[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2021-33571":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":23,"aliases":24,"duplicate_of":9,"upstream":28,"downstream":29,"duplicates":64,"related":65,"reserved_at":9,"published_at":75,"modified_at":76,"state":77,"summary":78,"references_raw":87,"kevs":166,"epss":167,"epss_history":170,"metrics":433,"affected":448},"CVE-2021-33571","In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses. (validate_ipv4_address and validate_ipv46_address are unaffected with Python 3.9.5+..) .",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-918","Server-Side Request Forgery (SSRF)","The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.","weakness","Incomplete","Base",[19],{"id":20,"name":21,"techniques":22},"CAPEC-664","Server Side Request Forgery",[],[],[25,26,27],"GHSA-p99v-5w3c-jqq9","BIT-django-2021-33571","PYSEC-2021-99",[],[30,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62],{"_key":31},"RHSA-2021:3490",{"_key":33},"RHSA-2021:5070",{"_key":35},"SUSE-SU-2021:1962-1",{"_key":37},"SUSE-SU-2021:1963-1",{"_key":39},"SUSE-SU-2021:2554-1",{"_key":41},"UBUNTU-CVE-2021-33571",{"_key":43},"USN-4975-1",{"_key":45},"OPENSUSE-SU-2023:0005-1",{"_key":47},"OPENSUSE-SU-2024:11205-1",{"_key":49},"OPENSUSE-SU-2024:13887-1",{"_key":51},"OPENSUSE-SU-2024:14208-1",{"_key":53},"DLA-2676-1",{"_key":55},"DLA-3744-1",{"_key":57},"OPENSUSE-SU-2026:10005-1",{"_key":59},"MGASA-2021-0356",{"_key":61},"DEBIAN-CVE-2021-33571",{"_key":63},"RHSA-2021:4702",[],[66,67,68,69,70,71,72,73,74],{"_key":59},{"_key":35},{"_key":37},{"_key":39},{"_key":45},{"_key":47},{"_key":49},{"_key":51},{"_key":57},"2021-06-08T00:00:00.000Z","2024-08-03T23:50:43.143Z","Modified",{"cisa_kev":79,"cisa_ransomware":79,"cisa_vendor":9,"epss_severity":80,"epss_score":81,"severity":82,"severity_score":83,"severity_version":84,"severity_source":85,"severity_vector":86,"severity_status":77},false,"low",0.00015,"high",7.5,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",[88,97,103,108,112,116,120,124,128,133,137,141,146,150,154,158,162],{"url":89,"sources":90,"tags":93},"https://docs.djangoproject.com/en/3.2/releases/security/",[91,85,92],"cve.org","osv_pypi",[94,95,96],"Patch","Vendor Advisory","WEB",{"url":98,"sources":99,"tags":100},"https://groups.google.com/g/django-announce/c/sPyjSKMi8Eo",[91,85,92],[101,102,96],"Mailing List","Third Party Advisory",{"url":104,"sources":105,"tags":106},"https://www.djangoproject.com/weblog/2021/jun/02/security-releases/",[91,85,92],[94,95,107],"ARTICLE",{"url":109,"sources":110,"tags":111},"https://security.netapp.com/advisory/ntap-20210727-0004/",[91,85],[102],{"url":113,"sources":114,"tags":115},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV/",[91,85],[95],{"url":117,"sources":118,"tags":119},"https://github.com/django/django/commit/f27c38ab5d90f68c9dd60cabef248a570c0be8fc",[91,85,92],[96],{"url":121,"sources":122,"tags":123},"https://github.com/django/django/commit/203d4ab9ebcd72fc4d6eb7398e66ed9e474e118e",[91,85,92],[96],{"url":125,"sources":126,"tags":127},"https://github.com/django/django/commit/9f75e2e562fa0c0482f3dde6fc7399a9070b4a3d",[91,85,92],[96],{"url":129,"sources":130,"tags":131},"https://nvd.nist.gov/vuln/detail/CVE-2021-33571",[92],[132],"Advisory",{"url":134,"sources":135,"tags":136},"https://docs.djangoproject.com/en/3.2/releases/security",[92],[96],{"url":138,"sources":139,"tags":140},"https://github.com/advisories/GHSA-p99v-5w3c-jqq9",[92],[132],{"url":142,"sources":143,"tags":144},"https://github.com/django/django",[92],[145],"PACKAGE",{"url":147,"sources":148,"tags":149},"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-99.yaml",[92],[96],{"url":151,"sources":152,"tags":153},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV",[92],[96],{"url":155,"sources":156,"tags":157},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV",[92],[96],{"url":159,"sources":160,"tags":161},"https://security.netapp.com/advisory/ntap-20210727-0004",[92],[96],{"url":163,"sources":164,"tags":165},"https://www.djangoproject.com/weblog/2021/jun/02/security-releases",[92],[96],[],{"date":168,"score":81,"percentile":169},"2026-06-04",0.03132,[171,175,178,181,184,187,190,193,196,200,203,206,209,212