383 Source advisory: OSV:GHSA-WJRH-HJ83-3WH7...
Django-Select2 Vulnerable to Widget Instance Secret Cache Key Leaking
Impact Instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget can secret access tokens across requests. This can allow users to access restricted querysets and restricted data. Patches The problem has been patched in version 8.4.1 and all following...
byro (=2023.1.0), django-ndr-core (>=0.8.0 <=0.42.0) +4 more potentially affected by CVE-2025-48383 via django-select2 (>=8.0.0 <=8.2.1)
django-select2 PYPI version =8.0.0, =0.8.0, =4.0.2, =0.1.4.12, =0.1.2.5, =0.1.2.15 - nobinobi-kitchen =0.1.1 Source cves: CVE-2025-48383 Source advisory: SNYK:PYTHON-DJANGOSELECT2-10255155...
GHSA-WJRH-HJ83-3WH7 Django-Select2 Vulnerable to Widget Instance Secret Cache Key Leaking
Impact Instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget can secret access tokens across requests. This can allow users to access restricted querysets and restricted data. Patches The problem has been patched in version 8.4.1 and all following...
DEBIAN-CVE-2025-48383
Django-Select2 is a Django integration for Select2. Prior to version 8.4.1, instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget can leak secret access tokens across requests. This can allow users to access restricted query sets and restricted data...
CVE-2025-48383
Django-Select2 is a Django integration for Select2. Prior to version 8.4.1, instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget can leak secret access tokens across requests. This can allow users to access restricted query sets and restricted data...
UBUNTU-CVE-2025-48383
Django-Select2 is a Django integration for Select2. Prior to version 8.4.1, instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget can leak secret access tokens across requests. This can allow users to access restricted query sets and restricted data...
CVE-2025-48383
The CVE-2025-48383 issue affects Django-Select2: HeavySelect2Mixin subclasses (notably ModelSelect2MultipleWidget and ModelSelect2Widget) can leak secret access tokens across requests, enabling access to restricted query sets/data. The vulnerability is mitigated in version 8.4.1 and later. No exp...
CVE-2025-48383 Django-Select2 Vulnerable to Widget Instance Secret Cache Key Leaking
Django-Select2 is a Django integration for Select2. Prior to version 8.4.1, instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget can leak secret access tokens across requests. This can allow users to access restricted query sets and restricted data...
CVE-2025-48383 Django-Select2 Vulnerable to Widget Instance Secret Cache Key Leaking
Django-Select2 is a Django integration for Select2. Prior to version 8.4.1, instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget can leak secret access tokens across requests. This can allow users to access restricted query sets and restricted data...
CVE-2025-48383
Django-Select2 is a Django integration for Select2. Prior to version 8.4.1, instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget can leak secret access tokens across requests. This can allow users to access restricted query sets and restricted data...
django-select2 安全漏洞
django-select2 is a Django integration for Select2 by Johannes Maron Personal Developer. A security vulnerability exists in django-select2 versions prior to 8.4.1 that stems from the HeavySelect2Mixin subclass that may disclose access tokens...
PT-2025-23006 · Unknown · Django-Select2
Name of the Vulnerable Software and Affected Versions: Django-Select2 versions prior to 8.4.1 Description: The issue affects instances of HeavySelect2Mixin subclasses, such as the ModelSelect2MultipleWidget and ModelSelect2Widget, allowing secret access tokens to leak across requests. This can...