[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2019-14234":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":44,"aliases":45,"duplicate_of":9,"upstream":48,"downstream":49,"duplicates":74,"related":75,"reserved_at":9,"published_at":81,"modified_at":82,"state":83,"summary":84,"references_raw":93,"kevs":198,"epss":199,"epss_history":202,"metrics":449,"affected":463},"CVE-2019-14234","An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of \"OR 1=1\" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-89","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-108","Command Line Execution through SQL Injection",[],{"id":25,"name":26,"techniques":27},"CAPEC-109","Object Relational Mapping Injection",[],{"id":29,"name":30,"techniques":31},"CAPEC-110","SQL Injection through SOAP Parameter Tampering",[],{"id":33,"name":34,"techniques":35},"CAPEC-470","Expanding Control over the Operating System from the Database",[],{"id":37,"name":38,"techniques":39},"CAPEC-66","SQL Injection",[],{"id":41,"name":42,"techniques":43},"CAPEC-7","Blind SQL Injection",[],[],[46,47],"GHSA-6r97-cj55-9hrq","PYSEC-2019-13",[],[50,52,54,56,58,60,62,64,66,68,70,72],{"_key":51},"ALPINE-CVE-2019-14234",{"_key":53},"RHSA-2020:1324",{"_key":55},"RHSA-2020:4390",{"_key":57},"SUSE-SU-2019:2180-1",{"_key":59},"SUSE-SU-2019:2257-1",{"_key":61},"SUSE-SU-2019:2335-1",{"_key":63},"OPENSUSE-SU-2019:1872-1",{"_key":65},"OPENSUSE-SU-2019:1839-1",{"_key":67},"DSA-4498-1",{"_key":69},"UBUNTU-CVE-2019-14234",{"_key":71},"USN-4084-1",{"_key":73},"DEBIAN-CVE-2019-14234",[],[76,77,78,79,80],{"_key":57},{"_key":59},{"_key":61},{"_key":63},{"_key":65},"2019-08-09T12:16:44.000Z","2024-08-05T00:12:42.480Z","Modified",{"cisa_kev":85,"cisa_ransomware":85,"cisa_vendor":9,"epss_severity":86,"epss_score":87,"severity":88,"severity_score":89,"severity_version":90,"severity_source":91,"severity_vector":92,"severity_status":83},false,"high",0.29723,"critical",9.8,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[94,103,107,113,120,126,131,136,140,145,149,153,157,161,165,169,174,178,182,186,190,194],{"url":95,"sources":96,"tags":99},"https://docs.djangoproject.com/en/dev/releases/security/",[97,91,98],"cve.org","osv_pypi",[100,101,102],"X Refsource MISC","Vendor Advisory","WEB",{"url":104,"sources":105,"tags":106},"https://groups.google.com/forum/#%21topic/django-announce/jIoju2-KLDs",[97,91],[100],{"url":108,"sources":109,"tags":110},"https://www.djangoproject.com/weblog/2019/aug/01/security-releases/",[97,91,98],[111,101,112],"X Refsource CONFIRM","ARTICLE",{"url":114,"sources":115,"tags":116},"https://seclists.org/bugtraq/2019/Aug/15",[97,91,98],[117,118,119,102],"Mailing List","X Refsource BUGTRAQ","Third Party Advisory",{"url":121,"sources":122,"tags":123},"https://www.debian.org/security/2019/dsa-4498",[97,91,98],[101,124,119,102,125],"X Refsource DEBIAN","Advisory",{"url":127,"sources":128,"tags":129},"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html",[97,91,98],[101,130,117,119,102],"X Refsource SUSE",{"url":132,"sources":133,"tags":134},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/",[97,91],[101,135],"X Refsource FEDORA",{"url":137,"sources":138,"tags":139},"https://security.netapp.com/advisory/ntap-20190828-0002/",[97,91,98],[111,125],{"url":141,"sources":142,"tags":143},"https://security.gentoo.org/glsa/202004-17",[97,91,98],[101,144,102,125],"X Refsource