[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2021-35042":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":44,"aliases":45,"duplicate_of":9,"upstream":49,"downstream":50,"duplicates":61,"related":62,"reserved_at":9,"published_at":68,"modified_at":69,"state":70,"summary":71,"references_raw":79,"kevs":165,"epss":166,"epss_history":169,"metrics":427,"affected":441},"CVE-2021-35042","Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-89","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-108","Command Line Execution through SQL Injection",[],{"id":25,"name":26,"techniques":27},"CAPEC-109","Object Relational Mapping Injection",[],{"id":29,"name":30,"techniques":31},"CAPEC-110","SQL Injection through SOAP Parameter Tampering",[],{"id":33,"name":34,"techniques":35},"CAPEC-470","Expanding Control over the Operating System from the Database",[],{"id":37,"name":38,"techniques":39},"CAPEC-66","SQL Injection",[],{"id":41,"name":42,"techniques":43},"CAPEC-7","Blind SQL Injection",[],[],[46,47,48],"GHSA-xpfp-f569-q3p2","BIT-django-2021-35042","PYSEC-2021-109",[],[51,53,55,57,59],{"_key":52},"OPENSUSE-SU-2024:11205-1",{"_key":54},"OPENSUSE-SU-2024:13887-1",{"_key":56},"OPENSUSE-SU-2024:14208-1",{"_key":58},"OPENSUSE-SU-2026:10005-1",{"_key":60},"MGASA-2021-0356",[],[63,64,65,66,67],{"_key":60},{"_key":52},{"_key":54},{"_key":56},{"_key":58},"2021-07-02T09:54:11.000Z","2024-08-04T00:33:49.895Z","Modified",{"cisa_kev":72,"cisa_ransomware":72,"cisa_vendor":9,"epss_severity":73,"epss_score":74,"severity":73,"severity_score":75,"severity_version":76,"severity_source":77,"severity_vector":78,"severity_status":70},false,"critical",0.909,9.8,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[80,86,94,101,106,110,115,120,124,128,132,136,140,145,149,153,157,161],{"url":81,"sources":82,"tags":84},"https://groups.google.com/forum/#%21forum/django-announce",[83,77],"cve.org",[85],"X Refsource MISC",{"url":87,"sources":88,"tags":90},"https://docs.djangoproject.com/en/3.2/releases/security/",[83,77,89],"osv_pypi",[85,91,92,93],"Patch","Vendor Advisory","WEB",{"url":95,"sources":96,"tags":97},"https://www.openwall.com/lists/oss-security/2021/07/02/2",[83,77,89],[98,99,91,100,93],"X Refsource CONFIRM","Mailing List","Third Party Advisory",{"url":102,"sources":103,"tags":104},"https://www.djangoproject.com/weblog/2021/jul/01/security-releases/",[83,77,89],[98,91,92,105],"ARTICLE",{"url":107,"sources":108,"tags":109},"https://security.netapp.com/advisory/ntap-20210805-0008/",[83,77],[98,100],{"url":111,"sources":112,"tags":113},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SS6NJTBYWOX6J7G4U3LUOILARJKWPQ5Y/",[83,77],[92,114],"X Refsource FEDORA",{"url":116,"sources":117,"tags":118},"https://nvd.nist.gov/vuln/detail/CVE-2021-35042",[89],[119],"Advisory",{"url":121,"sources":122,"tags":123},"https://github.com/django/django/commit/0bd57a879a0d54920bb9038a732645fb917040e9",[89],[93],{"url":125,"sources":126,"tags":127},"https://github.com/django/django/commit/a34a5f724c5d5adb2109374ba3989ebb7b11f81f",[89],[93],{"url":129,"sources":130,"tags":131},"https://github.com/django/django/commit/dae83a24519d6f284c74414e0b81d64d9b5a0db4",[89],[93],{"url":133,"sources":134,"tags":135},"https://docs.djangoproject.com/en/3.2/releases/security",[89],[93],{"url":137,"sources":138,"tags":139},"https://github.com/advisories/GHSA-xpfp-f569-q3p2",[89],[119],{"url":141,"sources":142,"tags":143},"https://github.com/django/django",[89],[144],"PACKAGE",{"url":146,"sources":147,"tags":148},"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-109.yaml",[89],[93],{"url":150,"sources":151,"tags":152},"https://groups.google.com/forum/#!forum/django-announce",[89],[93],{"url":154,"sources":155,"tags":156},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SS6NJTBYWOX6J7G4U3LUOILARJKWPQ5Y",[89],[93],{"url":158,"sources":159,"tags":160},"https://security.netapp.com/advisory/ntap-20210805-0008",[89],[93],{"url":162,"sources":163,"tags":164},"https://www.djangoproject.com/weblog/2021/jul/01/security-releases",[89],[93],[],{"date":167,"score":74,"percentile":168},"2026-06-04",0.99646,[170,174,177,180,183,186,189,191,193,196,199,202,205,208,211,215,218,221,224,226,229,232,235,237,240,243,246,250,254,257,259,262,264,266,269,272,275,278,281,283,286,289,292,295,298,302,305,307,310,312,314,317,320,323,326,329,332,334,338,342,345,347,349,351,353,356,360,363,366,369,371,374,377,380,383,386,390,393,397,400,402,405,407,409,412,415,417,419,421,423],{"date":171,"score":172,"percentile":173},"2025-11-04",0.06963,0.91023,{"date":175,"score":172,"percentile":176},"2025-11-05",0.91022,{"date":178,"score":172,"percentile":179},"2025-11-06",0.91024,{"date":181,"score":172,"percentile":182},"2025-11-07",0.91031,{"date":184,"score":172,"percentile":185},"2025-11-08",0.9103,{"date":187,"score":172,"percentile":188},"2025-11-09",0.91028,{"date":190,"score":172,"percentile":188},"2025-11-10",{"date":192,"score":172,"percentile":182},"2025-11-11",{"date":194,"score":172,"percentile":195},"2025-11-12",0.91035,{"date":197,"score":172,"percentile":198},"2025-11-13",0.91037,{"date":200,"score":172,"percentile":201},"2025-11-14",0.91039,{"date":203,"score":172,"percentile":204},"2025-11-15",0.91036,{"date":206,"score":172,"percentile":207},"2025-11-16",0.91043,{"date":209,"score":172,"percentile":210},"2025-11-17",0.9104,{"date":212,"score":213,"percentile":214},"2025-11-18",0.23617,0.95631,{"date":216,"score":213,"percentile":217},"2025-11-19",0.95632,{"date":219,"score":213,"percentile":220},"2025-11-20",0.95634,{"date":222,"score":172,"percentile":223},"2025-11-21",0.91046,{"date":225,"score":172,"percentile":223},"2025-11-22",{"date":227,"score":172,"percentile":228},"2025-11-23",0.91049,{"date":230,"score":172,"percentile":231},"2025-11-24",0.9105,{"date":233,"score":172,"percentile":234},"2025-11-25",0.91052,{"date":236,"score":172,"percentile":234},"2025-11-26",{"date":238,"score":172,"percentile":239},"2025-11-27",0.91051,{"date":241,"score":172,"percentile":242},"2025-11-28",0.91044,{"date":244,"score":172,"percentile":245},"2025-11-29",0.91074,{"date":247,"score":248,"percentile":249},"2025-11-30",0.14958,0.94281,{"date":251,"score":252,"percentile":253},"2025-12-01",0.13223,0.93911,{"date":255,"score":252,"percentile":256},"2025-12-02",0.93912,{"date":258,"score":252,"percentile":256},"2025-12-03",{"date":260,"score":248,"percentile":261},"2025-12-04",0.94278,{"date":263,"score":248,"percentile":249},"2025-12-05",{"date":265,"score":248,"percentile":249},"2025-12-06",{"date":267,"score":248,"percentile":268},"2025-12-07",0.94287,{"date":270,"score":248,"percentile":271},"2025-12-08",0.94288,{"date":273,"score":248,"percentile":274},"2025-12-09",0.94293,{"date":276,"score":248,"percentile":277},"2025-12-10",0.94301,{"date":279,"score":248,"percentile":280},"2025-12-11",0.94305,{"date":282,"score":248,"percentile":280},"2025-12-12",{"date":284,"score":248,"percentile":285},"2025-12-13",0.94304,{"date":287,"score":248,"percentile":288},"2025-12-14",0.94302,{"date":290,"score":248,"percentile":291},"2025-12-15",0.94306,{"date":293,"score":248,"percentile":294},"2025-12-16",0.94309,{"date":296,"score":248,"percentile":297},"2025-12-17",0.94312,{"date":299,"score":300,"percentile":301},"2025-12-18",0.38424,0.9708,{"date":303,"score":300,"percentile":304},"2025-12-19",0.97082,{"date":306,"score":300,"percentile":304},"2025-12-20",{"date":308,"score":300,"percentile":309},"2025-12-21",0.97081,{"date":311,"score":300,"percentile":309},"2025-12-22",{"date":313,"score":300,"percentile":304},"2025-12-23",{"date":315,"score":300,"percentile":316},"2025-12-24",0.97085,{"date":318,"score":300,"percentile":319},"2025-12-25",0.97089,{"date":321,"score":300,"percentile":322},"2025-12-26",0.97091,{"date":324,"score":300,"percentile":325},"2025-12-27",0.97119,{"date":327,"score":300,"percentile":328},"2025-12-28",0.97092,{"date":330,"score":300,"percentile":331},"2025-12-29",0.97093,{"date":333,"score":300,"percentile":331},"2025-12-30",{"date":335,"score":336,"percentile":337},"2025-12-31",0.32144,0.96669,{"date":339,"score":340,"percentile":341},"2026-01-01",0.28538,0.96396,{"date":343,"score