[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2016-2512":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":44,"aliases":45,"duplicate_of":9,"upstream":48,"downstream":49,"duplicates":78,"related":79,"reserved_at":9,"published_at":85,"modified_at":86,"state":87,"summary":88,"references_raw":97,"kevs":197,"epss":198,"epss_history":201,"metrics":465,"affected":481},"CVE-2016-2512","The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting (XSS) attacks via a URL containing basic authentication, as demonstrated by http://mysite.example.com\\@attacker.com.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-79","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-209","XSS Using MIME Type Mismatch",[],{"id":25,"name":26,"techniques":27},"CAPEC-588","DOM-Based XSS",[],{"id":29,"name":30,"techniques":31},"CAPEC-591","Reflected XSS",[],{"id":33,"name":34,"techniques":35},"CAPEC-592","Stored XSS",[],{"id":37,"name":38,"techniques":39},"CAPEC-63","Cross-Site Scripting (XSS)",[],{"id":41,"name":42,"techniques":43},"CAPEC-85","AJAX Footprinting",[],[],[46,47],"GHSA-pw27-w7w4-9qc7","PYSEC-2016-15",[],[50,52,54,56,58,60,62,64,66,68,70,72,74,76],{"_key":51},"RHSA-2016:0502",{"_key":53},"RHSA-2016:0503",{"_key":55},"RHSA-2016:0504",{"_key":57},"RHSA-2016:0505",{"_key":59},"RHSA-2016:0506",{"_key":61},"SUSE-SU-2018:1102-1",{"_key":63},"SUSE-SU-2018:1828-1",{"_key":65},"SUSE-SU-2018:1830-1",{"_key":67},"UBUNTU-CVE-2016-2512",{"_key":69},"USN-2915-1",{"_key":71},"OPENSUSE-SU-2024:10361-1",{"_key":73},"DSA-3544-1",{"_key":75},"MGASA-2016-0096",{"_key":77},"DEBIAN-CVE-2016-2512",[],[80,81,82,83,84],{"_key":61},{"_key":63},{"_key":65},{"_key":71},{"_key":75},"2016-04-08T15:00:00.000Z","2024-08-05T23:32:20.686Z","Modified",{"cisa_kev":89,"cisa_ransomware":89,"cisa_vendor":9,"epss_severity":90,"epss_score":91,"severity":92,"severity_score":93,"severity_version":94,"severity_source":95,"severity_vector":96,"severity_status":87},false,"low",0.01203,"high",7.4,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",[98,108,114,119,123,128,132,137,142,146,150,154,159,164,168,172,176,181,185,189,193],{"url":99,"sources":100,"tags":103},"http://rhn.redhat.com/errata/RHSA-2016-0506.html",[101,95,102],"cve.org","osv_pypi",[104,105,106,107],"Vendor Advisory","X Refsource REDHAT","WEB","Advisory",{"url":109,"sources":110,"tags":111},"http://www.securitytracker.com/id/1035152",[101,95,102],[112,113,106],"VDB Entry","X Refsource SECTRACK",{"url":115,"sources":116,"tags":117},"http://www.securityfocus.com/bid/83879",[101,95,102],[112,118,106],"X Refsource BID",{"url":120,"sources":121,"tags":122},"http://rhn.redhat.com/errata/RHSA-2016-0504.html",[101,95,102],[104,105,106,107],{"url":124,"sources":125,"tags":126},"http://www.debian.org/security/2016/dsa-3544",[101,95,102],[104,127,106,107],"X Refsource DEBIAN",{"url":129,"sources":130,"tags":131},"http://rhn.redhat.com/errata/RHSA-2016-0502.html",[101,95,102],[104,105,106,107],{"url":133,"sources":134,"tags":135},"http://www.ubuntu.com/usn/USN-2915-3",[101,95,102],[104,136,106,107],"X Refsource UBUNTU",{"url":138,"sources":139,"tags":140},"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",[101,95,102],[141,106],"X Refsource