[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2015-0220":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":44,"aliases":54,"duplicate_of":9,"upstream":57,"downstream":58,"duplicates":71,"related":72,"reserved_at":9,"published_at":74,"modified_at":75,"state":76,"summary":77,"references_raw":85,"kevs":196,"epss":197,"epss_history":200,"metrics":455,"affected":469},"CVE-2015-0220","The django.util.http.is_safe_url function in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 does not properly handle leading whitespaces, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL, related to redirect URLs, as demonstrated by a \"\\njavascript:\" URL.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-79","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-209","XSS Using MIME Type Mismatch",[],{"id":25,"name":26,"techniques":27},"CAPEC-588","DOM-Based XSS",[],{"id":29,"name":30,"techniques":31},"CAPEC-591","Reflected XSS",[],{"id":33,"name":34,"techniques":35},"CAPEC-592","Stored XSS",[],{"id":37,"name":38,"techniques":39},"CAPEC-63","Cross-Site Scripting (XSS)",[],{"id":41,"name":42,"techniques":43},"CAPEC-85","AJAX Footprinting",[],[45],{"_key":46,"name":47,"source":48,"url":49,"maturity":50,"reliability_score":51,"verified":52,"type":9,"platforms":53,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_B77133F326FB9919","Exploit Reference (djangoproject.com)","reference","https://www.djangoproject.com/weblog/2015/jan/13/security/","unknown",0.2,false,[],[55,56],"GHSA-gv98-g628-m9x5","PYSEC-2015-5",[],[59,61,63,65,67,69],{"_key":60},"UBUNTU-CVE-2015-0220",{"_key":62},"USN-2469-1",{"_key":64},"DLA-143-1",{"_key":66},"DSA-3151-1",{"_key":68},"MGASA-2015-0026",{"_key":70},"DEBIAN-CVE-2015-0220",[],[73],{"_key":68},"2015-01-16T16:00:00.000Z","2024-08-06T04:03:10.421Z","Modified",{"cisa_kev":52,"cisa_ransomware":52,"cisa_vendor":9,"epss_severity":78,"epss_score":79,"severity":80,"severity_score":81,"severity_version":82,"severity_source":83,"severity_vector":84,"severity_status":76},"low",0.02154,"medium",4.3,"v2.0","nvd","AV:N/AC:M/Au:N/C:N/I:P/A:N",[86,95,102,107,112,116,121,127,131,135,139,143,147,151,155,159,163,168,172,176,180,184,188,192],{"url":87,"sources":88,"tags":91},"http://secunia.com/advisories/62718",[89,83,90],"cve.org","osv_pypi",[92,93,94],"Third Party Advisory","X Refsource SECUNIA","Advisory",{"url":96,"sources":97,"tags":98},"http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148608.html",[89,83,90],[99,100,101],"Vendor Advisory","X Refsource FEDORA","WEB",{"url":103,"sources":104,"tags":105},"http://ubuntu.com/usn/usn-2469-1",[89,83,90],[99,106,101],"X Refsource UBUNTU",{"url":108,"sources":109,"tags":110},"http://www.mandriva.com/security/advisories?name=MDVSA-2015:036",[89,83,90],[99,111,94],"X Refsource MANDRIVA",{"url":113,"sources":114,"tags":115},"http://secunia.com/advisories/62285",[89,83,90],[92,93,94],{"url":117,"sources":118,"tags":119},"http://lists.opensuse.org/opensuse-updates/2015-09/msg00035.html",[89,83,90],[99,120,101],"X Refsource SUSE",{"url":49,"sources":122,"tags":123},[89,83,90],[124,125,99,126],"X Refsource CONFIRM","Exploit","ARTICLE",{"url":128,"sources":129,"tags":130},"http://lists.opensuse.org/opensuse-updates/2015-04/msg00001.html",[89,83,90],[99,120,101],{"url":132,"sources":133,"tags":134},"http://secunia.com/advisories/62309",[89,83,90],[92,93,94],{"url":136,"sources":137,"tags":138},"http://www.mandriva.com/security/advisories?name=MDVSA-2015:109",[89,83,90],[99,111,94],{"url":140,"sources":141,"tags":142},"http://advisories.mageia.org/MGASA-2015-0026.html",[89,83,90],[124,94],{"url":144,"sources":145,"tags":146},"http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148485.html",[89,83,90],[99,100,101],