[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2021-44420":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":18,"aliases":19,"duplicate_of":9,"upstream":23,"downstream":24,"duplicates":43,"related":44,"reserved_at":9,"published_at":49,"modified_at":50,"state":51,"summary":52,"references_raw":61,"kevs":139,"epss":140,"epss_history":143,"metrics":412,"affected":427},"CVE-2021-44420","In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":9,"likelihood_of_exploit":9,"capec":17},"NVD-CWE-OTHER","Other","NVD uses this CWE ID when the weakness does not map to any existing CWE entry.","placeholder","NVD-Reserved",[],[],[20,21,22],"GHSA-v6rh-hp5x-86rv","BIT-django-2021-44420","PYSEC-2021-439",[],[25,27,29,31,33,35,37,39,41],{"_key":26},"UBUNTU-CVE-2021-44420",{"_key":28},"USN-5178-1",{"_key":30},"OPENSUSE-SU-2023:0005-1",{"_key":32},"OPENSUSE-SU-2024:11791-1",{"_key":34},"OPENSUSE-SU-2025:14702-1",{"_key":36},"RHSA-2023:0742",{"_key":38},"MGASA-2021-0552",{"_key":40},"DEBIAN-CVE-2021-44420",{"_key":42},"RHSA-2022:5498",[],[45,46,47,48],{"_key":30},{"_key":32},{"_key":34},{"_key":38},"2021-12-07T22:55:40.000Z","2024-08-04T04:17:25.193Z","Modified",{"cisa_kev":53,"cisa_ransomware":53,"cisa_vendor":9,"epss_severity":54,"epss_score":55,"severity":56,"severity_score":57,"severity_version":58,"severity_source":59,"severity_vector":60,"severity_status":51},false,"low",0.0012,"high",7.5,"v2.0","nvd","AV:N/AC:L/Au:N/C:P/I:P/A:P",[62,68,76,83,88,92,97,102,106,110,114,119,123,127,131,135],{"url":63,"sources":64,"tags":66},"https://groups.google.com/forum/#%21forum/django-announce",[65,59],"cve.org",[67],"X Refsource MISC",{"url":69,"sources":70,"tags":72},"https://docs.djangoproject.com/en/3.2/releases/security/",[65,59,71],"osv_pypi",[67,73,74,75],"Patch","Vendor Advisory","WEB",{"url":77,"sources":78,"tags":79},"https://www.openwall.com/lists/oss-security/2021/12/07/1",[65,59,71],[80,81,73,82,75],"X Refsource CONFIRM","Mailing List","Third Party Advisory",{"url":84,"sources":85,"tags":86},"https://www.djangoproject.com/weblog/2021/dec/07/security-releases/",[65,59,71],[80,73,74,87],"ARTICLE",{"url":89,"sources":90,"tags":91},"https://security.netapp.com/advisory/ntap-20211229-0006/",[65,59],[80,82],{"url":93,"sources":94,"tags":95},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV/",[65,59],[74,96],"X Refsource FEDORA",{"url":98,"sources":99,"tags":100},"https://nvd.nist.gov/vuln/detail/CVE-2021-44420",[71],[101],"Advisory",{"url":103,"sources":104,"tags":105},"https://github.com/django/django/commit/d4dcd5b9dd9e462fec8220e33e3e6c822b7e88a6",[71],[75],{"url":107,"sources":108,"tags":109},"https://docs.djangoproject.com/en/3.2/releases/security",[71],[75],{"url":111,"sources":112,"tags":113},"https://github.com/advisories/GHSA-v6rh-hp5x-86rv",[71],[101],{"url":115,"sources":116,"tags":117},"https://github.com/django/django",[71],[118],"PACKAGE",{"url":120,"sources":121,"tags":122},"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-439.yaml",[71],[75],{"url":124,"sources":125,"tags":126},"https://groups.google.com/forum/#!forum/django-announce",[71],[75],{"url":128,"sources":129,"tags":130},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV",[71],[75],{"url":132,"sources":133,"tags":134},"https://security.netapp.com/advisory/ntap-20211229-0006",[71],[75