[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2021-3281":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":40,"aliases":41,"duplicate_of":9,"upstream":45,"downstream":46,"duplicates":71,"related":72,"reserved_at":9,"published_at":76,"modified_at":77,"state":78,"summary":79,"references_raw":88,"kevs":181,"epss":182,"epss_history":185,"metrics":433,"affected":448},"CVE-2021-3281","In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by \"startapp --template\" and \"startproject --template\") allows directory traversal via an archive with absolute paths or relative paths with dot segments.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-22","Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.","weakness","Stable","Base","High",[20,24,28,32,36],{"id":21,"name":22,"techniques":23},"CAPEC-126","Path Traversal",[],{"id":25,"name":26,"techniques":27},"CAPEC-64","Using Slashes and URL Encoding Combined to Bypass Validation Logic",[],{"id":29,"name":30,"techniques":31},"CAPEC-76","Manipulating Web Input to File System Calls",[],{"id":33,"name":34,"techniques":35},"CAPEC-78","Using Escaped Slashes in Alternate Encoding",[],{"id":37,"name":38,"techniques":39},"CAPEC-79","Using Slashes in Alternate Encoding",[],[],[42,43,44],"GHSA-fvgf-6h6h-3322","BIT-django-2021-3281","PYSEC-2021-9",[],[47,49,51,53,55,57,59,61,63,65,67,69],{"_key":48},"RHSA-2021:3490",{"_key":50},"RHSA-2021:5070",{"_key":52},"SUSE-RU-2021:0351-1",{"_key":54},"SUSE-RU-2021:0497-1",{"_key":56},"SUSE-SU-2021:1963-1",{"_key":58},"UBUNTU-CVE-2021-3281",{"_key":60},"USN-4715-1",{"_key":62},"USN-4715-2",{"_key":64},"DLA-2540-1",{"_key":66},"DLA-3164-1",{"_key":68},"DEBIAN-CVE-2021-3281",{"_key":70},"RHSA-2021:0781",[],[73,74,75],{"_key":52},{"_key":54},{"_key":56},"2021-02-02T06:16:28.000Z","2024-08-03T16:53:17.221Z","Modified",{"cisa_kev":80,"cisa_ransomware":80,"cisa_vendor":9,"epss_severity":81,"epss_score":82,"severity":83,"severity_score":84,"severity_version":85,"severity_source":86,"severity_vector":87,"severity_status":78},false,"high",0.41482,"medium",5.3,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",[89,95,103,109,114,120,124,128,132,136,140,144,148,152,157,161,165,169,173,177],{"url":90,"sources":91,"tags":93},"https://groups.google.com/forum/#%21forum/django-announce",[92,86],"cve.org",[94],"X Refsource MISC",{"url":96,"sources":97,"tags":99},"https://docs.djangoproject.com/en/3.1/releases/security/",[92,86,98],"osv_pypi",[94,100,101,102],"Patch","Vendor Advisory","WEB",{"url":104,"sources":105,"tags":106},"https://www.djangoproject.com/weblog/2021/feb/01/security-releases/",[92,86,98],[107,101,108],"X Refsource CONFIRM","ARTICLE",{"url":110,"sources":111,"tags":112},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YF52FKEH5S2P5CM4X7IXSYG67YY2CDOO/",[92,86],[101,113],"X Refsource FEDORA",{"url":115,"sources":116,"tags":117},"https://security.netapp.com/advisory/ntap-20210226-0004/",[92,86,98],[107,118,119],"Third Party