{"url":148,"sources":149,"tags":150},"https://nvd.nist.gov/vuln/detail/CVE-2015-0220",[90],[94],{"url":152,"sources":153,"tags":154},"https://github.com/django/django/commit/4c241f1b710da6419d9dca160e80b23b82db7758",[90],[101],{"url":156,"sources":157,"tags":158},"https://github.com/django/django/commit/72e0b033662faa11bb7f516f18a132728aa0ae28",[90],[101],{"url":160,"sources":161,"tags":162},"https://github.com/django/django/commit/de67dedc771ad2edec15c1d00c083a1a084e1e89",[90],[101],{"url":164,"sources":165,"tags":166},"https://github.com/django/django",[90],[167],"PACKAGE",{"url":169,"sources":170,"tags":171},"https://github.com/django/django/blob/4555a823fd57e261e1b19c778429473256c8ea08/docs/releases/1.4.18.txt#L34-L46",[90],[101],{"url":173,"sources":174,"tags":175},"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2015-5.yaml",[90],[101],{"url":177,"sources":178,"tags":179},"https://web.archive.org/web/20150128111656/http://secunia.com/advisories/62285",[90],[101],{"url":181,"sources":182,"tags":183},"https://web.archive.org/web/20150523054951/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015:109/?name=MDVSA-2015:109",[90],[101],{"url":185,"sources":186,"tags":187},"https://web.archive.org/web/20150523054953/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015:036/?name=MDVSA-2015:036",[90],[101],{"url":189,"sources":190,"tags":191},"https://web.archive.org/web/20151104201446/http://secunia.com/advisories/62718",[90],[101],{"url":193,"sources":194,"tags":195},"https://www.djangoproject.com/weblog/2015/jan/13/security",[90],[101],[],{"date":198,"score":79,"percentile":199},"2026-06-04",0.84577,[201,205,208,211,214,217,220,223,225,228,231,234,237,240,243,246,249,252,254,257,260,262,265,267,269,272,275,278,281,284,286,289,293,296,299,301,304,307,310,313,316,318,320,323,326,329,332,334,336,339,342,345,348,351,354,357,360,363,366,369,372,375,377,380,383,385,388,391,393,396,398,400,403,405,408,411,414,417,420,423,426,429,432,435,438,441,444,447,450,452],{"date":202,"score":203,"percentile":204},"2025-11-04",0.02402,0.84519,{"date":206,"score":203,"percentile":207},"2025-11-05",0.84523,{"date":209,"score":203,"percentile":210},"2025-11-06",0.84526,{"date":212,"score":203,"percentile":213},"2025-11-07",0.84533,{"date":215,"score":203,"percentile":216},"2025-11-08",0.84538,{"date":218,"score":203,"percentile":219},"2025-11-09",0.84532,{"date":221,"score":203,"percentile":222},"2025-11-10",0.84528,{"date":224,"score":203,"percentile":213},"2025-11-11",{"date":226,"score":203,"percentile":227},"2025-11-12",0.84544,{"date":229,"score":203,"percentile":230},"2025-11-13",0.8455,{"date":232,"score":203,"percentile":233},"2025-11-14",0.84552,{"date":235,"score":203,"percentile":236},"2025-11-15",0.84545,{"date":238,"score":203,"percentile":239},"2025-11-16",0.84546,{"date":241,"score":203,"percentile":242},"2025-11-17",0.84535,{"date":244,"score":203,"percentile":245},"2025-11-18",0.83737,{"date":247,"score":203,"percentile":248},"2025-11-19",0.83739,{"date":250,"score":203,"percentile":251},"2025-11-20",0.83745,{"date":253,"score":203,"percentile":230},"2025-11-21",{"date":255,"score":203,"percentile":256},"2025-11-22",0.84547,{"date":258,"score":203,"percentile":259},"2025-11-23",0.84537,{"date":261,"score":203,"percentile":242},"2025-11-24",{"date":263,"score":203,"percentile":264},"2025-11-25",0.84536,{"date":266,"score":203,"percentile":216},"2025-11-26",{"date":268,"score":203,"percentile":216},"2025-11-27",{"date":270,"score":203,"percentile":271},"2025-11-28",0.8452,{"date":273,"score":203,"percentile":274},"2025-11-29",0.84556,{"date":276,"score":203,"percentile":277},"2025-11-30",0.84557,{"date":279,"score":203,"percentile":280},"2025-12-01",0.84623,{"date":282