,215,219,222,225,228,231,234,237,240,243,245,248,251,254,257,260,263,266,269,272,275,278,281,284,287,290,293,295,298,301,304,307,310,312,315,318,321,323,327,329,331,333,336,338,341,344,346,349,352,355,358,361,364,367,370,373,376,379,382,385,388,391,394,397,400,403,406,409,412,415,418,421,424,427,429,431],{"date":172,"score":173,"percentile":174},"2025-11-04",0.00016,0.02584,{"date":176,"score":173,"percentile":177},"2025-11-05",0.0261,{"date":179,"score":173,"percentile":180},"2025-11-06",0.02636,{"date":182,"score":173,"percentile":183},"2025-11-07",0.02648,{"date":185,"score":173,"percentile":186},"2025-11-08",0.02655,{"date":188,"score":173,"percentile":189},"2025-11-09",0.02657,{"date":191,"score":173,"percentile":192},"2025-11-10",0.0263,{"date":194,"score":173,"percentile":195},"2025-11-11",0.02645,{"date":197,"score":198,"percentile":199},"2025-11-12",0.00018,0.03223,{"date":201,"score":198,"percentile":202},"2025-11-13",0.03254,{"date":204,"score":198,"percentile":205},"2025-11-14",0.03268,{"date":207,"score":198,"percentile":208},"2025-11-15",0.03297,{"date":210,"score":198,"percentile":211},"2025-11-16",0.03295,{"date":213,"score":198,"percentile":214},"2025-11-17",0.03282,{"date":216,"score":217,"percentile":218},"2025-11-18",0.00521,0.64302,{"date":220,"score":217,"percentile":221},"2025-11-19",0.64311,{"date":223,"score":217,"percentile":224},"2025-11-20",0.64308,{"date":226,"score":198,"percentile":227},"2025-11-21",0.03388,{"date":229,"score":198,"percentile":230},"2025-11-22",0.03393,{"date":232,"score":198,"percentile":233},"2025-11-23",0.03389,{"date":235,"score":198,"percentile":236},"2025-11-24",0.03369,{"date":238,"score":198,"percentile":239},"2025-11-25",0.03367,{"date":241,"score":198,"percentile":242},"2025-11-26",0.03378,{"date":244,"score":198,"percentile":230},"2025-11-27",{"date":246,"score":198,"percentile":247},"2025-11-28",0.03394,{"date":249,"score":198,"percentile":250},"2025-11-29",0.03439,{"date":252,"score":198,"percentile":253},"2025-11-30",0.03441,{"date":255,"score":198,"percentile":256},"2025-12-01",0.03537,{"date":258,"score":198,"percentile":259},"2025-12-02",0.03549,{"date":261,"score":198,"percentile":262},"2025-12-03",0.0356,{"date":264,"score":198,"percentile":265},"2025-12-04",0.035,{"date":267,"score":198,"percentile":268},"2025-12-05",0.03547,{"date":270,"score":198,"percentile":271},"2025-12-06",0.03561,{"date":273,"score":198,"percentile":274},"2025-12-07",0.03565,{"date":276,"score":198,"percentile":277},"2025-12-08",0.03563,{"date":279,"score":198,"percentile":280},"2025-12-09",0.03588,{"date":282,"score":198,"percentile":283},"2025-12-10",0.03625,{"date":285,"score":198,"percentile":286},"2025-12-11",0.03616,{"date":288,"score":198,"percentile":289},"2025-12-12",0.03631,{"date":291,"score":198,"percentile":292},"2025-12-13",0.03636,{"date":294,"score":198,"percentile":292},"2025-12-14",{"date":296,"score":198,"percentile":297},"2025-12-15",0.03617,{"date":299,"score":198,"percentile":300},"2025-12-16",0.03635,{"date":302,"score":198,"percentile":303},"2025-12-17",0.03657,{"date":305,"score":198,"percentile":306},"2025-12-18",0.03676,{"date":308,"score":198,"percentile":309},"2025-12-19",0.0366,{"date":311,"score":198,"percentile":303},"2025-12-20",{"date":313,"score":198,"percentile":314},"2025-12-21",0.03677,{"date":316,"score":198,"percentile":317},"2025-12-22",0.03655,{"date":319,"score":198,"percentile":320},"2025-12-23",0.03665,{"date":322,"score":198,"percentile":309},"2025-12-24",{"date":324,"score":325,"percentile":326},"2025-12-25",0.00017,0.03403,{"date":328,"score":325,"percentile":326},"2025-12-26",{"date":330,"score":325,"percentile":227},"2025-12-27",{"date":332,"score":325,"percentile":326},"2025-12-28",{"date":334,"score":325,"percentile":335},"2025-12-29",0.03395,{"date":337,"score":325,"percentile":242},"2025-12-30",{"date":339,"score":325,"percentile":340},"2025-12-31",0.03371,{"date":342,"score":325,"percentile":343},"2026-01-01",0.0345,{"date":345,"score":325,"percentile":253},"2026-01-02",{"date":347,"score":325,"percentile":348},"2026-01-03",0.03435,{"date":350,"score":198,"percentile":351},"2026-01-04",0.04006,{"date":353,"score":198,"percentile":354},"2026-01-05",0.03967,{"date":356