SQL Injection

🗓️ 24 Nov 2025 17:50:45Reported by Veracode Vulnerability DatabaseType

veracode🔗 sca.analysiscenter.veracode.com👁 1 Views

Django is vulnerable to SQL injection due to improper sanitization of column aliases in QuerySet.annotate and related methods via crafted kwargs on MySQL and MariaDB.

Reporter	Title	Published	Views	Family All 94
FreeBSD	Django -- multiple vulnerabilities	1 Oct 202500:00	–	freebsd
AlpineLinux	CVE-2025-59681	1 Oct 202500:00	–	alpinelinux
AstraLinux	Astra Linux - уязвимость в python-django	3 May 202623:59	–	astralinux
Chainguard	CVE-2025-59681 vulnerabilities	3 Oct 202513:45	–	cgr
Circl	CVE-2025-59681	1 Oct 202516:25	–	circl
CNNVD	Django SQL注入漏洞	1 Oct 202500:00	–	cnnvd
CVE	CVE-2025-59681	1 Oct 202500:00	–	cve
Cvelist	CVE-2025-59681	1 Oct 202500:00	–	cvelist
IBM Security Bulletins	Security Bulletin: IBM Edge Data Collector uses django-4.2.24-py3-none-any.whl which is vulnerable to CVE-2025-59681, CVE-2025-59682.	9 Dec 202514:05	–	ibm
IBM Security Bulletins	Security Bulletin: Allocation of resources without limits, heap-buffer-overread, and other vulnerabilities might affect IBM Storage Defender - Resiliency Service	28 Oct 202516:41	–	ibm

Vulners

Node

django_project djangoRange4.2a1–4.2.24python

django_project djangoRange5.1a1–5.1.12python

django_project djangoRange5.2a1–5.2.6python

django_project djangoMatch4.2python

django_project djangoMatch4.2.1python

django_project djangoMatch4.2.10python

django_project djangoMatch4.2.11python

django_project djangoMatch4.2.12python

django_project djangoMatch4.2.13python

django_project djangoMatch4.2.14python

django_project djangoMatch4.2.15python

django_project djangoMatch4.2.16python

django_project djangoMatch4.2.17python

django_project djangoMatch4.2.18python

django_project djangoMatch4.2.19python

django_project djangoMatch4.2.2python

django_project djangoMatch4.2.20python

django_project djangoMatch4.2.21python

django_project djangoMatch4.2.22python

django_project djangoMatch4.2.23python

django_project djangoMatch4.2.3python

django_project djangoMatch4.2.4python

django_project djangoMatch4.2.5python

django_project djangoMatch4.2.6python

django_project djangoMatch4.2.7python

django_project djangoMatch4.2.8python

django_project djangoMatch4.2.9python

django_project djangoMatch5.1python

django_project djangoMatch5.1.1python

django_project djangoMatch5.1.10python

django_project djangoMatch5.1.11python

django_project djangoMatch5.1.2python

django_project djangoMatch5.1.3python

django_project djangoMatch5.1.4python

django_project djangoMatch5.1.5python

django_project djangoMatch5.1.6python

django_project djangoMatch5.1.7python

django_project djangoMatch5.1.8python

django_project djangoMatch5.1.9python

django_project djangoMatch5.2python

django_project djangoMatch5.2.1python

django_project djangoMatch5.2.2python

django_project djangoMatch5.2.3python

django_project djangoMatch5.2.4python

django_project djangoMatch5.2.5python

django_project djangoRange4.2–4.2.24python

django_project djangoRange5.1–5.1.12python

django_project djangoRange5.2–5.2.6python

Source	Link
openwall	www.openwall.com/lists/oss-security/2025/10/01/3
github	www.github.com/django/django/commit/43d84aef04a9e71164c21a74885996981857e66e
groups	www.groups.google.com/g/django-announce
docs	www.docs.djangoproject.com/en/dev/releases/security
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-59681
github	www.github.com/django/django/commit/41b43c74bda19753c757036673ea9db74acf494a
djangoproject	www.djangoproject.com/weblog/2025/oct/01/security-releases
github	www.github.com/django/django

30 May 2026 07:42Current

7.6High risk

Vulners AI Score7.6

CVSS 3.17.1 - 9.8

EPSS0.00014

SSVC