,"score":203,"percentile":283},"2025-12-02",0.84627,{"date":285,"score":203,"percentile":283},"2025-12-03",{"date":287,"score":203,"percentile":288},"2025-12-04",0.84559,{"date":290,"score":291,"percentile":292},"2025-12-05",0.02549,0.85,{"date":294,"score":291,"percentile":295},"2025-12-06",0.84997,{"date":297,"score":291,"percentile":298},"2025-12-07",0.84987,{"date":300,"score":291,"percentile":298},"2025-12-08",{"date":302,"score":291,"percentile":303},"2025-12-09",0.84996,{"date":305,"score":291,"percentile":306},"2025-12-10",0.85017,{"date":308,"score":291,"percentile":309},"2025-12-11",0.85023,{"date":311,"score":291,"percentile":312},"2025-12-12",0.85028,{"date":314,"score":291,"percentile":315},"2025-12-13",0.85024,{"date":317,"score":291,"percentile":309},"2025-12-14",{"date":319,"score":291,"percentile":315},"2025-12-15",{"date":321,"score":291,"percentile":322},"2025-12-16",0.85032,{"date":324,"score":291,"percentile":325},"2025-12-17",0.85036,{"date":327,"score":291,"percentile":328},"2025-12-18",0.8504,{"date":330,"score":291,"percentile":331},"2025-12-19",0.85043,{"date":333,"score":291,"percentile":322},"2025-12-20",{"date":335,"score":291,"percentile":328},"2025-12-21",{"date":337,"score":291,"percentile":338},"2025-12-22",0.85041,{"date":340,"score":291,"percentile":341},"2025-12-23",0.85048,{"date":343,"score":291,"percentile":344},"2025-12-24",0.85053,{"date":346,"score":291,"percentile":347},"2025-12-25",0.85069,{"date":349,"score":291,"percentile":350},"2025-12-26",0.85071,{"date":352,"score":79,"percentile":353},"2025-12-27",0.83847,{"date":355,"score":291,"percentile":356},"2025-12-28",0.85061,{"date":358,"score":291,"percentile":359},"2025-12-29",0.85057,{"date":361,"score":291,"percentile":362},"2025-12-30",0.85064,{"date":364,"score":291,"percentile":365},"2025-12-31",0.85073,{"date":367,"score":291,"percentile":368},"2026-01-01",0.85138,{"date":370,"score":291,"percentile":371},"2026-01-02",0.85137,{"date":373,"score":291,"percentile":374},"2026-01-03",0.85134,{"date":376,"score":291,"percentile":362},"2026-01-04",{"date":378,"score":291,"percentile":379},"2026-01-05",0.85055,{"date":381,"score":291,"percentile":382},"2026-01-06",0.85062,{"date":384,"score":291,"percentile":356},"2026-01-07",{"date":386,"score":291,"percentile":387},"2026-01-08",0.8507,{"date":389,"score":291,"percentile":390},"2026-01-09",0.85074,{"date":392,"score":291,"percentile":387},"2026-01-10",{"date":394,"score":291,"percentile":395},"2026-01-11",0.85066,{"date":397,"score":291,"percentile":356},"2026-01-12",{"date":399,"score":291,"percentile":359},"2026-01-13",{"date":401,"score":291,"percentile":402},"2026-01-14",0.85076,{"date":404,"score":291,"percentile":390},"2026-01-15",{"date":406,"score":291,"percentile":407},"2026-01-16",0.8508,{"date":409,"score":291,"percentile":410},"2026-01-17",0.85087,{"date":412,"score":291,"percentile":413},"2026-01-18",0.85081,{"date":415,"score":291,"percentile":416},"2026-01-19",0.85075,{"date":418,"score":291,"percentile":419},"2026-01-20",0.85079,{"date":421,"score":291,"percentile":422},"2026-01-21",0.85085,{"date":424,"score":291,"percentile":425},"2026-01-22",0.8509,{"date":427,"score":291,"percentile":428},"2026-01-23",0.85101,{"date":430,"score":291,"percentile":431},"2026-01-24",0.85111,{"date":433,"score":291,"percentile":434},"2026-01-25",0.85107,{"date":436,"score":291,"percentile":437},"2026-01-26",0.85105,{"date":439,"score":291,"percentile":440},"2026-01-27",0.85109,{"date":442,"score":291,"percentile":443},"2026-01-28",0.85114,{"date":445,"score":291,"percentile":446},"2026-01-29",0.85116,{"date":448,"score":291,"percentile":449},"2026-01-30",0.85119,{"date":451,"score":291,"percentile":449},"2026-01-31",{"date":453,"score