GENTOO",{"url":146,"sources":147,"tags":148},"https://nvd.nist.gov/vuln/detail/CVE-2019-14234",[98],[125],{"url":150,"sources":151,"tags":152},"https://github.com/django/django/commit/4f5b58f5cd3c57fee9972ab074f8dc6895d8f387",[98],[102],{"url":154,"sources":155,"tags":156},"https://github.com/django/django/commit/ed682a24fca774818542757651bfba576c3fc3ef",[98],[102],{"url":158,"sources":159,"tags":160},"https://github.com/django/django/commit/f74b3ae3628c26e1b4f8db3d13a91d52a833a975",[98],[102],{"url":162,"sources":163,"tags":164},"https://docs.djangoproject.com/en/dev/releases/security",[98],[102],{"url":166,"sources":167,"tags":168},"https://github.com/advisories/GHSA-6r97-cj55-9hrq",[98],[125],{"url":170,"sources":171,"tags":172},"https://github.com/django/django",[98],[173],"PACKAGE",{"url":175,"sources":176,"tags":177},"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-13.yaml",[98],[102],{"url":179,"sources":180,"tags":181},"https://groups.google.com/forum/#!topic/django-announce/jIoju2-KLDs",[98],[102],{"url":183,"sources":184,"tags":185},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK",[98],[102],{"url":187,"sources":188,"tags":189},"https://security.netapp.com/advisory/ntap-20190828-0002",[98],[102],{"url":191,"sources":192,"tags":193},"https://www.djangoproject.com/weblog/2019/aug/01/security-releases",[98],[102],{"url":195,"sources":196,"tags":197},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK/",[98],[102],[],{"date":200,"score":87,"percentile":201},"2026-06-04",0.96721,[203,207,209,213,216,219,221,223,226,229,232,234,236,238,241,245,248,251,254,257,260,262,265,268,271,274,277,279,283,286,288,290,292,294,297,299,302,305,309,312,315,317,320,323,326,329,332,334,336,338,340,343,346,349,352,354,357,359,362,366,369,371,374,376,379,381,383,386,388,390,392,394,397,399,402,405,408,410,413,415,418,421,425,428,431,433,436,439,442,445],{"date":204,"score":205,"percentile":206},"2025-11-04",0.20695,0.95349,{"date":208,"score":205,"percentile":206},"2025-11-05",{"date":210,"score":211,"percentile":212},"2025-11-06",0.1973,0.95186,{"date":214,"score":211,"percentile":215},"2025-11-07",0.95187,{"date":217,"score":211,"percentile":218},"2025-11-08",0.95185,{"date":220,"score":211,"percentile":212},"2025-11-09",{"date":222,"score":211,"percentile":212},"2025-11-10",{"date":224,"score":211,"percentile":225},"2025-11-11",0.95188,{"date":227,"score":211,"percentile":228},"2025-11-12",0.95191,{"date":230,"score":211,"percentile":231},"2025-11-13",0.9519,{"date":233,"score":211,"percentile":228},"2025-11-14",{"date":235,"score":211,"percentile":225},"2025-11-15",{"date":237,"score":211,"percentile":231},"2025-11-16",{"date":239,"score":211,"percentile":240},"2025-11-17",0.95193,{"date":242,"score":243,"percentile":244},"2025-11-18",0.39729,0.97143,{"date":246,"score":243,"percentile":247},"2025-11-19",0.97144,{"date":249,"score":243,"percentile":250},"2025-11-20",0.97146,{"date":252,"score":211,"percentile":253},"2025-11-21",0.952,{"date":255,"score":211,"percentile":256},"2025-11-22",0.95199,{"date":258,"score":211,"percentile":259},"2025-11-23",0.95197,{"date":261,"score":211,"percentile":256},"2025-11-24",{"date":263,"score":211,"percentile":264},"2025-11-25",0.95202,{"date":266,"score":211,"percentile":267},"2025-11-26",0.95204,{"date":269,"score":211,"percentile":270},"2025-11-27",0.95207,{"date":272,"score":211,"percentile":273},"2025-11-28",0.95205,{"date":275,"score":211,"percentile":276