[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2021-28658":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":40,"aliases":41,"duplicate_of":9,"upstream":45,"downstream":46,"duplicates":69,"related":70,"reserved_at":9,"published_at":75,"modified_at":76,"state":77,"summary":78,"references_raw":87,"kevs":165,"epss":166,"epss_history":169,"metrics":431,"affected":446},"CVE-2021-28658","In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-22","Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.","weakness","Stable","Base","High",[20,24,28,32,36],{"id":21,"name":22,"techniques":23},"CAPEC-126","Path Traversal",[],{"id":25,"name":26,"techniques":27},"CAPEC-64","Using Slashes and URL Encoding Combined to Bypass Validation Logic",[],{"id":29,"name":30,"techniques":31},"CAPEC-76","Manipulating Web Input to File System Calls",[],{"id":33,"name":34,"techniques":35},"CAPEC-78","Using Escaped Slashes in Alternate Encoding",[],{"id":37,"name":38,"techniques":39},"CAPEC-79","Using Slashes in Alternate Encoding",[],[],[42,43,44],"GHSA-xgxc-v2qg-chmh","BIT-django-2021-28658","PYSEC-2021-6",[],[47,49,51,53,55,57,59,61,63,65,67],{"_key":48},"RHSA-2021:5070",{"_key":50},"SUSE-SU-2021:1962-1",{"_key":52},"SUSE-SU-2021:1963-1",{"_key":54},"SUSE-SU-2021:2554-1",{"_key":56},"UBUNTU-CVE-2021-28658",{"_key":58},"DLA-2622-1",{"_key":60},"DLA-3744-1",{"_key":62},"MGASA-2021-0356",{"_key":64},"USN-4902-1",{"_key":66},"DEBIAN-CVE-2021-28658",{"_key":68},"RHSA-2021:4702",[],[71,72,73,74],{"_key":62},{"_key":50},{"_key":52},{"_key":54},"2021-04-06T14:51:43.000Z","2024-08-03T21:47:33.200Z","Modified",{"cisa_kev":79,"cisa_ransomware":79,"cisa_vendor":9,"epss_severity":80,"epss_score":81,"severity":82,"severity_score":83,"severity_version":84,"severity_source":85,"severity_vector":86,"severity_status":77},false,"low",0.01505,"medium",5.3,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",[88,97,103,109,114,119,123,128,132,136,141,145,149,153,157,161],{"url":89,"sources":90,"tags":93},"https://docs.djangoproject.com/en/3.1/releases/security/",[91,85,92],"cve.org","osv_pypi",[94,95,96],"X Refsource MISC","Vendor Advisory","WEB",{"url":98,"sources":99,"tags":100},"https://groups.google.com/g/django-announce/c/ePr5j-ngdPU",[91,85,92],[94,101,102,96],"Mailing List","Third Party Advisory",{"url":104,"sources":105,"tags":106},"https://www.djangoproject.com/weblog/2021/apr/06/security-releases/",[91,85,92],[107,95,108],"X Refsource CONFIRM","ARTICLE",{"url":110,"sources":111,"tags":112},"https://lists.debian.org/debian-lts-announce/2021/04/msg00008.html",[91,85,92],[101,113,102,96],"X Refsource MLIST",{"url":115,"sources":116,"tags":117},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/",[91,85],[95,118],"X Refsource FEDORA",{"url":120,"sources":121,"tags":122},"https://security.netapp.com/advisory/ntap-20210528-0001/",[91,85],[107,102],{"url":124,"sources":125,"tags":126},"https://nvd.nist.gov/vuln/detail/CVE-2021-28658",[92],[127],"Advisory",{"url":129,"sources":130,"tags":131},"https://docs.djangoproject.com/en/3.1/releases/security",[92],[96],{"url":133,"sources":134,"tags":135},"https://github.com/advisories/GHSA-xgxc-v2qg-chmh",[92],[127],{"url":137,"sources":138,"tags":139},"https://github.com/django/django",[92],[140],"PACKAGE",{"url":142,"sources":143,"tags":144},"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-6.yaml",[92],[96],{"url":146,"sources":147,"tags":148},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE",[92],[96],{"url":150,"sources":151,"tags":152},"https://pypi.org/project/Django",[92],[96],{"url":154,"sources":155,"tags":156},"https://security.netapp.com/advisory/ntap-20210528-0001",[92],[96],{"url":158,"sources":159,"tags":160},"https://www.djangoproject.com/weblog/2021/apr/06/security-releases",[92],[96],{"url":162,"sources":163,"tags":164},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/",[92],[96],[],{"date":167,"score":81,"percentile":168},"2026-06-04",0.81494,[170,174,177,180,183,186,189,192,195,198,201,204,206,209,212,216,219,222,225,227,230,233,236,239,241,243,246,249,252,255,258,261,264,266,269,271,274,277,280,283,286,289,292,295,298,301,304,307,309,311,313,317,320,323,327,330,333,336,339,342,345,348,350,353,356,359,362,365,367,370,372,375,378,381