":291,"percentile":454},"2026-02-01",0.85189,[456,460],{"source":83,"cvss_v2_0":457,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":81,"baseSeverity":9,"vectorString":84,"impactScore":458,"exploitabilityScore":459},2.9,8.6,{"source":90,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":461,"cvss_v4_0":466},{"baseScore":462,"baseSeverity":9,"vectorString":463,"impactScore":464,"exploitabilityScore":465},6.1,"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",4.5,7.2,{"baseScore":467,"baseSeverity":9,"vectorString":468,"impactScore":9,"exploitabilityScore":9},5.3,"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",[470,485,521],{"ecosystem":9,"name":471,"vendor":472,"product":473,"cpe_part":474,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":475},"ubuntu linux","canonical","ubuntu_linux","o",[476,479,481,483],{"version":477,"is_range":52,"range_type":478,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.04","cpe",{"version":480,"is_range":52,"range_type":478,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"12.04",{"version":482,"is_range":52,"range_type":478,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"14.04",{"version":484,"is_range":52,"range_type":478,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"14.10",{"ecosystem":9,"name":486,"vendor":487,"product":486,"cpe_part":488,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":489},"django","djangoproject","a",[490,495,497,499,501,503,505,507,509,511,513,515,517,519],{"version":491,"is_range":492,"range_type":478,"version_start":9,"version_start_type":9,"version_end":493,"version_end_type":494,"fixed_in":9},"lte1.4.17",true,"1.4.17","including",{"version":496,"is_range":52,"range_type":478,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.6",{"version":498,"is_range":52,"range_type":478,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.6.1",{"version":500,"is_range":52,"range_type":478,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.6.2",{"version":502,"is_range":52,"range_type":478,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.6.3",{"version":504,"is_range":52,"range_type":478,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.6.4",{"version":506,"is_range":52,"range_type":478,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.6.5",{"version":508,"is_range":52,"range_type":478,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.6.6",{"version":510,"is_range":52,"range_type":478,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.6.7",{"version":512,"is_range":52,"range_type":478,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.6.8",{"version":514,"is_range":52,"range_type":478,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.6.9",{"version":516,"is_range":52,"range_type":478,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.7",{"version":518,"is_range":52,"range_type":478,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.7.1",{"version":520,"is_range":52,"range_type":478,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.7.2",{"ecosystem":522,"name":486,"vendor":522,"product":486,"cpe_part":9,"purl_type":523,"purl_namespace":9,"purl_name":486,"source":9,"versions":524},"PyPI","pypi",[525,530,533],{"version":526,"is_range":492,"range_type":527,"version_start":9,"version_start_type":9,"version_end":528,"version_end_type":529,"fixed_in":9},"lt1_4_18","ecosystem","1.4.18","excluding",{"version":531,"is_range":492,"range_type":527,"version_start":496,"version_start_type":494,"version_end":532,"version_end_type":529,"fixed_in":9},"gte1_6_lt1_6_10","1.6.10",{"version":534,"is_range":492,"range_type":527,"version_start":516,"version_start_type":494,"version_end":535,"version_end_type":529,"fixed_in":9},"gte1_7_lt1_7_3","1.7.3"]