},"2025-11-29",0.95209,{"date":278,"score":211,"percentile":267},"2025-11-30",{"date":280,"score":281,"percentile":282},"2025-12-01",0.19647,0.95229,{"date":284,"score":281,"percentile":285},"2025-12-02",0.95227,{"date":287,"score":281,"percentile":282},"2025-12-03",{"date":289,"score":211,"percentile":267},"2025-12-04",{"date":291,"score":211,"percentile":270},"2025-12-05",{"date":293,"score":211,"percentile":270},"2025-12-06",{"date":295,"score":211,"percentile":296},"2025-12-07",0.95212,{"date":298,"score":211,"percentile":296},"2025-12-08",{"date":300,"score":211,"percentile":301},"2025-12-09",0.95215,{"date":303,"score":211,"percentile":304},"2025-12-10",0.9522,{"date":306,"score":307,"percentile":308},"2025-12-11",0.21486,0.95507,{"date":310,"score":307,"percentile":311},"2025-12-12",0.9551,{"date":313,"score":307,"percentile":314},"2025-12-13",0.95511,{"date":316,"score":307,"percentile":314},"2025-12-14",{"date":318,"score":307,"percentile":319},"2025-12-15",0.95513,{"date":321,"score":307,"percentile":322},"2025-12-16",0.95516,{"date":324,"score":307,"percentile":325},"2025-12-17",0.95518,{"date":327,"score":307,"percentile":328},"2025-12-18",0.9552,{"date":330,"score":307,"percentile":331},"2025-12-19",0.95521,{"date":333,"score":307,"percentile":331},"2025-12-20",{"date":335,"score":307,"percentile":331},"2025-12-21",{"date":337,"score":307,"percentile":331},"2025-12-22",{"date":339,"score":307,"percentile":331},"2025-12-23",{"date":341,"score":307,"percentile":342},"2025-12-24",0.95526,{"date":344,"score":307,"percentile":345},"2025-12-25",0.95529,{"date":347,"score":307,"percentile":348},"2025-12-26",0.9553,{"date":350,"score":307,"percentile":351},"2025-12-27",0.95549,{"date":353,"score":307,"percentile":342},"2025-12-28",{"date":355,"score":307,"percentile":356},"2025-12-29",0.95528,{"date":358,"score":307,"percentile":345},"2025-12-30",{"date":360,"score":307,"percentile":361},"2025-12-31",0.95532,{"date":363,"score":364,"percentile":365},"2026-01-01",0.21398,0.95557,{"date":367,"score":364,"percentile":368},"2026-01-02",0.95552,{"date":370,"score":364,"percentile":351},"2026-01-03",{"date":372,"score":307,"percentile":373},"2026-01-04",0.95525,{"date":375,"score":307,"percentile":331},"2026-01-05",{"date":377,"score":307,"percentile":378},"2026-01-06",0.95522,{"date":380,"score":307,"percentile":378},"2026-01-07",{"date":382,"score":307,"percentile":373},"2026-01-08",{"date":384,"score":307,"percentile":385},"2026-01-09",0.95527,{"date":387,"score":307,"percentile":356},"2026-01-10",{"date":389,"score":307,"percentile":342},"2026-01-11",{"date":391,"score":307,"percentile":342},"2026-01-12",{"date":393,"score":307,"percentile":342},"2026-01-13",{"date":395,"score":307,"percentile":396},"2026-01-14",0.95531,{"date":398,"score":307,"percentile":396},"2026-01-15",{"date":400,"score":307,"percentile":401},"2026-01-16",0.95533,{"date":403,"score":307,"percentile":404},"2026-01-17",0.95535,{"date":406,"score":307,"percentile":407},"2026-01-18",0.95538,{"date":409,"score":307,"percentile":404},"2026-01-19",{"date":411,"score":307,"percentile":412},"2026-01-20",0.95536,{"date":414,"score":307,"percentile":407},"2026-01-21",{"date":416,"score":307,"percentile":417},"2026-01-22",0.95541,{"date":419,"score":307,"percentile":420},"2026-01-23",0.95546,{"date":422,"score":423,"percentile":424},"2026-01-24",0.19114,0.95157,{"date":426,"score":423,"percentile":427},"