],{"url":136,"sources":137,"tags":138},"https://www.djangoproject.com/weblog/2021/dec/07/security-releases",[71],[75],[],{"date":141,"score":55,"percentile":142},"2026-06-04",0.30471,[144,148,151,154,157,160,163,166,169,173,176,179,181,184,187,191,194,197,200,203,206,209,213,216,219,222,225,228,231,234,237,240,243,245,248,251,254,257,260,263,266,269,272,275,278,281,284,287,290,293,296,298,301,303,307,310,313,316,319,322,325,328,331,334,337,340,343,346,348,351,354,357,359,362,365,368,370,372,375,378,381,385,388,391,394,397,400,403,406,409],{"date":145,"score":146,"percentile":147},"2025-11-04",0.00134,0.33838,{"date":149,"score":146,"percentile":150},"2025-11-05",0.33823,{"date":152,"score":146,"percentile":153},"2025-11-06",0.33825,{"date":155,"score":146,"percentile":156},"2025-11-07",0.33844,{"date":158,"score":146,"percentile":159},"2025-11-08",0.3384,{"date":161,"score":146,"percentile":162},"2025-11-09",0.33816,{"date":164,"score":146,"percentile":165},"2025-11-10",0.33763,{"date":167,"score":146,"percentile":168},"2025-11-11",0.33789,{"date":170,"score":171,"percentile":172},"2025-11-12",0.00146,0.35553,{"date":174,"score":171,"percentile":175},"2025-11-13",0.35567,{"date":177,"score":171,"percentile":178},"2025-11-14",0.35571,{"date":180,"score":171,"percentile":178},"2025-11-15",{"date":182,"score":171,"percentile":183},"2025-11-16",0.35551,{"date":185,"score":171,"percentile":186},"2025-11-17",0.35525,{"date":188,"score":189,"percentile":190},"2025-11-18",0.01606,0.80208,{"date":192,"score":189,"percentile":193},"2025-11-19",0.80212,{"date":195,"score":189,"percentile":196},"2025-11-20",0.80218,{"date":198,"score":171,"percentile":199},"2025-11-21",0.35543,{"date":201,"score":171,"percentile":202},"2025-11-22",0.35546,{"date":204,"score":171,"percentile":205},"2025-11-23",0.35514,{"date":207,"score":171,"percentile":208},"2025-11-24",0.35491,{"date":210,"score":211,"percentile":212},"2025-11-25",0.00137,0.34216,{"date":214,"score":211,"percentile":215},"2025-11-26",0.34215,{"date":217,"score":211,"percentile":218},"2025-11-27",0.34224,{"date":220,"score":211,"percentile":221},"2025-11-28",0.34205,{"date":223,"score":211,"percentile":224},"2025-11-29",0.34189,{"date":226,"score":211,"percentile":227},"2025-11-30",0.34169,{"date":229,"score":211,"percentile":230},"2025-12-01",0.3427,{"date":232,"score":211,"percentile":233},"2025-12-02",0.34284,{"date":235,"score":211,"percentile":236},"2025-12-03",0.34282,{"date":238,"score":211,"percentile":239},"2025-12-04",0.34175,{"date":241,"score":211,"percentile":242},"2025-12-05",0.34207,{"date":244,"score":211,"percentile":242},"2025-12-06",{"date":246,"score":211,"percentile":247},"2025-12-07",0.34183,{"date":249,"score":211,"percentile":250},"2025-12-08",0.34195,{"date":252,"score":211,"percentile":253},"2025-12-09",0.34236,{"date":255,"score":211,"percentile":256},"2025-12-10",0.34289,{"date":258,"score":211,"percentile":259},"2025-12-11",0.3431,{"date":261,"score":211,"percentile":262},"2025-12-12",0.34339,{"date":264,"score":211,"percentile":265},"2025-12-13",0.34321,{"date":267,"score":211,"percentile":268},"2025-12-14",0.34294,{"date":270,"score":211,"percentile":271},"2025-12-15",0.34253,{"date":273,"score":211,"percentile":274},"2025-12-16",0.3428,{"date":276,"score":211,"percentile":277},"2025-12-17