[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2019-14232":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":86,"aliases":87,"duplicate_of":9,"upstream":90,"downstream":91,"duplicates":128,"related":129,"reserved_at":9,"published_at":139,"modified_at":140,"state":141,"summary":142,"references_raw":151,"kevs":270,"epss":271,"epss_history":274,"metrics":536,"affected":555},"CVE-2019-14232","An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-400","Uncontrolled Resource Consumption","The product does not properly control the allocation and maintenance of a limited resource.","weakness","Draft","Class","High",[20,24,82],{"id":21,"name":22,"techniques":23},"CAPEC-147","XML Ping of the Death",[],{"id":25,"name":26,"techniques":27},"CAPEC-227","Sustained Client Engagement",[28],{"id":29,"name":30,"tactics":31,"countermeasures":35},"T1499","Endpoint Denial of Service",[32],{"id":33,"name":34},"TA0105","Impact",[36,41,45,49,53,57,61,65,69,73,78],{"id":37,"name":38,"tactic":39},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":40},"Detect",{"id":42,"name":43,"tactic":44},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":40},{"id":46,"name":47,"tactic":48},"D3-CSPP","Client-server Payload Profiling",{"name":40},{"id":50,"name":51,"tactic":52},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":40},{"id":54,"name":55,"tactic":56},"D3-NTSA","Network Traffic Signature Analysis",{"name":40},{"id":58,"name":59,"tactic":60},"D3-APCA","Application Protocol Command Analysis",{"name":40},{"id":62,"name":63,"tactic":64},"D3-NTCD","Network Traffic Community Deviation",{"name":40},{"id":66,"name":67,"tactic":68},"D3-RTSD","Remote Terminal Session Detection",{"name":40},{"id":70,"name":71,"tactic":72},"D3-ISVA","Inbound Session Volume Analysis",{"name":40},{"id":74,"name":75,"tactic":76},"D3-NTF","Network Traffic Filtering",{"name":77},"Isolate",{"id":79,"name":80,"tactic":81},"D3-ITF","Inbound Traffic Filtering",{"name":77},{"id":83,"name":84,"techniques":85},"CAPEC-492","Regular Expression Exponential Blowup",[],[],[88,89],"GHSA-c4qh-4vgv-qc6g","PYSEC-2019-11",[],[92,94,96,98,100,102,104,106,108,110,112,114,116,118,120,122,124,126],{"_key":93},"ALPINE-CVE-2019-14232",{"_key":95},"RHSA-2020:1324",{"_key":97},"RHSA-2020:4390",{"_key":99},"SUSE-SU-2019:2180-1",{"_key":101},"SUSE-SU-2019:2257-1",{"_key":103},"SUSE-SU-2019:2335-1",{"_key":105},"OPENSUSE-SU-2019:1872-1",{"_key":107},"OPENSUSE-SU-2019:1839-1",{"_key":109},"OPENSUSE-SU-2024:11205-1",{"_key":111},"OPENSUSE-SU-2024:13887-1",{"_key":113},"OPENSUSE-SU-2024:14208-1",{"_key":115},"DSA-6136-1",{"_key":117},"DLA-1872-1",{"_key":119},"DSA-4498-1",{"_key":121},"OPENSUSE-SU-2026:10005-1",{"_key":123},"UBUNTU-CVE-2019-14232",{"_key":125},"USN-4084-1",{"_key":127},"DEBIAN-CVE-2019-14232",[],[130,131,132,133,134,135,136,137,138],{"_key":99},{"_key":101},{"_key":103},{"_key":105},{"_key":107},{"_key":109},{"_key":111},{"_key":113},{"_key":121},"2019-08-02T00:00:00.000Z","2024-08-05T00:12:42.892Z","Modified",{"cisa_kev":143,"cisa_ransomware":143,"cisa_vendor":9,"epss_severity":144,"epss_score":145,"severity":146,"severity_score":147,"severity_version":148,"severity_source":149,"severity_vector":150,"severity_status":141},false,"low",0.0297,"high",7.5,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",[152,161,165,170,175,180,185,189,193,197,201,205,209,213,217,221,225,229,233,237,241,245,249,253,258,262,266],{"url":153,"sources":154,"tags":157},"https://docs.djangoproject.com/en/dev/releases/security/",[149,155,156],"nvd","osv_pypi",[158,159,160],"Patch","Vendor Advisory","WEB",{"url":162,"sources":163,"tags":164},"https://groups.google.com/forum/#%21topic/django-announce/jIoju2-KLDs",[149,155,156],[160],{"url":166,"sources":167,"tags":168},"https://www.djangoproject.com/weblog/2019/aug/01/security-releases/",[149,155,156],[159,169],"ARTICLE",{"url":171,"sources":172,"tags":173},"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html",[149,155,156],[159,174,160],"Third