Advisory","Advisory",{"url":121,"sources":122,"tags":123},"https://nvd.nist.gov/vuln/detail/CVE-2021-3281",[98],[119],{"url":125,"sources":126,"tags":127},"https://github.com/django/django/commit/02e6592835b4559909aa3aaaf67988fef435f624",[98],[102],{"url":129,"sources":130,"tags":131},"https://github.com/django/django/commit/05413afa8c18cdb978fcdf470e09f7a12b234a23",[98],[102],{"url":133,"sources":134,"tags":135},"https://github.com/django/django/commit/21e7622dec1f8612c85c2fc37fe8efbfd3311e37",[98],[102],{"url":137,"sources":138,"tags":139},"https://github.com/django/django/commit/52e409ed17287e9aabda847b6afe58be2fa9f86a",[98],[102],{"url":141,"sources":142,"tags":143},"https://docs.djangoproject.com/en/3.1/releases/3.0.12",[98],[102],{"url":145,"sources":146,"tags":147},"https://docs.djangoproject.com/en/3.1/releases/security",[98],[102],{"url":149,"sources":150,"tags":151},"https://github.com/advisories/GHSA-fvgf-6h6h-3322",[98],[119],{"url":153,"sources":154,"tags":155},"https://github.com/django/django",[98],[156],"PACKAGE",{"url":158,"sources":159,"tags":160},"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-9.yaml",[98],[102],{"url":162,"sources":163,"tags":164},"https://groups.google.com/forum/#!forum/django-announce",[98],[102],{"url":166,"sources":167,"tags":168},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YF52FKEH5S2P5CM4X7IXSYG67YY2CDOO",[98],[102],{"url":170,"sources":171,"tags":172},"https://security.netapp.com/advisory/ntap-20210226-0004",[98],[102],{"url":174,"sources":175,"tags":176},"https://www.djangoproject.com/weblog/2021/feb/01/security-releases",[98],[102],{"url":178,"sources":179,"tags":180},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YF52FKEH5S2P5CM4X7IXSYG67YY2CDOO/",[98],[102],[],{"date":183,"score":82,"percentile":184},"2026-06-04",0.97482,[186,190,193,196,199,201,204,207,209,212,215,218,220,222,224,228,231,234,237,239,241,244,247,249,252,255,258,260,264,267,270,272,274,276,278,280,283,286,289,291,294,297,300,303,306,309,312,315,317,320,322,326,329,332,335,338,340,342,345,349,352,355,358,360,362,365,368,371,374,377,379,381,384,387,390,393,396,398,400,403,406,409,412,415,417,419,422,425,427,430],{"date":187,"score":188,"percentile":189},"2025-11-04",0.36231,0.9691,{"date":191,"score":188,"percentile":192},"2025-11-05",0.96911,{"date":194,"score":188,"percentile":195},"2025-11-06",0.96912,{"date":197,"score":188,"percentile":198},"2025-11-07",0.96915,{"date":200,"score":188,"percentile":198},"2025-11-08",{"date":202,"score":188,"percentile":203},"2025-11-09",0.96914,{"date":205,"score":188,"percentile":206},"2025-11-10",0.96913,{"date":208,"score":188,"percentile":198},"2025-11-11",{"date":210,"score":188,"percentile":211},"2025-11-12",0.96919,{"date":213,"score":188,"percentile":214},"2025-11-13",0.9692,{"date":216,"score":188,"percentile":217},"2025-11-14",0.96921,{"date":219,"score":188,"percentile":214},"2025-11-15",{"date":221,"score":188,"percentile":214},"2025-11-16",{"date":223,"score":188,"percentile":217},"2025-11-17",{"date":225,"score":226,"percentile":227},"2025-11-18",0.03492,0.86389,{"date":229,"score":226,"percentile":230},"2025-11-19",0.8639,{"date":232,"score":226,"percentile":233},"2025-11-20",0.86392,{"date":235,"score":188,"percentile":236},"2025-11-21",0.96923,{"date":238,"score":188,"percentile":217},"2025-11-22",{"date":240,"score":188,"percentile":214},"2025-11-23",{"date":242,"score":188,"percentile":243},"2025-11-24",0.96925,{"date":245,"score":188,"percentile":246},"2025-11-25",0.96926,{"date":248,"score":188,"percentile":246},"2025-11-26",{"date":250,"score":188,"percentile":251},"2025-11-27",0.96929,{"date":253,"score":188,"percentile":254},"2025-11-28",0.96927,{"date":256,"score":188,"percentile":257},"2025-11-29",0.96928,{"date":259,"score":188,"percentile":254},"2025-11-30",{"date":261,"score":262,"percentile":263},"2025-12-01",0.30602,0.96552,{"date":265,"score":262,"percentile":266},"2025-12-02",0.96551,{"date":268,"score":262,"percentile":269},"2025-12-03",0.96553,{"date":271,"score":188,"percentile":254},"2025-12-04",{"date":273,"score":188,"percentile":251},"2025-12-05",{"date":275,"score":188,"percentile":251},"2025-12-06",{"date":277,"score":188,"percentile":251},"2025-12-07",{"date":279,"score":188,"percentile":251},"2025-12-08",{"date":281,"score":188,"percentile":282},"2025-12-09",0.9693,{"date":284,"score":188,"percentile":285},"2025-12-10",0.96936,{"date":287,"score":188,"percentile":288},"2025-12-11",0.96939,{"date":290,"score":188,"percentile":288},"2025-12-12",{"date":292,"score":188,"percentile":293},"2025-12-13",0.96941,{"date":295,"score":188,"percentile":296},"2025-12-14",0.96937,{"date":298,"score":188,"percentile":299},"2025-12-15",0.9694,{"date":301,"score":188,"percentile":302},"2025-12-16",0.96943,{"date":304,"score":188,"percentile":305},"2025-12-17",0.96946,{"date":307,"score":188,"percentile":308},"2025-12-18",0.96945,{"date":310,"score":188,"percentile":311},"2025-12-19",0.96947,{"date":313,"score":188,"percentile":314},"2025-12-20",0.96949,{"date":316,"score":188,"percentile":314},"2025-12-21",{"date":318,"score":188,"percentile":319},"2025-12-22",0.96948,{"date":321,"score":188,"percentile":314},"2025-12-23",{"date":323,"score":324,"percentile":325},"2025-12-24",0.30172,0.96503,{"date":327,"score":324,"percentile":328},"2025-12-25",0.96508,{"date":330,"score":324,"percentile":331},"2025-12-26",0.96507,{"date":333,"score":324,"percentile":334},"2025-12-27",0.96537,{"date":336,"score":324,"percentile":337},"2025-12-28",0.96506,{"date":339,"score":324,"percentile":337},"2025-12-29",{"date":341,"score":324,"percentile":328},"2025-12-30",{"date":343,"score":324,"percentile":344},"2025-12-31",0.96512,{"date":346,"score":347,"percentile":348},"2026-01-01",0.25025,0.96023,{"date":350,"score":347,"percentile":351},"2026-01-02",0.96019,{"date":353,"score":347,"percentile":354},"2026-01-03",0.96015,{"date":356,"score":324,"percentile":357},"2026-01-04",0.9651,{"date":359,"score":324,"percentile":357},"2026-01-05",{"date":361,"score":324,"percentile":344},"2026-01-06",{"date":363,"score":324,"percentile":364},"2026-01-07",0.96513,{"date":366,"score":324,"percentile":367},"2026-01-08",0.96516,{"date":369,"score":324,"percentile":370},"2026-01-09",0.96518,{"date":372,"score":324,"percentile":373},"2026-01-10",0.9652,{"date":375,"score":324,"percentile":376},"2026-01-11",0.96521,{"date":378,"score":324,"percentile":376},"2026-01-12",{"date":380,"score":324,"percentile":376},"2026-01-13",{"date":382,"score":324,"percentile":383},"2026-01-14",0.96526,{"date":385,"score":324,"percentile":386},"2026-01-15",0.96528,{"date":388,"score":324,"percentile":389},"2026-01-16",0.96531,{"date":391,"score":324,"percentile":392},"2026-01-17",0.96532,{"date":394,"score":324,"percentile":395},"2026-01-18",0.96533,{"date":397,"score":324,"percentile":392},"2026-01-19",{"date":399,"score":324,"percentile":395},"2026-01-20",{"date":401,"score":324,"percentile":402},"2026-01-21",0.96534