",0.34331,{"date":279,"score":211,"percentile":280},"2025-12-18",0.34381,{"date":282,"score":211,"percentile":283},"2025-12-19",0.34404,{"date":285,"score":211,"percentile":286},"2025-12-20",0.34387,{"date":288,"score":211,"percentile":289},"2025-12-21",0.34332,{"date":291,"score":211,"percentile":292},"2025-12-22",0.34302,{"date":294,"score":211,"percentile":295},"2025-12-23",0.34296,{"date":297,"score":211,"percentile":256},"2025-12-24",{"date":299,"score":211,"percentile":300},"2025-12-25",0.34353,{"date":302,"score":211,"percentile":277},"2025-12-26",{"date":304,"score":305,"percentile":306},"2025-12-27",0.00141,0.34985,{"date":308,"score":211,"percentile":309},"2025-12-28",0.34243,{"date":311,"score":211,"percentile":312},"2025-12-29",0.3421,{"date":314,"score":211,"percentile":315},"2025-12-30",0.342,{"date":317,"score":211,"percentile":318},"2025-12-31",0.3425,{"date":320,"score":211,"percentile":321},"2026-01-01",0.34403,{"date":323,"score":211,"percentile":324},"2026-01-02",0.34396,{"date":326,"score":211,"percentile":327},"2026-01-03",0.34382,{"date":329,"score":211,"percentile":330},"2026-01-04",0.34235,{"date":332,"score":333,"percentile":292},"2026-01-05",0.00138,{"date":335,"score":333,"percentile":336},"2026-01-06",0.34313,{"date":338,"score":333,"percentile":339},"2026-01-07",0.34328,{"date":341,"score":333,"percentile":342},"2026-01-08",0.34355,{"date":344,"score":333,"percentile":345},"2026-01-09",0.34352,{"date":347,"score":333,"percentile":342},"2026-01-10",{"date":349,"score":333,"percentile":350},"2026-01-11",0.34334,{"date":352,"score":333,"percentile":353},"2026-01-12",0.34268,{"date":355,"score":333,"percentile":356},"2026-01-13",0.34256,{"date":358,"score":333,"percentile":268},"2026-01-14",{"date":360,"score":333,"percentile":361},"2026-01-15",0.34285,{"date":363,"score":333,"percentile":364},"2026-01-16",0.34307,{"date":366,"score":333,"percentile":367},"2026-01-17",0.34292,{"date":369,"score":333,"percentile":330},"2026-01-18",{"date":371,"score":333,"percentile":315},"2026-01-19",{"date":373,"score":333,"percentile":374},"2026-01-20",0.34182,{"date":376,"score":333,"percentile":377},"2026-01-21",0.34149,{"date":379,"score":333,"percentile":380},"2026-01-22",0.34125,{"date":382,"score":383,"percentile":384},"2026-01-23",0.0013,0.33117,{"date":386,"score":383,"percentile":387},"2026-01-24",0.33125,{"date":389,"score":383,"percentile":390},"2026-01-25",0.33051,{"date":392,"score":383,"percentile":393},"2026-01-26",0.32977,{"date":395,"score":383,"percentile":396},"2026-01-27",0.32966,{"date":398,"score":383,"percentile":399},"2026-01-28",0.3294,{"date":401,"score":383,"percentile":402},"2026-01-29",0.329,{"date":404,"score":383,"percentile":405},"2026-01-30",0.32887,{"date":407,"score":383,"percentile":408},"2026-01-31",0.32897,{"date":410,"score":383,"percentile":411},"2026-02-01",0.32986,[413,422],{"source":59,"cvss_v2_0":414,"cvss_v3_0":9,"cvss_v3_1":417,"cvss_v4_0":9},{"baseScore":57,"baseSeverity":9,"vectorString":60,"impactScore":415,"exploitabilityScore":416},6.4,10,{"baseScore":418,"baseSeverity":419,"vectorString":420,"impactScore":421,"exploitabilityScore":416},7.3,"HIGH","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",5.7,{"source":71,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":423,"cvss_v4_0":424},{"baseScore":418,"baseSeverity":9,"vectorString":420,"impactScore":421,"exploitabilityScore":416},{"baseScore":425,"baseSeverity":9,"vectorString":426,"impactScore":9,"exploitabilityScore":9},6.9,"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",[428,441,450,471,477,493],{"ecosystem":9,"name":429,"vendor":430,"product":431,"cpe_part":432,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":433},"ubuntu linux","canonical","ubuntu_linux","o",[434,437,439],{"version":435,"is_range":53,"range_type":436,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"20.04","cpe",{"version":438,"is_range":53,"range_type":436,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"21.04",{"version":440,"is_range":53,"range_type":436,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"21.10",{"ecosystem":9,"name":442,"vendor":443,"product":444,"cpe_part":432,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":445},"debian linux","debian","debian_linux",[446,448],{"version":447,"is_range":53,"range_type":436,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.0",{"version":449,"is_range":53,"range_type":436,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.0",{"ecosystem":9,"name":451,"vendor":452,"product":453,"cpe_part":454,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":455},"Django","djangoproject","django","a",[456,463,467],{"version":457,"is_range":458,"range_type":436,"version_start":459,"version_start_type":460,"version_end":461,"version_end_type":462,"fixed_in":9},"gte2.2_lt2.2.25",true,"2.2","including","2.2.25","excluding",{"version":464,"is_range":458,"range_type":436,"version_start":465,"version_start_type":460,"version_end":466,"version_end_type":462,"fixed_in":9},"gte3.1_lt3.1.14","3.1","3.1.14",{"version":468,"is_range":458,"range_type":436,"version_start":469,"version_start_type":460,"version_end":470,"version_end_type":462,"fixed_in":9},"gte3.2_lt3.2.10","3.2","3.2.10",{"ecosystem":9,"name":472,"vendor":473,"product":472,"cpe_part":432,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":474},"fedora","fedoraproject",[475],{"version":476,"is_range":53,"range_type":436,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"35",{"ecosystem":478,"name":453,"vendor":478,"product":453,"cpe_part":9,"purl_type":479,"purl_namespace":9,"purl_name":453,"source":9,"versions":480},"PyPI","pypi",[481,485,488,491],{"version":482,"is_range":458,"range_type":483,"version_start":484,"version_start_type":460,"version_end":461,"version_end_type":462,"fixed_in":9},"gte2_2a1_lt2_2_25","ecosystem","2.2a1",{"version":486,"is_range":458,"range_type":483,"version_start":487,"version_start_type":460,"version_end":466,"version_end_type":462,"fixed_in":9},"gte3_0a1_lt3_1_14","3.0a1",{"version":489,"is_range":458,"range_type":483,"version_start":490,"version_start_type":460,"version_end":470,"version_end_type":462,"fixed_in":9},"gte3_2a1_lt3_2_10","3.2a1",{"version":492,"is_range":458,"range_type":483,"version_start":469,"version_start_type":460,"version_end":470,"version_end_type":462,"fixed_in":9},"gte3_2_lt3_2_10",{"ecosystem":9,"name":494,"vendor":495,"product":494,"cpe_part":454,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":496},"satellite","redhat",[497],{"version":498,"is_range":53,"range_type":436,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0"]