Party Advisory",{"url":176,"sources":177,"tags":178},"https://seclists.org/bugtraq/2019/Aug/15",[149,155,156],[179,160],"Mailing List",{"url":181,"sources":182,"tags":183},"https://www.debian.org/security/2019/dsa-4498",[149,155,156],[159,160,184],"Advisory",{"url":186,"sources":187,"tags":188},"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html",[149,155,156],[159,160],{"url":190,"sources":191,"tags":192},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/",[149,155],[159],{"url":194,"sources":195,"tags":196},"https://security.netapp.com/advisory/ntap-20190828-0002/",[149,155,156],[184],{"url":198,"sources":199,"tags":200},"https://security.gentoo.org/glsa/202004-17",[149,155,156],[159,160,184],{"url":202,"sources":203,"tags":204},"http://www.openwall.com/lists/oss-security/2023/10/04/6",[149,155,156],[179,160],{"url":206,"sources":207,"tags":208},"http://www.openwall.com/lists/oss-security/2024/03/04/1",[149,155,156],[179,160],{"url":210,"sources":211,"tags":212},"https://nvd.nist.gov/vuln/detail/CVE-2019-14232",[156],[184],{"url":214,"sources":215,"tags":216},"https://www.openwall.com/lists/oss-security/2023/10/04/6",[156],[160],{"url":218,"sources":219,"tags":220},"https://www.djangoproject.com/weblog/2019/aug/01/security-releases",[156],[160],{"url":222,"sources":223,"tags":224},"https://security.netapp.com/advisory/ntap-20190828-0002",[156],[160],{"url":226,"sources":227,"tags":228},"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/5XTP44JEOSNXRVW4JDZXA5XGMBDZLWSW",[156],[160],{"url":230,"sources":231,"tags":232},"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/3LGJSPCN3VEG2UJPYCUB6TU75JTIV2TQ",[156],[160],{"url":234,"sources":235,"tags":236},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK",[156],[160],{"url":238,"sources":239,"tags":240},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK",[156],[160],{"url":242,"sources":243,"tags":244},"https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs",[156],[160],{"url":246,"sources":247,"tags":248},"https://github.com/pypa/advisory-db/tree/main/vulns/django/PYSEC-2019-11.yaml",[156],[160],{"url":250,"sources":251,"tags":252},"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-11.yaml",[156],[160],{"url":254,"sources":255,"tags":256},"https://github.com/django/django",[156],[257],"PACKAGE",{"url":259,"sources":260,"tags":261},"https://github.com/advisories/GHSA-c4qh-4vgv-qc6g",[156],[184],{"url":263,"sources":264,"tags":265},"https://docs.djangoproject.com/en/dev/releases/security",[156],[160],{"url":267,"sources":268,"tags":269},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/",[156],[160],[],{"date":272,"score":145,"percentile":273},"2026-06-04",0.86763,[275,279,283,287,290,293,296,299,301,304,307,310,313,316,318,322,325,328,332,335,338,341,344,346,349,352,355,358,361,364,367,370,373,376,379,381,384,387,390,393,396,398,401,404,407,410,413,416,418,420,422,425,428,431,434,437,440,443,446,449,452,454,457,459,462,465,468,471,474,476,479,482,485,487,490,493,496,499,502,505,507,510,513,516,519,522,525,528,531,533],{"date":276,"score":277,"percentile":278},"2025-11-04",0.03634,0.87327,{"date":280,"score":281,"percentile":282},"2025-11-05",0.03409,0.86924,{"date":284,"score":285,"percentile":286},"2025-11-06",0.03026,0.8613,{"date":288,"score":285,"percentile":289},"2025-11-07",0.86139,{"date":291,"score":285,"percentile":292},"2025-11-08",0.86141,{"date":294,"score":285,"percentile":295},"2025-11-09",0.86135,{"date":297,"score":285,"percentile":298},"2025-11-10",0.86137,{"date":300,"score":285,"percentile":292},"2025-11-11",{"date":302,"score":285,"percentile":303},"2025-11-12",0.86152,{"date":305,"score":285,"percentile":306},"2025-11-13",0.86158,{"date":308,"score":285,"percentile":309},"2025-11-14",0.86161,{"date":311,"score":285,