2026-01-25",0.95161,{"date":429,"score":423,"percentile":430},"2026-01-26",0.95162,{"date":432,"score":423,"percentile":427},"2026-01-27",{"date":434,"score":423,"percentile":435},"2026-01-28",0.95163,{"date":437,"score":423,"percentile":438},"2026-01-29",0.95165,{"date":440,"score":423,"percentile":441},"2026-01-30",0.95164,{"date":443,"score":423,"percentile":444},"2026-01-31",0.95166,{"date":446,"score":447,"percentile":448},"2026-02-01",0.17281,0.94881,[450,458],{"source":91,"cvss_v2_0":451,"cvss_v3_0":456,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":452,"baseSeverity":9,"vectorString":453,"impactScore":454,"exploitabilityScore":455},7.5,"AV:N/AC:L/Au:N/C:P/I:P/A:P",6.4,10,{"baseScore":89,"baseSeverity":457,"vectorString":92,"impactScore":89,"exploitabilityScore":455},"CRITICAL",{"source":98,"cvss_v2_0":9,"cvss_v3_0":459,"cvss_v3_1":9,"cvss_v4_0":460},{"baseScore":89,"baseSeverity":9,"vectorString":92,"impactScore":89,"exploitabilityScore":455},{"baseScore":461,"baseSeverity":9,"vectorString":462,"impactScore":9,"exploitabilityScore":9},9.3,"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",[464,475,496,502],{"ecosystem":9,"name":465,"vendor":466,"product":467,"cpe_part":468,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":469},"debian linux","debian","debian_linux","o",[470,473],{"version":471,"is_range":85,"range_type":472,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0","cpe",{"version":474,"is_range":85,"range_type":472,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.0",{"ecosystem":9,"name":476,"vendor":477,"product":478,"cpe_part":479,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":480},"Django","djangoproject","django","a",[481,488,492],{"version":482,"is_range":483,"range_type":472,"version_start":484,"version_start_type":485,"version_end":486,"version_end_type":487,"fixed_in":9},"gte1.11_lt1.11.23",true,"1.11","including","1.11.23","excluding",{"version":489,"is_range":483,"range_type":472,"version_start":490,"version_start_type":485,"version_end":491,"version_end_type":487,"fixed_in":9},"gte2.1_lt2.1.11","2.1","2.1.11",{"version":493,"is_range":483,"range_type":472,"version_start":494,"version_start_type":485,"version_end":495,"version_end_type":487,"fixed_in":9},"gte2.2_lt2.2.4","2.2","2.2.4",{"ecosystem":9,"name":497,"vendor":498,"product":497,"cpe_part":468,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":499},"fedora","fedoraproject",[500],{"version":501,"is_range":85,"range_type":472,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"30",{"ecosystem":503,"name":478,"vendor":503,"product":478,"cpe_part":9,"purl_type":504,"purl_namespace":9,"purl_name":478,"source":9,"versions":505},"PyPI","pypi",[506,510,513,516],{"version":507,"is_range":483,"range_type":508,"version_start":509,"version_start_type":485,"version_end":486,"version_end_type":487,"fixed_in":9},"gte1_11a1_lt1_11_23","ecosystem","1.11a1",{"version":511,"is_range":483,"range_type":508,"version_start":512,"version_start_type":485,"version_end":491,"version_end_type":487,"fixed_in":9},"gte2_1a1_lt2_1_11","2.1a1",{"version":514,"is_range":483,"range_type":508,"version_start":515,"version_start_type":485,"version_end":495,"version_end_type":487,"fixed_in":9},"gte2_2a1_lt2_2_4","2.2a1",{"version":517,"is_range":483,"range_type":508,"version_start":494,"version_start_type":485,"version_end":495,"version_end_type":487,"fixed_in":9},"gte2_2_lt2_2_4"]