":340,"percentile":344},"2026-01-02",0.96393,{"date":346,"score":340,"percentile":344},"2026-01-03",{"date":348,"score":336,"percentile":337},"2026-01-04",{"date":350,"score":336,"percentile":337},"2026-01-05",{"date":352,"score":336,"percentile":337},"2026-01-06",{"date":354,"score":300,"percentile":355},"2026-01-07",0.971,{"date":357,"score":358,"percentile":359},"2026-01-08",0.35237,0.96895,{"date":361,"score":358,"percentile":362},"2026-01-09",0.96898,{"date":364,"score":358,"percentile":365},"2026-01-10",0.96899,{"date":367,"score":358,"percentile":368},"2026-01-11",0.969,{"date":370,"score":358,"percentile":368},"2026-01-12",{"date":372,"score":358,"percentile":373},"2026-01-13",0.96901,{"date":375,"score":358,"percentile":376},"2026-01-14",0.96903,{"date":378,"score":358,"percentile":379},"2026-01-15",0.96904,{"date":381,"score":358,"percentile":382},"2026-01-16",0.96907,{"date":384,"score":358,"percentile":385},"2026-01-17",0.9691,{"date":387,"score":388,"percentile":389},"2026-01-18",0.86184,0.99377,{"date":391,"score":388,"percentile":392},"2026-01-19",0.99376,{"date":394,"score":395,"percentile":396},"2026-01-20",0.87426,0.99435,{"date":398,"score":395,"percentile":399},"2026-01-21",0.99434,{"date":401,"score":395,"percentile":399},"2026-01-22",{"date":403,"score":395,"percentile":404},"2026-01-23",0.99436,{"date":406,"score":395,"percentile":404},"2026-01-24",{"date":408,"score":395,"percentile":404},"2026-01-25",{"date":410,"score":395,"percentile":411},"2026-01-26",0.99437,{"date":413,"score":395,"percentile":414},"2026-01-27",0.99438,{"date":416,"score":395,"percentile":414},"2026-01-28",{"date":418,"score":395,"percentile":414},"2026-01-29",{"date":420,"score":395,"percentile":411},"2026-01-30",{"date":422,"score":395,"percentile":414},"2026-01-31",{"date":424,"score":425,"percentile":426},"2026-02-01",0.86438,0.99403,[428,436],{"source":77,"cvss_v2_0":429,"cvss_v3_0":9,"cvss_v3_1":434,"cvss_v4_0":9},{"baseScore":430,"baseSeverity":9,"vectorString":431,"impactScore":432,"exploitabilityScore":433},7.5,"AV:N/AC:L/Au:N/C:P/I:P/A:P",6.4,10,{"baseScore":75,"baseSeverity":435,"vectorString":78,"impactScore":75,"exploitabilityScore":433},"CRITICAL",{"source":89,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":437,"cvss_v4_0":438},{"baseScore":75,"baseSeverity":9,"vectorString":78,"impactScore":75,"exploitabilityScore":433},{"baseScore":439,"baseSeverity":9,"vectorString":440,"impactScore":9,"exploitabilityScore":9},9.3,"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",[442,460,467],{"ecosystem":9,"name":443,"vendor":444,"product":445,"cpe_part":446,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":447},"Django","djangoproject","django","a",[448,456],{"version":449,"is_range":450,"range_type":451,"version_start":452,"version_start_type":453,"version_end":454,"version_end_type":455,"fixed_in":9},"gte3.1_lt3.1.13",true,"cpe","3.1","including","3.1.13","excluding",{"version":457,"is_range":450,"range_type":451,"version_start":458,"version_start_type":453,"version_end":459,"version_end_type":455,"fixed_in":9},"gte3.2_lt3.2.5","3.2","3.2.5",{"ecosystem":9,"name":461,"vendor":462,"product":461,"cpe_part":463,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":464},"fedora","fedoraproject","o",[465],{"version":466,"is_range":72,"range_type":451,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"34",{"ecosystem":468,"name":445,"vendor":468,"product":445,"cpe_part":9,"purl_type":469,"purl_namespace":9,"purl_name":445,"source":9,"versions":470},"PyPI","pypi",[471,475,478],{"version":472,"is_range":450,"range_type":473,"version_start":474,"version_start_type":453,"version_end":459,"version_end_type":455,"fixed_in":9},"gte3_2a1_lt3_2_5","ecosystem","3.2a1",{"version":476,"is_range":450,"range_type":473,"version_start":477,"version_start_type":453,"version_end":454,"version_end_type":455,"fixed_in":9},"gte3_0a1_lt3_1_13","3.0a1",{"version":479,"is_range":450,"range_type":473,"version_start":458,"version_start_type":453,"version_end":459,"version_end_type":455,"fixed_in":9},"gte3_2_lt3_2_5"]