"percentile":312},"2025-11-15",0.86154,{"date":314,"score":285,"percentile":315},"2025-11-16",0.86153,{"date":317,"score":285,"percentile":298},"2025-11-17",{"date":319,"score":320,"percentile":321},"2025-11-18",0.04574,0.88126,{"date":323,"score":320,"percentile":324},"2025-11-19",0.8813,{"date":326,"score":320,"percentile":327},"2025-11-20",0.88133,{"date":329,"score":330,"percentile":331},"2025-11-21",0.03108,0.86321,{"date":333,"score":330,"percentile":334},"2025-11-22",0.86316,{"date":336,"score":330,"percentile":337},"2025-11-23",0.8631,{"date":339,"score":330,"percentile":340},"2025-11-24",0.86311,{"date":342,"score":285,"percentile":343},"2025-11-25",0.86142,{"date":345,"score":285,"percentile":343},"2025-11-26",{"date":347,"score":285,"percentile":348},"2025-11-27",0.86143,{"date":350,"score":285,"percentile":351},"2025-11-28",0.86122,{"date":353,"score":285,"percentile":354},"2025-11-29",0.86194,{"date":356,"score":285,"percentile":357},"2025-11-30",0.86192,{"date":359,"score":285,"percentile":360},"2025-12-01",0.86248,{"date":362,"score":285,"percentile":363},"2025-12-02",0.86249,{"date":365,"score":285,"percentile":366},"2025-12-03",0.8625,{"date":368,"score":285,"percentile":369},"2025-12-04",0.86188,{"date":371,"score":285,"percentile":372},"2025-12-05",0.86189,{"date":374,"score":285,"percentile":375},"2025-12-06",0.86185,{"date":377,"score":285,"percentile":378},"2025-12-07",0.86171,{"date":380,"score":285,"percentile":378},"2025-12-08",{"date":382,"score":285,"percentile":383},"2025-12-09",0.86176,{"date":385,"score":285,"percentile":386},"2025-12-10",0.86195,{"date":388,"score":285,"percentile":389},"2025-12-11",0.86201,{"date":391,"score":285,"percentile":392},"2025-12-12",0.86203,{"date":394,"score":285,"percentile":395},"2025-12-13",0.86199,{"date":397,"score":285,"percentile":354},"2025-12-14",{"date":399,"score":285,"percentile":400},"2025-12-15",0.8619,{"date":402,"score":285,"percentile":403},"2025-12-16",0.86197,{"date":405,"score":285,"percentile":406},"2025-12-17",0.862,{"date":408,"score":285,"percentile":409},"2025-12-18",0.86206,{"date":411,"score":285,"percentile":412},"2025-12-19",0.86209,{"date":414,"score":285,"percentile":415},"2025-12-20",0.86207,{"date":417,"score":285,"percentile":412},"2025-12-21",{"date":419,"score":285,"percentile":389},"2025-12-22",{"date":421,"score":285,"percentile":409},"2025-12-23",{"date":423,"score":285,"percentile":424},"2025-12-24",0.86212,{"date":426,"score":285,"percentile":427},"2025-12-25",0.86223,{"date":429,"score":285,"percentile":430},"2025-12-26",0.86227,{"date":432,"score":285,"percentile":433},"2025-12-27",0.86269,{"date":435,"score":285,"percentile":436},"2025-12-28",0.86219,{"date":438,"score":285,"percentile":439},"2025-12-29",0.86213,{"date":441,"score":285,"percentile":442},"2025-12-30",0.8622,{"date":444,"score":285,"percentile":445},"2025-12-31",0.86229,{"date":447,"score":285,"percentile":448},"2026-01-01",0.86289,{"date":450,"score":285,"percentile":451},"2026-01-02",0.86291,{"date":453,"score":285,"percentile":451},"2026-01-03",{"date":455,"score":285,"percentile":456},"2026-01-04",0.86232,{"date":458,"score":285,"percentile":430},"2026-01-05",{"date":460,"score":285,"percentile":461},"2026-01-06",0.8623,{"date":463,"score":285,"percentile":464},"2026-01-07",0.86231,{"date":466,"score":285,"percentile":467},"2026-01-08",0.86241,{"date":469,"score":285,"percentile":470},"2026-01-09",0.8624,{"date":472,"score":285,"percentile":473},"2026-01-10",0.86237,{"date":475,"score":285,"percentile":464},"2026-01-11",{"date":477,"score":285,"percentile":478},"2026-01-12",0.86228,{"date":480,"score":285,"percentile":481},"2026-01-13",0.86224,{"date":483,"score":285,"percentile":484},"2026-01-14",0.86238,{"date":486,"score":285,"percentile":484},"2026-01-15",{"date":488,"score":285,"percentile":489},"2026-01-16",0.86243,{"date":491,"score":285,"percentile":492},"2026-01-17",0.86247,{"date":494,"score":330,"percentile":495},"2026-01-18",0.86427,{"date":497,"score":330,"percentile":498},"2026-01-19",0.86421,{"date":500,"score":330,"percentile":501},"2026-01-20",0.86415,{"date":503,"score":330,"percentile":504},"2026-01-21",0.8642,{"date":506,"score":330,"percentile":495},"2026-01-22",{"date":508,"score":330,"percentile":509},"2026-01-23",0.86443,{"date":511,"score":330,"percentile":512},"2026-01-24",0.8645,{"date":514,"score":330,"percentile":515},"2026-01-25",0.86446,{"date":517,"score":285,"percentile":518},"2026-01-26",0.86267,{"date":520,"score":285,"percentile":521},"2026-01-27",0.86271,{"date":523,"score":285,"percentile":524},"2026-01-28",0.86273,{"date":526,"score":285,"percentile":527},"2026-01-29",0.86276,{"date":529,"score":285,"percentile":530},"2026-01-30",0.86281,{"date":532,"score":285,"percentile":530},"2026-01-31",{"date":534,"score":285,"percentile":535},"2026-02-01",0.86346,[537,542,550],{"source":149,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":538,"cvss_v4_0":9},{"baseScore":147,"baseSeverity":539,"vectorString":150,"impactScore":540,"exploitabilityScore":541},"HIGH",6,10,{"source":155,"cvss_v2_0":543,"cvss_v3_0":547,"cvss_v3_1":549,"cvss_v4_0":9},{"baseScore":544,"baseSeverity":9,"vectorString":545,"impactScore":546,"exploitabilityScore":541},5,"AV:N/AC:L/Au:N/C:N/I:N/A:P",2.9,{"baseScore":147,"baseSeverity":539,"vectorString":548,"impactScore":540,"exploitabilityScore":541},"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",{"baseScore":147,"baseSeverity":539,"vectorString":150,"impactScore":540,"exploitabilityScore":541},{"source":156,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":551,"cvss_v4_0":552},{"baseScore":147,"baseSeverity":9,"vectorString":150,"impactScore":540,"exploitabilityScore":541},{"baseScore":553,"baseSeverity":9,"vectorString":554,"impactScore":9,"exploitabilityScore":9},8.7,"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",[556,578,585],{"ecosystem":9,"name":557,"vendor":558,"product":559,"cpe_part":560,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":561},"Django","djangoproject","django","a",[562,570,574],{"version":563,"is_range":564,"range_type":565,"version_start":566,"version_start_type":567,"version_end":568,"version_end_type":569,"fixed_in":9},"gte1.11_lt1.11.23",true,"cpe","1.11","including","1.11.23","excluding",{"version":571,"is_range":564,"range_type":565,"version_start":572,"version_start_type":567,"version_end":573,"version_end_type":569,"fixed_in":9},"gte2.1_lt2.1.11","2.1","2.1.11",{"version":575,"is_range":564,"range_type":565,"version_start":576,"version_start_type":567,"version_end":577,"version_end_type":569,"fixed_in":9},"gte2.2_lt2.2.4","2.2","2.2.4",{"ecosystem":9,"name":579,"vendor":580,"product":579,"cpe_part":581,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":582},"leap","opensuse","o",[583],{"version":584,"is_range":143,"range_type":565,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"15.1",{"ecosystem":586,"name":559,"vendor":586,"product":559,"cpe_part":9,"purl_type":587,"purl_namespace":9,"purl_name":559,"source":9,"versions":588},"PyPI","pypi",[589,593,596,599],{"version":590,"is_range":564,"range_type":591,"version_start":592,"version_start_type":567,"version_end":568,"version_end_type":569,"fixed_in":9},"gte1_11a1_lt1_11_23","ecosystem","1.11a1",{"version":594,"is_range":564,"range_type":591,"version_start":595,"version_start_type":567,"version_end":573,"version_end_type":569,"fixed_in":9},"gte2_1a1_lt2_1_11","2.1a1",{"version":597,"is_range":564,"range_type":591,"version_start":598,"version_start_type":567,"version_end":577,"version_end_type":569,"fixed_in":9},"gte2_2a1_lt2_2_4","2.2a1",{"version":600,"is_range":564,"range_type":591,"version_start":576,"version_start_type":567,"version_end":577,"version_end_type":569,"fixed_in":9},"gte2_2_lt2_2_4"]