CONFIRM",{"url":143,"sources":144,"tags":145},"http://www.ubuntu.com/usn/USN-2915-2",[101,95,102],[104,136,106,107],{"url":147,"sources":148,"tags":149},"http://rhn.redhat.com/errata/RHSA-2016-0505.html",[101,95,102],[104,105,106,107],{"url":151,"sources":152,"tags":153},"http://www.ubuntu.com/usn/USN-2915-1",[101,95,102],[104,136,106,107],{"url":155,"sources":156,"tags":157},"https://www.djangoproject.com/weblog/2016/mar/01/security-releases/",[101,95,102],[141,104,158],"ARTICLE",{"url":160,"sources":161,"tags":162},"https://github.com/django/django/commit/c5544d289233f501917e25970c03ed444abbd4f0",[101,95,102],[141,106,163],"FIX",{"url":165,"sources":166,"tags":167},"https://nvd.nist.gov/vuln/detail/CVE-2016-2512",[102],[107],{"url":169,"sources":170,"tags":171},"https://github.com/django/django/commit/382ab137312961ad62feb8109d70a5a581fe8350",[102],[106],{"url":173,"sources":174,"tags":175},"https://github.com/django/django/commit/fc6d147a63f89795dbcdecb0559256470fff4380",[102],[106],{"url":177,"sources":178,"tags":179},"https://github.com/django/django",[102],[180],"PACKAGE",{"url":182,"sources":183,"tags":184},"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2016-15.yaml",[102],[106],{"url":186,"sources":187,"tags":188},"https://web.archive.org/web/20210123090815/http://www.securityfocus.com/bid/83879",[102],[106],{"url":190,"sources":191,"tags":192},"https://web.archive.org/web/20210413200202/http://www.securitytracker.com/id/1035152",[102],[106],{"url":194,"sources":195,"tags":196},"https://www.djangoproject.com/weblog/2016/mar/01/security-releases",[102],[106],[],{"date":199,"score":91,"percentile":200},"2026-06-04",0.79267,[202,206,209,212,215,218,221,224,227,230,233,236,239,242,245,248,251,254,257,260,263,265,267,269,271,274,277,280,283,286,289,292,294,297,299,302,305,308,311,314,317,321,324,327,330,333,336,339,342,345,348,351,354,356,359,362,365,368,370,373,376,379,382,385,388,391,394,397,400,403,407,410,413,416,419,422,425,428,431,433,436,439,442,445,448,451,454,457,460,462],{"date":203,"score":204,"percentile":205},"2025-11-04",0.00458,0.63178,{"date":207,"score":204,"percentile":208},"2025-11-05",0.6316,{"date":210,"score":204,"percentile":211},"2025-11-06",0.63169,{"date":213,"score":204,"percentile":214},"2025-11-07",0.63186,{"date":216,"score":204,"percentile":217},"2025-11-08",0.63189,{"date":219,"score":204,"percentile":220},"2025-11-09",0.63182,{"date":222,"score":204,"percentile":223},"2025-11-10",0.63164,{"date":225,"score":204,"percentile":226},"2025-11-11",0.63177,{"date":228,"score":204,"percentile":229},"2025-11-12",0.63198,{"date":231,"score":204,"percentile":232},"2025-11-13",0.63203,{"date":234,"score":204,"percentile":235},"2025-11-14",0.63214,{"date":237,"score":204,"percentile":238},"2025-11-15",0.63206,{"date":240,"score":204,"percentile":241},"2025-11-16",0.63196,{"date":243,"score":204,"percentile":244},"2025-11-17",0.63195,{"date":246,"score":204,"percentile":247},"2025-11-18",0.61339,{"date":249,"score":204,"percentile":250},"2025-11-19",0.61353,{"date":252,"score":204,"percentile":253},"2025-11-20",0.61342,{"date":255,"score":204,"percentile":256},"2025-11-21",0.63207,{"date":258,"score":204,"percentile":259},"2025-11-22",0.63213,{"date":261,"score":204,"percentile":262},"2025-11-23",0.63193,{"date":264,"score":204,"percentile":214},"2025-11-24",{"date":266,"score":204,"percentile":217},"2025-11-25",{"date":268,"score":204,"percentile":262},"2025-11-26",{"date":270,"score":204,"percentile":229},"2025-11-27",{"date":272,"score":204,"percentile":273},"2025-11-28",0.63179,{"date":275,"score":204,"percentile":276},"2025-11-29",0.63151,{"date":278,"score":204,"percentile":279},"2025-11-30",0.63141,{"date":281,"score":204,"percentile":282},"2025-12-01",0.63312,{"date":284,"score":204,"percentile":285},"2025-12-02",0.63329,{"date":287,"score":204,"percentile":288},"2025-12-03",0.63332,{"date":290,"score":204,"percentile":291},"2025-12-04",0.63156,{"date":293,"score":204,"percentile":211},"2025-12-05",{"date":295,"score":204,"percentile":296},"2025-12-06",0.63168,{"date":298,"score":204,"percentile":208},"2025-12-07",{"date":300,"score":204,"percentile":301},"2025-12-08",0.63167,{"date":303,"score":204,"percentile":304},"2025-12-09",0.63201,{"date":306,"score":204,"percentile":307},"2025-12-10",0.63243,{"date":309,"score":204,"percentile":310},"2025-12-11",0.63258,{"date":312,"score":204,"percentile":313},"2025-12-12",0.6328,{"date":315,"score":204,"percentile":316},"2025-12-13",0.63287,{"date":318,"score":319,"percentile":320},"2025-12-14",0.00541,0.66869,{"date":322,"score":319,"percentile":323},"2025-12-15",0.66868,{"date":325,"score":319,"percentile":326},"2025-12-16",0.66881,{"date":328,"score":319,"percentile":329},"2025-12-17",0.66895,{"date":331,"score":319,"percentile":332},"2025-12-18",0.66932,{"date":334,"score":319,"percentile":335},"2025-12-19",0.66952,{"date":337,"score":319,"percentile":338},"2025-12-20",0.6695,{"date":340,"score":319,"percentile":341},"2025-12-21",0.66939,{"date":343,"score":319,"percentile":344},"2025-12-22",0.66969,{"date":346,"score":319,"percentile":347},"2025-12-23",0.66963,{"date":349,"score":319,"percentile":350},"2025-12-24",0.66971,{"date":352,"score":319,"percentile":353},"2025-12-25",0.67003,{"date":355,"score":319,"percentile":353},"2025-12-26",{"date":357,"score":319,"percentile":358},"2025-12-27",0.67059,{"date":360,"score":319,"percentile":361},"2025-12-28",0.66976,{"date":363,"score":319,"percentile":364},"2025-12-29",0.66968,{"date":366,"score":319,"percentile":367},"2025-12-30",0.66983,{"date":369,"score":319,"percentile":353},"2025-12-31",{"date":371,"score":319,"percentile":372},"2026-01-01",0.67182,{"date":374,"score":319,"percentile":375},"2026-01-02",0.67168,{"date":377,"score":319,"percentile":378},"2026-01-03",0.67169,{"date":380,"score":319,"percentile":381},"2026-01-04",0.67,{"date":383,"score":319,"percentile":384},"2026-01-05",0.66988,{"date":386,"score":319,"percentile":387},"2026-01-06",0.66999,{"date":389,"score":319,"percentile":390},"2026-01-07",0.67018,{"date":392,"score":319,"percentile":393},"2026-01-08",0.67031,{"date":395,"score":319,"percentile":396},"2026-01-09",0.67042,{"date":398,"score":319,"percentile":399},"2026-01-10",0.67044,{"date":401,"score":319,"percentile":402},"2026-01-11",0.67032,{"date":404,"score":405,"percentile":406},"2026-01-12",0.01245,0.78828,{"date":408,"score":405,"percentile":409},"2026-01-13",0.78824,{"date":411,"score":405,"percentile":412},"2026-01-14",0.78844,{"date":414,"score":405,"percentile":415},"2026-01-15",0.78846,{"date":417,"score":