,"score":198,"percentile":357},"2026-01-06",0.0396,{"date":359,"score":198,"percentile":360},"2026-01-07",0.03986,{"date":362,"score":198,"percentile":363},"2026-01-08",0.0402,{"date":365,"score":198,"percentile":366},"2026-01-09",0.04021,{"date":368,"score":198,"percentile":369},"2026-01-10",0.0403,{"date":371,"score":198,"percentile":372},"2026-01-11",0.04009,{"date":374,"score":198,"percentile":375},"2026-01-12",0.04007,{"date":377,"score":198,"percentile":378},"2026-01-13",0.04001,{"date":380,"score":198,"percentile":381},"2026-01-14",0.04037,{"date":383,"score":198,"percentile":384},"2026-01-15",0.03963,{"date":386,"score":198,"percentile":387},"2026-01-16",0.03936,{"date":389,"score":198,"percentile":390},"2026-01-17",0.03938,{"date":392,"score":198,"percentile":393},"2026-01-18",0.03914,{"date":395,"score":198,"percentile":396},"2026-01-19",0.03869,{"date":398,"score":198,"percentile":399},"2026-01-20",0.03839,{"date":401,"score":198,"percentile":402},"2026-01-21",0.03829,{"date":404,"score":198,"percentile":405},"2026-01-22",0.03833,{"date":407,"score":198,"percentile":408},"2026-01-23",0.03878,{"date":410,"score":198,"percentile":411},"2026-01-24",0.03913,{"date":413,"score":198,"percentile":414},"2026-01-25",0.039,{"date":416,"score":198,"percentile":417},"2026-01-26",0.03885,{"date":419,"score":198,"percentile":420},"2026-01-27",0.03871,{"date":422,"score":198,"percentile":423},"2026-01-28",0.03856,{"date":425,"score":198,"percentile":426},"2026-01-29",0.03877,{"date":428,"score":198,"percentile":408},"2026-01-30",{"date":430,"score":198,"percentile":423},"2026-01-31",{"date":432,"score":198,"percentile":384},"2026-02-01",[434,443],{"source":85,"cvss_v2_0":435,"cvss_v3_0":9,"cvss_v3_1":440,"cvss_v4_0":9},{"baseScore":436,"baseSeverity":9,"vectorString":437,"impactScore":438,"exploitabilityScore":439},5,"AV:N/AC:L/Au:N/C:N/I:P/A:N",2.9,10,{"baseScore":83,"baseSeverity":441,"vectorString":86,"impactScore":442,"exploitabilityScore":439},"HIGH",6,{"source":92,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":444,"cvss_v4_0":445},{"baseScore":83,"baseSeverity":9,"vectorString":86,"impactScore":442,"exploitabilityScore":439},{"baseScore":446,"baseSeverity":9,"vectorString":447,"impactScore":9,"exploitabilityScore":9},8.7,"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",[449,471,478],{"ecosystem":9,"name":450,"vendor":451,"product":452,"cpe_part":453,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":454},"Django","djangoproject","django","a",[455,463,467],{"version":456,"is_range":457,"range_type":458,"version_start":459,"version_start_type":460,"version_end":461,"version_end_type":462,"fixed_in":9},"gte2.2_lt2.2.24",true,"cpe","2.2","including","2.2.24","excluding",{"version":464,"is_range":457,"range_type":458,"version_start":465,"version_start_type":460,"version_end":466,"version_end_type":462,"fixed_in":9},"gte3.0_lt3.1.12","3.0","3.1.12",{"version":468,"is_range":457,"range_type":458,"version_start":469,"version_start_type":460,"version_end":470,"version_end_type":462,"fixed_in":9},"gte3.2_lt3.2.4","3.2","3.2.4",{"ecosystem":9,"name":472,"vendor":473,"product":472,"cpe_part":474,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":475},"fedora","fedoraproject","o",[476],{"version":477,"is_range":79,"range_type":458,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"35",{"ecosystem":479,"name":452,"vendor":479,"product":452,"cpe_part":9,"purl_type":480,"purl_namespace":9,"purl_name":452,"source":9,"versions":481},"PyPI","pypi",[482,486,489,492],{"version":483,"is_range":457,"range_type":484,"version_start":485,"version_start_type":460,"version_end":461,"version_end_type":462,"fixed_in":9},"gte2_2a1_lt2_2_24","ecosystem","2.2a1",{"version":487,"is_range":457,"range_type":484,"version_start":488,"version_start_type":460,"version_end":466,"version_end_type":462,"fixed_in":9},"gte3_0a1_lt3_1_12","3.0a1",{"version":490,"is_range":457,"range_type":484,"version_start":491,"version_start_type":460,"version_end":470,"version_end_type":462,"fixed_in":9},"gte3_2a1_lt3_2_4","3.2a1",{"version":493,"is_range":457,"range_type":484,"version_start":469,"version_start_type":460,"version_end":470,"version_end_type":462,"fixed_in":9},"gte3_2_lt3_2_4"]