,{"date":404,"score":324,"percentile":405},"2026-01-22",0.96535,{"date":407,"score":324,"percentile":408},"2026-01-23",0.9654,{"date":410,"score":324,"percentile":411},"2026-01-24",0.96541,{"date":413,"score":324,"percentile":414},"2026-01-25",0.96542,{"date":416,"score":324,"percentile":414},"2026-01-26",{"date":418,"score":324,"percentile":414},"2026-01-27",{"date":420,"score":324,"percentile":421},"2026-01-28",0.96544,{"date":423,"score":324,"percentile":424},"2026-01-29",0.96545,{"date":426,"score":324,"percentile":421},"2026-01-30",{"date":428,"score":324,"percentile":429},"2026-01-31",0.96546,{"date":431,"score":347,"percentile":432},"2026-02-01",0.96049,[434,443],{"source":86,"cvss_v2_0":435,"cvss_v3_0":9,"cvss_v3_1":440,"cvss_v4_0":9},{"baseScore":436,"baseSeverity":9,"vectorString":437,"impactScore":438,"exploitabilityScore":439},5,"AV:N/AC:L/Au:N/C:N/I:P/A:N",2.9,10,{"baseScore":84,"baseSeverity":441,"vectorString":87,"impactScore":442,"exploitabilityScore":439},"MEDIUM",2.3,{"source":98,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":444,"cvss_v4_0":445},{"baseScore":84,"baseSeverity":9,"vectorString":87,"impactScore":442,"exploitabilityScore":439},{"baseScore":446,"baseSeverity":9,"vectorString":447,"impactScore":9,"exploitabilityScore":9},6.9,"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",[449,471,478,484],{"ecosystem":9,"name":450,"vendor":451,"product":452,"cpe_part":453,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":454},"Django","djangoproject","django","a",[455,463,467],{"version":456,"is_range":457,"range_type":458,"version_start":459,"version_start_type":460,"version_end":461,"version_end_type":462,"fixed_in":9},"gte2.2_lt2.2.18",true,"cpe","2.2","including","2.2.18","excluding",{"version":464,"is_range":457,"range_type":458,"version_start":465,"version_start_type":460,"version_end":466,"version_end_type":462,"fixed_in":9},"gte3.0_lt3.0.12","3.0","3.0.12",{"version":468,"is_range":457,"range_type":458,"version_start":469,"version_start_type":460,"version_end":470,"version_end_type":462,"fixed_in":9},"gte3.1_lt3.1.6","3.1","3.1.6",{"ecosystem":9,"name":472,"vendor":473,"product":472,"cpe_part":474,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":475},"fedora","fedoraproject","o",[476],{"version":477,"is_range":80,"range_type":458,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"33",{"ecosystem":9,"name":479,"vendor":480,"product":479,"cpe_part":453,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":481},"snapcenter","netapp",[482],{"version":483,"is_range":80,"range_type":458,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"na",{"ecosystem":485,"name":452,"vendor":485,"product":452,"cpe_part":9,"purl_type":486,"purl_namespace":9,"purl_name":452,"source":9,"versions":487},"PyPI","pypi",[488,491,493],{"version":489,"is_range":457,"range_type":490,"version_start":459,"version_start_type":460,"version_end":461,"version_end_type":462,"fixed_in":9},"gte2_2_lt2_2_18","ecosystem",{"version":492,"is_range":457,"range_type":490,"version_start":465,"version_start_type":460,"version_end":466,"version_end_type":462,"fixed_in":9},"gte3_0_lt3_0_12",{"version":494,"is_range":457,"range_type":490,"version_start":469,"version_start_type":460,"version_end":470,"version_end_type":462,"fixed_in":9},"gte3_1_lt3_1_6"]