Malicious Package

Overview playgroundroot is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview keithowan is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

[SECURITY] [DLA 4301-1] python-django security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4301-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb September 15, 2025 https://wiki.debian.org/LTS -...

SQL Injection

Django is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of column aliases in FilteredRelation when crafted dictionaries are expanded as keyword arguments to QuerySet.annotate or QuerySet.alias, which allows an attacker to inject and execute arbitrary SQL...

OESA-2025-2236 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted...

OESA-2025-2235 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted...

Updated python-django packages fix security vulnerability

Potential SQL injection in FilteredRelation column aliases. CVE-2025-57833...

MGASA-2025-0229 Updated python-django packages fix security vulnerability

Potential SQL injection in FilteredRelation column aliases. CVE-2025-57833...

Django is subject to SQL injection through its column aliases

An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed QuerySet.annotate or QuerySet.alias...

Linux Distros Unpatched Vulnerability : CVE-2025-57833

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases,...

CVE-2025-57833

An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed QuerySet.annotate or QuerySet.alias...

CVE-2025-57833

An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed QuerySet.annotate or QuerySet.alias...

PYSEC-2025-105

An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed QuerySet.annotate or QuerySet.alias...

CVE-2025-57833

An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed QuerySet.annotate or QuerySet.alias...

Linux Distros Unpatched Vulnerability : CVE-2021-3272

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jp2decode in jp2/jp2dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels a...

CVE-2025-57833

An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed QuerySet.annotate or QuerySet.alias...

CVE-2025-57833

CVE-2025-57833 affects Django 4.2 (pre-4.2.24), 5.1 (pre-5.1.12), and 5.2 (pre-5.2.6). The vulnerability arises in FilteredRelation where SQL injection can occur via column aliases when a crafted dictionary is expanded through **kwargs passed to QuerySet.annotate() or QuerySet.alias(). The issue ...

MAL-2025-41526 Malicious code in @twork-data-services/sme-agent-company-relation (npm)

--- -= Per source details. Do not edit below this line.=-...

CGA-28QH-26P4-9VPC

Bulletin has no description...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via improper enforcement of authorization policies in the Check and ListObject processes. Note: The users are affected under the following preconditions: - Check API or ListObjects are called with an authorizatio...