405,"percentile":418},"2026-01-16",0.78851,{"date":420,"score":405,"percentile":421},"2026-01-17",0.78859,{"date":423,"score":91,"percentile":424},"2026-01-18",0.78517,{"date":426,"score":91,"percentile":427},"2026-01-19",0.78515,{"date":429,"score":91,"percentile":430},"2026-01-20",0.78509,{"date":432,"score":91,"percentile":427},"2026-01-21",{"date":434,"score":91,"percentile":435},"2026-01-22",0.78521,{"date":437,"score":91,"percentile":438},"2026-01-23",0.78549,{"date":440,"score":91,"percentile":441},"2026-01-24",0.7856,{"date":443,"score":91,"percentile":444},"2026-01-25",0.78555,{"date":446,"score":91,"percentile":447},"2026-01-26",0.78548,{"date":449,"score":91,"percentile":450},"2026-01-27",0.78546,{"date":452,"score":91,"percentile":453},"2026-01-28",0.78552,{"date":455,"score":91,"percentile":456},"2026-01-29",0.78547,{"date":458,"score":91,"percentile":459},"2026-01-30",0.78551,{"date":461,"score":91,"percentile":444},"2026-01-31",{"date":463,"score":91,"percentile":464},"2026-02-01",0.78657,[466,476],{"source":95,"cvss_v2_0":467,"cvss_v3_0":472,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":468,"baseSeverity":9,"vectorString":469,"impactScore":470,"exploitabilityScore":471},4.3,"AV:N/AC:M/Au:N/C:N/I:P/A:N",2.9,8.6,{"baseScore":93,"baseSeverity":473,"vectorString":96,"impactScore":474,"exploitabilityScore":475},"HIGH",6.7,7.2,{"source":102,"cvss_v2_0":9,"cvss_v3_0":477,"cvss_v3_1":9,"cvss_v4_0":478},{"baseScore":93,"baseSeverity":9,"vectorString":96,"impactScore":474,"exploitabilityScore":475},{"baseScore":479,"baseSeverity":9,"vectorString":480,"impactScore":9,"exploitabilityScore":9},6.3,"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N",[482,497],{"ecosystem":9,"name":483,"vendor":484,"product":485,"cpe_part":486,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":487},"Django","djangoproject","django","a",[488,491,493,495],{"version":489,"is_range":89,"range_type":490,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.8.9","cpe",{"version":492,"is_range":89,"range_type":490,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.9",{"version":494,"is_range":89,"range_type":490,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.9.1",{"version":496,"is_range":89,"range_type":490,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.9.2",{"ecosystem":498,"name":485,"vendor":498,"product":485,"cpe_part":9,"purl_type":499,"purl_namespace":9,"purl_name":485,"source":9,"versions":500},"PyPI","pypi",[501,507,512,515],{"version":502,"is_range":503,"range_type":504,"version_start":9,"version_start_type":9,"version_end":505,"version_end_type":506,"fixed_in":9},"lt1_8_10",true,"ecosystem","1.8.10","excluding",{"version":508,"is_range":503,"range_type":504,"version_start":509,"version_start_type":510,"version_end":511,"version_end_type":506,"fixed_in":9},"gte1_9a1_lt1_9_3","1.9a1","including","1.9.3",{"version":513,"is_range":503,"range_type":504,"version_start":9,"version_start_type":9,"version_end":514,"version_end_type":506,"fixed_in":9},"ltc5544d289233f501917e25970c03ed444abbd4f0","c5544d289233f501917e25970c03ed444abbd4f0",{"version":516,"is_range":503,"range_type":504,"version_start":492,"version_start_type":510,"version_end":511,"version_end_type":506,"fixed_in":9},"gte1_9_lt1_9_3"]