,384,387,390,393,395,398,401,404,407,410,413,416,419,422,425,428],{"date":171,"score":172,"percentile":173},"2025-11-04",0.02267,0.84068,{"date":175,"score":172,"percentile":176},"2025-11-05",0.84072,{"date":178,"score":172,"percentile":179},"2025-11-06",0.84076,{"date":181,"score":172,"percentile":182},"2025-11-07",0.8408,{"date":184,"score":172,"percentile":185},"2025-11-08",0.84085,{"date":187,"score":172,"percentile":188},"2025-11-09",0.84078,{"date":190,"score":172,"percentile":191},"2025-11-10",0.84074,{"date":193,"score":172,"percentile":194},"2025-11-11",0.84079,{"date":196,"score":172,"percentile":197},"2025-11-12",0.8409,{"date":199,"score":172,"percentile":200},"2025-11-13",0.84097,{"date":202,"score":172,"percentile":203},"2025-11-14",0.84098,{"date":205,"score":172,"percentile":197},"2025-11-15",{"date":207,"score":172,"percentile":208},"2025-11-16",0.84093,{"date":210,"score":172,"percentile":211},"2025-11-17",0.84094,{"date":213,"score":214,"percentile":215},"2025-11-18",0.0053,0.64661,{"date":217,"score":214,"percentile":218},"2025-11-19",0.6467,{"date":220,"score":214,"percentile":221},"2025-11-20",0.64668,{"date":223,"score":172,"percentile":224},"2025-11-21",0.84106,{"date":226,"score":172,"percentile":224},"2025-11-22",{"date":228,"score":172,"percentile":229},"2025-11-23",0.84096,{"date":231,"score":172,"percentile":232},"2025-11-24",0.84095,{"date":234,"score":172,"percentile":235},"2025-11-25",0.84091,{"date":237,"score":172,"percentile":238},"2025-11-26",0.84092,{"date":240,"score":172,"percentile":235},"2025-11-27",{"date":242,"score":172,"percentile":176},"2025-11-28",{"date":244,"score":172,"percentile":245},"2025-11-29",0.84104,{"date":247,"score":172,"percentile":248},"2025-11-30",0.84107,{"date":250,"score":172,"percentile":251},"2025-12-01",0.8418,{"date":253,"score":172,"percentile":254},"2025-12-02",0.84182,{"date":256,"score":172,"percentile":257},"2025-12-03",0.84183,{"date":259,"score":172,"percentile":260},"2025-12-04",0.84111,{"date":262,"score":172,"percentile":263},"2025-12-05",0.84116,{"date":265,"score":172,"percentile":263},"2025-12-06",{"date":267,"score":172,"percentile":268},"2025-12-07",0.84109,{"date":270,"score":172,"percentile":260},"2025-12-08",{"date":272,"score":172,"percentile":273},"2025-12-09",0.8413,{"date":275,"score":172,"percentile":276},"2025-12-10",0.84151,{"date":278,"score":172,"percentile":279},"2025-12-11",0.84164,{"date":281,"score":172,"percentile":282},"2025-12-12",0.84171,{"date":284,"score":172,"percentile":285},"2025-12-13",0.84165,{"date":287,"score":172,"percentile":288},"2025-12-14",0.84161,{"date":290,"score":172,"percentile":291},"2025-12-15",0.84162,{"date":293,"score":172,"percentile":294},"2025-12-16",0.84169,{"date":296,"score":172,"percentile":297},"2025-12-17",0.84174,{"date":299,"score":172,"percentile":300},"2025-12-18",0.84179,{"date":302,"score":172,"percentile":303},"2025-12-19",0.84184,{"date":305,"score":172,"percentile":306},"2025-12-20",0.84178,{"date":308,"score":172,"percentile":306},"2025-12-21",{"date":310,"score":172,"percentile":297},"2025-12-22",{"date":312,"score":172,"percentile":306},"2025-12-23",{"date":314,"score":315,"percentile":316},"2025-12-24",0.01292,0.79196,{"date":318,"score":315,"percentile":319},"2025-12-25",0.79215,{"date":321,"score":315,"percentile":322},"2025-12-26",0.79213,{"date":324,"score":325,"percentile":326},"2025-12-27",0.01202,0.78521,{"date":328,"score":315,"percentile":329},"2025-12-28",0.79202,{"date":331,"score":315,"percentile":332},"2025-12-29",0.79197,{"date":334,"score":315,"percentile":335},"2025-12-30",0.79204,{"date":337,"score":315,"percentile":338},"2025-12-31",0.79221,{"date":340,"score":315,"percentile":341},"2026-01-01",0.79318,{"date":343,"score":315,"percentile":344},"2026-01-02",0.79316,{"date":346,"score":315,"percentile":347},"2026-01-03",0.79313,{"date":349,"score":315,"percentile":322},"2026-01-04",{"date":351,"score":315,"percentile":352},"2026-01-05",0.79209,{"date":354,"score":315,"percentile":355},"2026-01-06",0.79214,{"date":357,"score":315,"percentile":358},"2026-01-07",0.79222,{"date":360,"score":315,"percentile":361},"2026-01-08",0.79232,{"date":363,"score":315,"percentile":364},"2026-01-09",0.79235,{"date":366,"score":315,"percentile":364},"2026-01-10",{"date":368,"score":315,"percentile":369},"2026-01-11",0.79229,{"date":371,"score":315,"percentile":319},"2026-01-12",{"date":373,"score":315,"percentile":374},"2026-01-13",0.79211,{"date":376,"score":315,"percentile":377},"2026-01-14",0.79233,{"date":379,"score":315,"percentile":380},"2026-01-15",0.79234,{"date":382,"score":315,"percentile":383},"2026-01-16",0.7924,{"date":385,"score":315,"percentile":386},"2026-01-17",0.79249,{"date":388,"score":315,"percentile":389},"2026-01-18",0.79245,{"date":391,"score":315,"percentile":392},"2026-01-19",0.79238,{"date":394,"score":315,"percentile":364},"2026-01-20",{"date":396,"score":315,"percentile":397},"2026-01-21",0.79242,{"date":399,"score":315,"percentile":400},"2026-01-22",0.79253,{"date":402,"score":315,"percentile":403},"2026-01-23",0.79281,{"date":405,"score":315,"percentile":406},"2026-01-24",0.79291,{"date":408,"score":315,"percentile":409},"2026-01-25",0.79283,{"date":411,"score":315,"percentile":412},"2026-01-26",0.7928,{"date":414,"score":172,"percentile":415},"2026-01-27",0.84251,{"date":417,"score":172,"percentile":418},"2026-01-28",0.84254,{"date":420,"score":172,"percentile":421},"2026-01-29",0.84255,{"date":423,"score":172,"percentile":424},"2026-01-30",0.84259,{"date":426,"score":172,"percentile":427},"2026-01-31",0.84258,{"date":429,"score":172,"percentile":430},"2026-02-01",0.84329,[432,441],{"source":85,"cvss_v2_0":433,"cvss_v3_0":9,"cvss_v3_1":438,"cvss_v4_0":9},{"baseScore":434,"baseSeverity":9,"vectorString":435,"impactScore":436,"exploitabilityScore":437},5,"AV:N/AC:L/Au:N/C:P/I:N/A:N",2.9,10,{"baseScore":83,"baseSeverity":439,"vectorString":86,"impactScore":440,"exploitabilityScore":437},"MEDIUM",2.3,{"source":92,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":442,"cvss_v4_0":443},{"baseScore":83,"baseSeverity":9,"vectorString":86,"impactScore":440,"exploitabilityScore":437},{"baseScore":444,"baseSeverity":9,"vectorString":445,"impactScore":9,"exploitabilityScore":9},6.9,"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",[447,456,477,483],{"ecosystem":9,"name":448,"vendor":449,"product":450,"cpe_part":451,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":452},"debian linux","debian","debian_linux","o",[453],{"version":454,"is_range":79,"range_type":455,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0","cpe",{"ecosystem":9,"name":457,"vendor":458,"product":459,"cpe_part":460,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":461},"Django","djangoproject","django","a",[462,469,473],{"version":463,"is_range":464,"range_type":455,"version_start":465,"version_start_type":466,"version_end":467,"version_end_type":468,"fixed_in":9},"gte2.2_lt2.2.20",true,"2.2","including","2.2.20","excluding",{"version":470,"is_range":464,"range_type":455,"version_start":471,"version_start_type":466,"version_end":472,"version_end_type":468,"fixed_in":9},"gte3.0_lt3.0.14","3.0","3.0.14",{"version":474,"is_range":464,"range_type":455,"version_start":475,"version_start_type":466,"version_end":476,"version_end_type":468,"fixed_in":9},"gte3.1_lt3.1.8","3.1","3.1.8",{"ecosystem":9,"name":478,"vendor":479,"product":478,"cpe_part":451,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":480},"fedora","fedoraproject",[481],{"version":482,"is_range":79,"range_type":455,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"34",{"ecosystem":484,"name":459,"vendor":484,"product":459,"cpe_part":9,"purl_type":485,"purl_namespace":9,"purl_name":459,"source":9,"versions":486},"PyPI","pypi",[487,491,494,497],{"version":488,"is_range":464,"range_type":489,"version_start":490,"version_start_type":466,"version_end":467,"version_end_type":468,"fixed_in":9},"gte2_2a1_lt2_2_20","ecosystem","2.2a1",{"version":492,"is_range":464,"range_type":489,"version_start":493,"version_start_type":466,"version_end":472,"version_end_type":468,"fixed_in":9},"gte3_0a1_lt3_0_14","3.0a1",{"version":495,"is_range":464,"range_type":489,"version_start":496,"version_start_type":466,"version_end":476,"version_end_type":468,"fixed_in":9},"gte3_1a1_lt3_1_8","3.1a1",{"version":498,"is_range":464,"range_type":489,"version_start":475,"version_start_type":466,"version_end":476,"version_end_type":468,"fixed_in":9},"gte3_1_lt3_1_8"]