EUVD-2025-28218

Malicious code in bioql PyPI...

Transmission of Private Resources into a New Sphere ('Resource Leak')

Overview django-select2 is a Django integration of Select2. Affected versions of this package are vulnerable to Transmission of Private Resources into a New Sphere 'Resource Leak' via a HeavySelect2Mixin class in forms.py. An attacker can access restricted data by exploiting the reuse of widget...

CVE-2025-48383 Django-Select2 Vulnerable to Widget Instance Secret Cache Key Leaking

Django-Select2 is a Django integration for Select2. Prior to version 8.4.1, instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget can leak secret access tokens across requests. This can allow users to access restricted query sets and restricted data...

PT-2025-23006 · Unknown · Django-Select2

Name of the Vulnerable Software and Affected Versions: Django-Select2 versions prior to 8.4.1 Description: The issue affects instances of HeavySelect2Mixin subclasses, such as the ModelSelect2MultipleWidget and ModelSelect2Widget, allowing secret access tokens to leak across requests. This can...